How We protect
StrongPath Inc, a Colorado corporation (“StrongPath Inc,” “we,” “our,” or “us”) provides services that translate a consumer’s (“End User”) lifestyle health data from multiple sources, such as wearables, health and medical devices, and questionnaires, into a normalized format so that End Users can sync and track their lifestyle health data and we can share it with their healthcare provider (“Provider”) or multiple Providers (a “Care Team”) who are able to easily and quickly make better and more informed, data-driven decisions about their patients’ health; services that allow a Provider or Care Team to remotely monitor specially selected health metrics of their patients as part of medically necessary treatment.
INFORMATION WE COLLECT
Technical Information. When you use the Services, we may track or collect information unique to you or the device(s) you use to access the Services (“Technical Information”). We may do this directly or through third party tools, services, stores, accounts or hosting platforms involved with or connected to the Services (including without limitation, anonymous usage statistics, by using cookies, server logs, analytics tools and ad serving technologies). This information may be used to improve the quality of our services, to administer the site and analyze its usage, to allow users to set up a user account and profile, to contact users and to fulfill your requests for certain products and services. Whenever you interact with the Services, we may automatically receive and record information on our server logs from your browser including your IP address, “cookie” information, and the page you requested. This information is not deemed by StrongPath Inc. to constitute Personal Information and while we will not use it in a way that associates such information with you, such information may be aggregated and used. StrongPath Inc. owns this information and may use it in any manner it deems appropriate.
Protected Health Information. By using the Services, we provide you the ability to store, upload information from third party tracking health devices and or platforms (such as heart rate monitors, blood pressure devices), and track protected health information (“PHI”) and allow you to connect with a Provider or “Care Team” (comprised of health and wellness Providers with whom there is a relationship for the provision of healthcare products and services). PHI is any information about your health status, provision of health care, or payment for health care that is created or collected by Providers or us and can be linked back to you. Some examples of PHI used by the Services are your medical history, health background and current health status information, age information, demographic information and information related to the diagnosis and treatment of health conditions, over-the-counter and prescription medications, laboratory test results, fitness status, nutritional and behavior information.
HOW WE USE AND DISCLOSE THE INFORMATION
Except as described below, we will never rent or sell your information in a personally identifiable form to anyone:
Vendors, Agents, Contractors. Agents, technology vendors and/or contractors of StrongPath Inc. may have access to your information on a need-to-know basis for the purpose of performing services on behalf of StrongPath Inc. or providing or enabling elements of the Services. All such agents or contractors who have access to such information are contractually bound to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for StrongPath Inc. or as otherwise required by law.
Your Provider Invitees and Providers. If you have a provider that you want to share your wellness journey with on the Services and said provider has not already invited you to use the Services, you may be able to send an invitation to the provider to connect with you. In order to send an invitation to the Provider Invitee, we may ask you for information such as their name, their email address, and their relationship to you.
When you share the email address of a Provider Invitee, you are doing so under the full knowledge that if accepted, the Provider Invitee becomes a connected Provider for you and as such, will receive the Personal Information you have provided. The Provider will be provided reporting on all activity including viewing all your historical personal health information that is already in your account, adding personal health information for you, viewing and adding content including notes, images, etc., viewing and adding comments, making recommendations, etc.
If, and only if, you connect with a Provider (either by inviting and the Provider accepting or by you accepting a Provider’s invitation to connect), you acknowledge that your Personal Health Information will be disclosed without your written authorization to that Provider which has a legal commitment to maintaining the privacy and security of your Personal Health Information – and as otherwise permitted or required by law to any of the aforementioned parties. Again, we will never share your Personal Health Information with any Provider unless you are connected.
Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, business collaboration or partnership or transition of service to another provider, your information may be sold or transferred as part of such a transaction as permitted by law and/or contract.
As Required By Law and Similar Disclosures. We may disclose Personal Information and any other information to comply with the law, judicial proceeding, court order, subpoena or other legal process; to detect, prevent, or otherwise address fraud, security, emergency situations or technical issues; to enforce or apply our Terms of Service and other agreements, rights and remedies; or to protect the rights, property, or safety of us, our employees and contractors, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction purposes.
Customer support and troubleshooting. If you contact us with a question, our support team may view your data if doing so is necessary to solve your problem. We may also ask you follow-up questions requiring additional information. Access to your data is limited to the information reasonably necessary for the employee to perform the function needed to resolve the issue or to improve the service.
CONFIDENTIALITY AND SECURITY OF INFORMATION
If you use our Services, your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing platforms.
By using the Services or any StrongPath Inc. service you agree that we may communicate with you electronically regarding security, privacy and administrative issues relating to your use. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice in the Services, on our website or by sending an email to you. You may have a legal right to receive this notice in writing. To receive written notice of a security breach (or to withdraw your consent from receiving electronic notices), please notify us at firstname.lastname@example.org.
We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to register for the Services. If you are under 18, please do not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. If we learn that we have collected personal information from a child under age 18, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us.
CALIFORNIA PRIVACY RIGHTS
To the extent that StrongPath Inc. may be subject to the California Consumer Privacy Act of 2018, as amended, and implementing regulations (“CCPA”), this section provides additional details about the personal information we collect about California consumers and the rights afforded to them under CCPA.
For more details about the personal information we have collected over the last 12 months, including the categories of sources, please see the “INFORMATION WE COLLECT” section above. We collect this information for the business and commercial purposes described in the “HOW WE USE AND DISCLOSE THE INFORMATION” section above. We share this information with the categories of third parties described in the “HOW WE USE AND DISCLOSE THE INFORMATION” section above. StrongPath Inc. does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out).
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at email@example.com. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.
UPDATING YOUR INFORMATION; REPORTING A SECURITY INCIDENT; QUESTIONS
You may request access to, correction of, or deletion of your Personal Information. For instructions on accessing your information, updating your information or for any privacy or data-protection-related question, please write to firstname.lastname@example.org.
If at any point you do not want your aggregated data used for research purposes, you must submit a written letter to StrongPath Inc’s main office located at the address set forth below with this request. StrongPath Inc. will have 60 days to respond to the request. Upon receiving your request, we will delete your Personal Information from our active databases to the fullest extent possible keeping in mind that it is technologically impossible to remove each and every record of the information you have provided to StrongPath Inc. or records saved by former and current Providers.
StrongPath Inc. takes security of data very seriously and works hard to protect the information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology. If you would like to report a security event or incident, please contact email@example.com.