Sharecare Privacy Policy
Sharecare values your trust and protecting your information is our highest priority. Sharecare is committed to your privacy. This Privacy Policy explains what information we collect, how information is collected, how we use that information, what information is shared with whom, and how Sharecare protects your information when you use our products and services (“Services”). Please visit our Terms page for additional terms and conditions applicable to the Services.
Information we collect
Sharecare collects the following information about you:
Personal Information.This is information that directly or indirectly identifies you, such as your name, email address, or other identifying information about you.
Protected Health Information (“PHI”). PHI is your Personal Information that is protected under the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).HIPAA and other laws closely regulate how Sharecare may handle, protect, and share your PHI. Sharecare may offer certain Services to you based on your relationship with employers, health care providers, insurance companies, or other entities (each an "Enterprise Organization") with an interest in your health ("Enterprise Programs"). Sharecare must comply with HIPAA when you receive Services from Sharecare as part of an Enterprise Program.
Other Information. Other Information is information that, by itself does not individually identify you, such as browser type, operating system, technical data, and usage. We may link together different types of Other Information or link Other Information to Personal Data.
How We Collect Information
We collect information in the following ways:
- Information you give us. For example, many of our Services require you to sign up for a Sharecare Account. When you do, we’ll ask for personal information, like your name, email address, telephone number or credit card. If you want to take full advantage of the sharing features we offer, we might also ask you to create a publicly visible Sharecare Profile, which may include your name and photo.
- Information from your employer or health plan. When you are eligible to participate in an Enterprise Program, an Enterprise Organization may provide us with PHI such as your name, date of birth, gender, mailing address, health coverage details, and health plan identification number, among other things. We use this information to provide services to you on behalf of your health plan or employer.
- Information Provided to Us by Your Healthcare Provider or Third Party Lab. When you participate in an Enterprise Program and are asked to obtain your health screening, we may receive information such as your biometric data and blood test data and results.
- Information from Other Sources. We may obtain information about you from affiliates, partners, and other third parties. This information may be used to provide services to you and to provide analysis about you in comparison to people who are demographically similar to you. We may combine the information we obtain from third parties with information that we have collected about you.
- Information We Get from Your Use of Services. We may collect information about the Services that you use and how you use them. This information includes:
- Computer, Tablet, or Mobile Telephone information. We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, device sensors and mobile network information including phone number) and device sensors and related device hardware .Sharecare may associate your device identifiers or phone number with your Sharecare Account. We will comply with the usage/license restrictions and requirements applicable to the device from which the information comes.
- Information From Wearables: When you connect your wearable fitness tracker, heart rate monitor, pedometer or other wearable technology (“Wearable”) with the Services, we collect information about your steps, fitness activities, exercise frequency, sleep, and information about nutrition, such as calorie intake, nutritional statistics, blood pressure, and other biometric data.
- Log information. When you use our Services or view content provided by Sharecare, we may automatically collect and store certain information in server logs. This may include:
- details of how you used our service.
- Internet protocol address.
- device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- cookies that may uniquely identify your browser or your Sharecare Account.
- Location information. When you use a location-enabled Sharecare service, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.
- Unique application numbers. Certain Services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Sharecare when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
- Local storage. We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
- Cookies and anonymous identifiers. We use various technologies to collect and store information when you visit a Sharecare service, and this may include sending one or more cookies or anonymous identifiers to your device. We also use cookies and anonymous identifiers when you interact with Services we offer to our partners, such as Sharecare features that may appear on other sites.
How We Use Information We Collect
To Provide Services To You.We use the information that we collect about you to provide, maintain, protect and improve the Services that Sharecare provides to you.
To Provide Enterprise Programs To You.We use the information that we collect about you to provide Services on behalf of an Enterprise Organization to you.
What Information We Share
We take your privacy seriously. We do not sell your information to any third parties and all information disclosed is the minimum amount necessary to fulfill the legitimate business purpose. We do not share personal information with companies, organizations and individuals outside of Sharecare except in the following circumstances:
- With your consent.We may share your Personal Information with companies, organizations or individuals outside of Sharecare when we have your consent to do so.
- As Part of an Enterprise Program.We may further limit the way we share your information according to the direction of your Enterprise Organization and any privacy policy that they may ask us to comply with. Your Enterprise Organization may require Sharecare to provide your Personal Information with the following:
Enterprise Organization. Under U.S. laws, we may share PHI with your health plan for the administration of your plan. If you receive Services through your relationship with a non-US-based Enterprise Organizations, we will adhere to the applicable laws in your country.
Healthcare Providers. We may share information with your healthcare providers and any clinics or organized healthcare organizations with whom they are associated.
Your Employer. We will not share your PHI with your employer for employment-related purposes. We may only share the information needed to for your employer to deliver programs. For example, we may share completion status of a wellness plan requirement but not the actual results of the required action.
Third-Party Service Providers. We may disclose your PHI to our business associates, who perform various functions on our behalf, but Sharecare requires these third parties to agree in writing to safeguard your PHI appropriately and in accordance with the law. Sharecare does not sell or rent your PHI to third parties. Sharecare does not use your PHI to market, sell, or otherwise promote goods or services that are not health-related benefits provided by your health plan, employer, or provider.
