Effective Date: June 2019
We developed a suite of Apps to measure brain health and to provide access to healthcare services. Our Health App and Care App allow individuals to obtain care in a convenient location from providers who may be remote, and likewise enable providers to provide care to individuals who may be at a remote location, using these measurements of brain health.
Please see the following App-Specific Terms for more information on each of our Apps:
- The Health app will collect information about the way you interact with the touch screen on your mobile device, such as the patterns of your keystrokes, taps and scrolls.
- Except for your response to questions and messages that you receive in the Health App, the Health App does not capture any other content from the use of your phone. It does not collect letters, numbers, words, or phrases that you type when using your phone. The Health App does not capture any information about your location, contacts, messages, voice, or calls.
- On iOS devices, the Health App requires the installation of the included Mindstrong Keyboard (the “Mindstrong Keyboard”). On Android devices, the Health app requires the activation of the Mindstrong Service (the “Mindstrong Service”). Please note that not providing consent to download the Mindstrong Keyboard or activate the Mindstrong Service, or subsequently disabling the Mindstrong Keyboard or Mindstrong Service, will affect certain features of the Health App
- The Health App provides patients and members of Organizations with functionality to communicate with their healthcare providers remotely.
- As described in the section titled, “How We Share Your Information”, we share information collected on the Health App with Organizations of which you are a patient or member. For example, if you use the Health App to communicate with your healthcare provider that is an Organization, we will share your information with such Organization.
- The Discovery App supports academic medical centers and other Organizations in conducting clinical research studies to gather measurements about brain health or other information needed for their clinical research studies. The Discovery App is only used for participants of research studies, and only once the study participants have provided their in-person and written informed consent.
- The Discovery App will collect information about the way you interact with the touch screen on your mobile device, such as the patterns of your keystrokes, taps and scrolls. Except for your response to questions and messages that you receive in the Discovery App, the Discovery App does not capture any other content from the use of your phone. It does not collect letters, numbers, words, or phrases that you type when using your phone. However, if you participate in an applicable study and have provided informed consent for the collection of these additional data, the Discovery App may collect the following additional data:
- Data relating to the frequency in which you type certain words using the Mindstrong Keyboard (“Histogram Data”);
- Location Information; and
- particular commands that you speak into your device (“Voice Data”) if prompted by the Discovery App in studies that require Voice Data.
If a research study does not require Histogram Data, Location Information or Voice Data we do not collect it.
- On iOS devices, the Discovery App requires the installation of the included Mindstrong Keyboard. On Android devices, the Discovery app requires the activation of the Mindstrong Service. Please note that not providing consent to download the Mindstrong Keyboard or activate the Mindstrong Service, or subsequently disabling the Mindstrong Keyboard or Mindstrong Service, will affect certain features of the Discovery App.
- As described in the section titled, “How We Share Your Information”, if you participate in a clinical research study, we share information collected during your use of the Discovery App with the Organization is conducting or sponsoring the research study.
- The Care App is intended for use by Organizations, particularly healthcare professionals who will use the Care App to communicate with their patients.
- If you are an employee, agent or contractor of an Organization and access or use the Care App on behalf of an Organization, we may ask you to provide information regarding your professional licensure or other qualifications.
When you access or use our Services, we collect the information you provide to us when you, for example:
- Register with our Services
- Contact us with inquiries and comments
- Complete and submit forms offered on the Services
- Apply for employment
- Register for webinars or events
- Use the interactive features of our Services
- Enable the location services on your device
We may also obtain information about you from other sources and combine that information with information we collect from you directly. For example, if you are a health plan member or patient of an Organization, we receive Personal Information about you from your Organization so that we can provide Services to you. In addition, we may collect information about you when you post content to our pages and/or feeds on third party social media platforms.
You can set your Internet browser settings to stop accepting new cookies, to receive notice when you receive a new cookie, to disable existing cookies, and to omit images (which will disable pixel tags). Note that the opt-out will apply only to the browser that you are using when you elect to opt out of advertising cookies. Please note, without cookies or pixel tags, you may not be able to take full advantage of all features of our Services.
Some web browsers incorporate a “Do Not Track” feature (“DNT”) that signals to the websites that you visit that you do not want to have your online activity tracked. Many websites and applications, including our Services, do not currently respond to web browser DNT signals because such signals are not yet uniform. For more information about DNT signals, please visit http://allaboutdnt.com.
We may use your information in the following ways:
- Provide you the Services and fulfill your requests: We may use your information to register you, administer your account, and provide you the information, products and services that you request. For example, we respond to your questions when you contact us, assist with any problems you report about our Services.
- Communicate with you: We may contact you to share information and materials that we think might be of interest to you, including information about products and services that promote health and wellness. You may unsubscribe from receiving emails about these products and services by using the unsubscribe link included in an email.
- Enhance your experience: We use your information to personalize and enhance your experience when you use the Services, such as tailoring and remembering your preferences.
- Improve our Services: Your information helps us improve the content and functionality of our Services. For example, we may conduct measurement activities and analyze trends, usage and activities in connection with the Services to create new features and content.
- Protect Mindstrong and our Users: We may use information about you to detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of Mindstrong and others.
- Creation of De-Identified Information: We may use your Personal Information to create data that is de-identified in accordance with HIPAA, other applicable laws and our Organization Agreements with applicable Organizations. This de-identified information is not Personal Information, because it cannot be used to identify you, and may be used by us for any lawful purpose.
In addition to those purposes listed above, we may use your information for any other purpose disclosed to you at the time of collection.
