MHMD Act Consumer Health Privacy
Effective as of January 3, 2025
This Consumer Health Data Privacy Policy (“Consumer Health Data Privacy Policy“) describes how ClosedLoop.ai, Inc. (“ClosedLoop,” “we,” or “us“) processes personal information that we collect through our digital or online properties or services that link to this Consumer Health Data Privacy Policy in the context of providing our Personal Health Ai solution (including as applicable, our website, mobile application, and social media pages) as well as our marketing activities, and other activities described in this Consumer Health Data Privacy Policy (collectively, the “Service”).
This Consumer Health Data Privacy Policy applies to the extent required by applicable state laws with respect to consumer health data (“Consumer Health Data”) as defined by applicable law. This Consumer Health Data Privacy Policy supplements our general Privacy Policy. In the event of a conflict between our Privacy Policy and the Consumer Health Data Privacy Policy, the Consumer Health Data Privacy Policy applies to the extent that it is consistent with applicable state law.
This Consumer Health Data Privacy Policy does not apply to the personal information collected and processed via our informational website, https://gethealthy.com or in the context of our processing personal information on behalf of our enterprise customers. Our privacy practices and how we handle personal information that we collect through our informational website can be found here. In the context of processing personal information on behalf of enterprise customers, the relevant enterprise customer agreement governs how we process such personal information.
Collection of Consumer Health Data
The Consumer Health Data we collect depends on how you interact with us, the services you use, and the choices you make. We collect Consumer Health Data about you from different sources and in various ways when you use our Services, including Consumer Health Data you provide directly, Consumer Health Data collected automatically, Consumer Health Data we obtain from third-party data sources, and Consumer Health Data we infer or generate from other data.
Consumer Health Data you provide. We collect Consumer Health Data you may provide to us. For example:
- contact data, such as your name, email address, phone number, and billing and physical addresses.
- demographic data, such as your gender, date of birth, and zip code.
- payment data, such as your credit card number, financial account information, and other payment details.
- profile data, such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account; a redemption code; biographical details; links to your profiles on social networks; information about your interests and preferences; and any other information that you add to your account profile.
- communications data based on our exchanges with you, including when you contact us through the Service (including, provide feedback or request support), communicate with us via social media, or otherwise.
- government-issued identification number data, such as national identification number (e.g., Social Security Number, tax identification number, passport number), state or local identification number (e.g., driver’s license or state ID number), and an image of the relevant identification card.
- biometric data, such as fingerprints, irises, and facial images.
- health insurance data, such as health insurance carrier, policy number and policy details.
- marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
- user-generated content data, such as photographs, videos, documents, and other information (including diagnostic testing results and supporting documentation) that you upload to our Service or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
- health and wellness-related data, such as information concerning your past, present and future physical and/or mental health status and goals, medical conditions, symptoms, medications, diagnoses, treatment data, claims data, and any other information that you voluntarily provide via the Services including in response to prompts and other questions through the Services.
- relationship data, such as familial or other relationships to third parties whose personal information you may provide to us.
- sensory data, such as audio or similar information.
- activity related or linked third-party data, such as any information that you provide when you choose to share or link activity data from your device (for example, your phone’s accelerometer) or link other third-party platforms (such as Apple HealthKit or Google Health Connect), activity trackers, or health-related information repositories to the Service.
- characteristics of protected classifications, such as if you choose to provide in your user-generated content data related to, for example, your age, race or ethnic origin, health, sexual orientation or other information.
Consumer Health Data we collect automatically. When you use our Services, we collect some information through certain technical tracking technologies that may be considered Consumer Health Data. For example:
- device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area. This also includes data that we collect through digital trackers (such as, smart scale, glucose devices and activity trackers) that you link to the Service.
- online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
- precise geolocation data such as when you authorize the Service to access your device’s location.
- communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.
- usage data, such as your interaction (for example, time, frequency and duration of your activities) with the Service.
Consumer Health Data we create, infer, or generate. We may create, infer, or generate Consumer Health Data from other data we collect, including using automated means to generate information about your likely preferences or other characteristics.
Consumer Health Data we obtain from third party sources. We also obtain the types of Consumer Health Data described above from third parties. These third-party sources may include, for example:
- third-party partners. We may receive your Consumer Health Data from partnership payers and insurers. We may also receive your Consumer Health Data from social media or authentication services, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.
- co-branding/marketing partners. Partners with which we offer co-branded services or engage in joint marketing activities.
- service providers. Third parties that collect or provide data in connection with work they do on our behalf.
- publicly available sources. Public sources of Consumer Health Data such as open government databases.
- private sources, such as medical providers, data providers and social media platforms.
- activity trackers. To the extent you link a device to the Service, we may also receive data from such device such as your device’s health app (like Apple HealthKit or Google Health Connect).
- electronic medical records. We may obtain medical records (including lab results and images) from the relevant electronic medical record database(s) (including providers) that you choose to connect to the Services or with whom we may have an enterprise business relationship.