- For External Services.We provide Personal Information to our affiliates or other trusted businesses or persons who provide services to you or us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
- For sponsored Services. We may disclose Personal Information to sponsors of Services provided to you in compliance with law and applicable confidentiality and security measures.
- For legal reasons.We will share Personal Information with companies, organizations or individuals outside of Sharecare if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Use, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of Sharecare, our users or the public as required or permitted by law.
We may share aggregated, non-personally identifiable information publicly and with our partners to evaluate the effectiveness, value, and analytic trends of the Services.
If Sharecare is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any Personal Information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.
How We Protect Your Information
We work hard to protect Sharecare and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. Sharecare is committed to using industry-leading security practices such as ISO27001 and HiTRUST. In particular:
- We comply with HIPAA’s security rule
- We encrypt many of our Services using SSL.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to personal information to Sharecare employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
We keep personal information housed on servers in the United States. If you are located outside of the United States, information we collect (including cookies) are processed and stored in the United States. By using the Services and providing information to us, you consent to the transfer to and processing of the information in the United States.
Transparency and Your Choices
People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:
- Manage your email preferences in your Notifications settings.
- Control who you share information with through your Privacy settings.
- Take information out of many of our Services by contacting Sharecare Customer Support
Your Use After Termination of Enterprise Program. Upon termination by you or Sharecare of the relationship with your Enterprise Organization, you will have the opportunity, under certain Services, to continue to use your personal profile and to access information about yourself, including personal health information provided by an Enterprise Organization, in that profile. In order for you to continue to access the personal health information provided by your Enterprise Organization, you would need to execute a voluntary HIPAA Authorization allowing Sharecare to receive and use your personal health information. If you choose not to authorize Sharecare to receive such information about you, you may not be able to use some of the Services or features of the Services. Information that you were able to access as part of an Enterprise Program may no longer be available to you without such authorization.If you continue to use Services made available by Sharecare after termination of the relationship with your Enterprise Organization, your Sharecare account will be governed by the Sharecare terms and policies here.
Cookies. You may also set your browser to block all cookies, including cookies associated with our Services, or to indicate when a cookie is being set by us. However, it's important to remember that many of our Services may not function properly if your cookies are disabled. For example, we may not remember your location preferences.
Advertising. Unless you are receiving Services as part of an Enterprise Program, we also personalize your experience on our sites and mobile Services by showing you advertisements from Sharecare or our advertising partners that are tailored to your interests. Learn more about interest-based advertising, including how to opt out. Sharecare does not advertise, market, or promote products or services to patients, participants, or practitioners who receive Services as part of an Enterprise Program. In the event your health plan sponsor, employer, or health plan, through which you receive services, instructs us provide advertising content on this site, Sharecare would first obtain your valid authorization in compliance with applicable data privacy laws.
Information Shared By You. Many of our Services let you share information with others. Remember that when you share information publicly, it may be indexable by search engines. Our Services provide you with different options on sharing and removing your content.
Accessing and updating your personal information. Whenever you use our Services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our Services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our Services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.Access, correction, or deletion requests can be made by contacting Sharecare Customer Support
Other Helpful Information
Information of Children.The Services are not directed to or intended for use by minors. In compliance with laws, we will not intentionally collect any personal information from children under the age of 18. If you think that we have collected personal information from a minor child, please contact us.
When This Privacy Policy Applies
Our Privacy Policy applies to all of the Services offered by Sharecare Inc. and its affiliates, including Services offered on other sites, but excludes Services that have separate privacy policies that do not incorporate this Privacy Policy and Services that you may receive as a result of your participation in an Enterprise Program that has a separate privacy policy.
Our Privacy Policy does not apply to Services offered by other companies or individuals, including products or sites that may be displayed to you in search results, sites that may include Sharecare Services, or other sites linked from our Services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our Services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.
Compliance and Cooperation with Regulatory Authorities
We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
California Privacy Rights
Residents of the State of California, under certain provisions of the California Civil Code, have the right to request from companies conducting business in California a list of all third parties to which the company has disclosed certain personally identifiable information as defined under California law during the preceding year for third party direct marketing purposes. The company is not required to provide the above-described lists if it adopts and discloses its policy of not disclosing personal information to third parties for their direct marketing purposes unless the customer first affirmatively agrees to the disclosure.
We do not share information with third parties for their direct marketing purposes unless you affirmatively agree to such disclosure -- typically by opting-in to receive information from a third party. To prevent disclosure of your personal information for use in direct marketing by a third party, do not opt-in to such use when you provide personal information on our website. California customers may request further information about our compliance with this law by e-mailing privacy@sharecare.com.
California Do Not Track Notice. Some browsers have a "Do Not Track" feature that lets you tell websites and online services that you do not want to have your online activities tracked. Such browser features and industry standards are not uniform, so our websites and online services do not respond to those signals.
Changes to this Privacy Policy
Our Privacy Policy may change from time to time. This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party. If we change this Privacy Policy, we will post any privacy policy changes on this page and, if the changes are material, we will provide a more prominent notice by sending you an email and/or posting a notice in the Services.Sharecare reserves the right to modify this Privacy Policy at any time, so please review it frequently.
Last modified: December 31, 2018