- With Organizations: If you are a health plan member or patient of an Organization, then we will share your information with the Organization in accordance with the Organization Agreement and applicable law. You should review the Notice of Privacy Practices and/or other privacy policies of the Organization to understand how the Organization uses your information.
- Clinical Service Providers. We may share your information with Mindstrong Clinical Services, PC, or any other medical groups or healthcare professionals who provide physician or other clinical services to you through our Services.
- Other Service Providers: We may share your information, in an encrypted format, with third-party hosting and information security providers that provide computer, storage and information security resources to Mindstrong.
- In the Event of a Corporate Transaction: In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or sale of all or a portion of our assets, we may disclose your information to the party or parties to such transaction.
- For Legal Purposes: We will disclose your information when we think it is necessary to investigate or prevent actual or expected fraud, information security breaches, criminal activity, injury or damage to us or others or when otherwise required by law, regulation, subpoena, or court order, or if necessary to protect our rights.
- At Your Direction: We will share your information with third parties if and when you direct us to.
We may share de-identified information and other De-identified Non-Personal Information in all legally permissible ways.
The security of your Personal Information is important to us. We have implemented and maintain reasonable technical, physical and administrative security measures intended to protect against unauthorized use, disclosure, alteration or destruction of the Personal Information we collect and maintain. You should keep in mind, however, that no data transmitted over the Internet is 100% secure and any information disclosed online can potentially be collected and used by persons other than the intended recipient. As a result, while we strive to protect your Personal Information, we cannot guarantee or warrant the security of any information you transmit to or from our Services.
In compliance with the Privacy Shield Principles, Mindstrong, Inc. commits to resolve complaints about our collection or use of your personal information. European Union and/or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Mindstrong, Inc.’s Privacy Office at firstname.lastname@example.org, or by courier to:
Attn: Privacy Office
303 Bryant Street Mountain View, CA 94041
Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through Mindstrong Inc.’s internal process, Mindstrong, Inc. has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure.. Subject to the terms of the VeraSafe Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/.
In addition, under certain conditions, you could be entitled to invoke binding arbitration to resolve a complaint or dispute arising under the Privacy Shield.
Mindstrong, Inc. is responsible for the processing of Personal Information it receives, under the Privacy Shield Frameworks, or subsequently transfers to a third party acting as an agent on its behalf. Mindstrong, Inc. complies with the Privacy Shield Principles for all onward transfers of Personal Information from the EU, EEA and Switzerland, including the onward transfer liability provisions.
With respect to Personal Information received or transferred pursuant to the Privacy Shield Frameworks, Mindstrong, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Mindstrong, Inc. may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Subject to any restrictions in our Organization Agreements, you may update, correct or otherwise modify information that we maintain about you at any time by logging into your online account or by emailing us at email@example.com If there are restrictions in an applicable Organization Agreement, we will provide contact information for the Organization so that you can ask the Organization to modify your information. If you wish to deactivate your account, please email us at firstname.lastname@example.org but note we may continue to store information about you as required by law or for our legitimate healthcare business purposes.
If personal data covered by this Privacy Shield Policy is to be used for a new purpose that is materially different from that for which the personal data was originally collected or subsequently authorized or is to be disclosed to a third-party, we will provide individuals with an opportunity to choose whether to have their personal data so used or disclosed. Requests to opt out of such uses or disclosures of personal data should be sent to email@example.com.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of the Services.
If you do not want us to collect Location Information from your device, please disable the location setting(s) on your device or delete the Apps. Please note that disabling the location setting may affect certain features of the Apps.
With your consent, we may send push notifications or alerts to your mobile device. You can deactivate these notifications at any time by changing the notification settings on your mobile device or within our Apps.
If we make material changes that would impact your use of the Services, we will endeavor to notify you of the changes, such as by posting a notice directly on the Services, by sending an email notification (if you have provided your email address to us), or by any other reasonable method.
303 Bryant Street
Mountain View, CA 94041
- “HIPAA” is the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations.
- “Personal Information” is information that can be used to identify, contact or locate you. Examples of Personal Information such as your name, address, email address, telephone number, unique device identifier of the device you use to access the Services and other information you choose to provide as well as Protected Health Information under HIPAA.
- “Protected Health Information” is a subset of Personal Information that is protected by HIPAA. Your Personal Information is generally Protected Health Information if you are a health plan member or a patient of an Organization that is a “covered entity” under HIPAA and we are a “business associate” of the Organization under the Organization Agreement.
- “Location Information” is information that can be used to locate the device you use to access the Services. Location Information may include: (i) with your consent, the location of the device derived from GPS or WiFi use; (ii) the IP address of the device or internet service used to access the Services, and (iii) other information made available by a user or others that indicates the current or prior location of the user. Generally, we consider Location Information to be Personal Information unless the information is not Personal Information under applicable law. For more information about how you can control the collection of Location Information, please see “Your Choices” above.
- “Activity Data” is information that we collect about how you use the Services, including the following:
- Communications: We collect information about how you communicate with your health care provider on the Services.
- Other Functionality: We collect information associated with the performance exercises you take on the Services, the events and notes that you track on the Services, such as your medications and sleep habits, and other functionality that we may offer from time to time.
- “Log Data” is information that we automatically collect about your use of the Services and your mobile device. This type of information does not usually, by itself, uniquely identify an individual. It may include your IP address, web browser and operating system, device model and manufacturer, hardware or other device model number, mobile network information and time spent connected via an App or viewing a webpage. Generally, we do not consider Log Data to be Personal Information unless the Log Data is Personal Information under applicable law or linked to Personal Information for so long as it is linked.