Use of Consumer Health Data
We use Consumer Health Data for purposes described in this Consumer Health Data Privacy Policy or as otherwise disclosed to you. For example, we use Consumer Health Data for the following purposes:
Purpose of Use | Categories of Consumer Health Data |
---|---|
Service delivery and operations: providing the Service, establishing and maintaining your user profile on the Service, enabling security features of the Service, communicating with you about the Service, providing support for the Service and responding to your requests/questions/feedback. | Contact data, demographic data, payment data, profile data, communications data, marketing data, user-generated content data, health and wellness-related data, relationship data, sensory data, derived data, activity related or linked third-party data, characteristics of protected classifications, device data, online activity data, communications interaction data. |
Service personalization: understanding your needs and interests, personalizing your experience with the Service and our Service-related communications, remembering your selections and preferences as you navigate webpages. | Contact data, demographic data, payment data, profile data, communications data, marketing data, user-generated content data, health and wellness-related data, relationship data, sensory data, derived data, activity related or linked third-party data, characteristics of protected classifications, device data, online activity data, communications interaction data. |
Research and development: for research and development purposes, including to analyze and improve the Service and our business and to develop new products and services | Contact data, demographic data, payment data, profile data, communications data, marketing data, user-generated content data, health and wellness-related data, relationship data, sensory data, derived data, activity related or linked third-party data, characteristics of protected classifications, device data, online activity data, communications interaction data. |
Direct marketing: communicating with you about new services, upcoming events, and other information | Contact data, demographic data, profile data, communications data, marketing data, device data, online activity data, communications interaction data. |
Service improvement and analytics: analyzing your usage of the Service, improving the Service, improving the rest of our business, helping us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails, and developing new products and services. | Contact data, demographic data, payment data, profile data, communications data, marketing data, user-generated content data, health and wellness-related data, relationship data, sensory data, derived data, activity related or linked third-party data, characteristics of protected classifications, device data, online activity data, communications interaction data. |
Compliance and protection: complying with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities; protecting our, your or others’ rights, privacy, safety or property; auditing our internal processes for compliance with legal and contractual requirements or our internal policies; enforcing the terms and conditions that govern the Service; preventing, identifying, investigating and deterring fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft | Contact data, demographic data, payment data, profile data, communications data, marketing data, user-generated content data, health and wellness-related data, relationship data, sensory data, derived data, activity related or linked third-party data, characteristics of protected classifications, device data, online activity data, communications interaction data. |
To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business. | Contact data, demographic data, payment data, profile data, communications data, marketing data, user-generated content data, health and wellness-related data, relationship data, sensory data, derived data, activity related or linked third-party data, characteristics of protected classifications, device data, online activity data, communications interaction data. |
Sharing Consumer Health Data
We may “share” (as applicable state law defines that term) Consumer Health Data with your consent or as we determine necessary to complete your transactions, provide the services you have requested or authorized, or as otherwise permitted or required by law. For example, we may share your Consumer Health Data to:
- Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so. For example, we may share your personal information with your healthcare providers, healthcare administrators, healthcare payors or others where you have directed us to do so.
- Legal and law enforcement.We will access, share, and preserve Consumer Health Data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies. We will also share Consumer Health Data if we believe it is necessary to protect our customers and/or the rights or property of ourselves or others.
Your Consumer Health Data Rights
You may have certain rights to your Consumer Health Data under applicable state law. These rights may vary depending on your state of residence. Any of the rights discussed below may be subject to certain limitations (for example, a monetary charge). If you wish to exercise these rights, please contact us by email at help@gethealthy.com.
- withdraw consent. To the extent we rely upon your consent for either our collection or sharing of your Consumer Health Data, you have the right to withdraw such consent from any future collection or sharing.
- access and confirm. You have the right to ask us to confirm whether we have collected, shared or sold your Consumer Health Data. Further, you have the right to access (in other words, request a copy of) the Consumer Health Data that we have collected, shared or sold. You also have a right to access a list of all “third parties” (as applicable state law defines that term) and affiliates with whom we have shared or sold your Consumer Health Data and receive certain corresponding information.
- correction. You have the right to ask us to correct inaccuracies in your Consumer Health Data.
- deletion. You have the right to ask us to delete your Consumer Health Data.
- appeal. You have the right to appeal our denying a right you have attempted to exercise. We will provide details on how to appeal our denial in connection with such action.
To exercise your rights above and make a Consumer Health Data rights request, please contact us by email at help@gethealthy.com. We may need to verify your identity in order to process your request. To confirm your identity, we may ask you to verify personal information we already have on file for you. If we cannot verify your identity based on the information we have on file, we may request additional information from you (such as government identification), which we will only use to verify your identity, and for security or fraud-prevention purposes.
We need to collect certain Consumer Health Data in order to provide the Service to you. If you request that any required Consumer Health Data be deleted or withdraw your consent for future collection or sharing of any required Consumer Health Data, we may not be able to provide the Service or certain features of the Service to you.
Changes to this Consumer Health Data Privacy Policy
We reserve the right to modify this Consumer Health Data Privacy Policy at any time. If we make material changes to this Consumer Health Data Privacy Policy, we will notify you by updating the date of this Consumer Health Data Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Consumer Health Data Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Consumer Health Data Privacy indicates your acknowledging that the modified Consumer Health Data Privacy Policy applies to your interactions with the Service.
Contacting Us
If you have any questions about this Privacy Policy, please contact us by email at help@gethealthy.com.