Privacy Notice

Last Updated: November 21, 2025

This privacy notice (“Notice”) explains how personal information is collected, used, and disclosed by Evidation Health, Inc. and its controlled affiliates and subsidiaries (collectively, “Evidation,” “we,” “us,” or “our”) in connection with your use of our website at https://my.evidation.com, or any other websites, products, services, or applications, including Health Programs (defined below), that link to this Notice (collectively, our “Services”). You may know some of the Services, such as our consumer platform that rewards healthy actions and helps users participate in research, as “MyEvidation” or “Achievement.” This Notice applies only to Services that display or reference this Notice, but it does not apply to any Services that display or reference a different privacy notice. 

Other privacy notices may apply to Evidation’s data practices. For example, the privacy notice for our corporate website at www.evidation.com is available at https://evidation.com/privacy. Additionally, research or other programs, including sponsored programs, as well as services that feature our partners’ branding instead of or in addition to Evidation branding, facilitated by Evidation (“Health Programs”) may be subject to terms provided in the specific informed consent and/or other disclosures for the relevant Health Program. For example, under applicable law, medical records you authorize us to access when participating in a Health Program may be subject to terms in the relevant authorization. The privacy notice that applies to Evidation’s data practices for employment applicants is available at https://evidation.com/california-privacy-notice. Information about Evidation’s data practices for “consumer health data,” as defined under applicable law, is available at https://evidation.com/consumer-health-data-privacy-notice

California consumers can find specific disclosures, including “Notice at Collection” details, by clicking here. This Notice contains the following sections:

  • Personal Information We Collect
  • Cookies, Mobile IDs, and Similar Technologies
  • How We Use Personal Information
  • How We Disclose Personal Information
  • Security of Personal Information
  • Retention of Personal Information
  • Choices and Control of Personal Information
  • Location of Personal Information
  • Singapore Privacy Rights
  • California Privacy Rights
  • Notice at Collection
  • Changes to this Notice
  • Contact Us

General Privacy Statement

Personal Information We Collect

The personal information we collect depends on the Services you use, how you interact with us, and the choices you make. We collect information about you from different services and in various ways when you use the Services, including information you provide directly, information collected automatically, information from third-party data sources, and information we infer or generate from other data.

Information You Provide Directly 

We collect personal information you provide to us. For example:

  • Name and contact information, such as name and contact details such as email address, postal address, and phone number.
  • Demographic data. In some cases (such as when you register or participate in surveys or Health Programs), we request that you provide age, sex, gender, marital status, income, employment status, education level, and similar demographic details.
  • Content and files, such as form contents, photos, documents, or other files you upload to our Services; and if you send us email messages or other communications, we collect and retain those communications.
  • Biometric information. If you use third-party applications and services that collect biometric information and connect them to our Services, we may obtain biometric information through those third-party applications and services such as data regarding your heart rate and sleep patterns. This may include data collected by these third-party applications and services up to 30 days before the date you connect them to our services. Additionally, if you participate in Evidation programs that involve completing biometric measurements, such as by using the camera on your phone, we may obtain biometric information from those measurements.
  • Payment information if you make a purchase, redeem rewards, or make another financial transaction, such as credit card numbers, financial account information, and other payment details.
  • Sensitive Personal Information.
    • Government ID. If you use identity verification services offered by our service providers, they collect government-issued identifiers such as driver’s license, passport number, and social security numbers on our behalf. 
    • Account access information, such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account.
    • Sensitive demographic data. In some cases (such as when you register or participate in surveys or Health Programs), we request that you provide information about racial or ethnic origin or religious or philosophical beliefs. 
    • Health data. We collect and analyze information concerning your health.
    • Sexuality. We collect and analyze information about your sex life or sexual orientation.

Information We Collect Automatically

When you use our Services, we may collect some information automatically. For example:

  • Identifiers and device information. When you visit our website, our web servers may automatically collect your Internet Protocol (IP) address and information about your device, such as device identifiers (including MAC address), operating system, browser type, and other system settings,such as language, time zone, and configuration. As further described in the “Cookies, Mobile IDs, and Similar Technologies” section below, our websites and online Services store and retrieve cookie identifiers, mobile IDs, and other data.
  • Geolocation information. Depending on your device and app settings, when you use our online Services, we collect geolocation information. 
  • Usage data. We automatically log your activity on our websites, apps, and connected Services, including the URL of the website from which you came to our Services, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website.

Information We Obtain from Third-Party Sources

We also obtain the types of information described above from third parties. These third-party sources include, for example: 

  • Data Brokers. Data brokers and aggregators from which we obtain data to supplement the data we collect.
  • Third-Party Partners. Third-party applications and services, including social networks you choose to connect with or interact with through the Services. This also includes third parties that sponsor, or partner with Evidation to facilitate, Health Programs. 
  • Business Partners. Partners with which we offer co-branded services or engage in joint marketing activities. 
  • Service Providers. Third parties that collect or provide data in connection with work they do on our behalf, for example companies that determine your device’s location based on its IP address.
  • Publicly Available Sources. Public sources of information such as open government databases.

Information We Create or Generate

We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we infer your general geographic location (such as city, state, and country) based on your IP address.

When you are asked to provide personal information, you may decline. And you may use web browser or operating system controls to prevent certain types of automatic data collection. But if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or fully functional.

Cookies, Mobile IDs, and Similar Technologies

We use cookies, web beacons, mobile analytics IDs, and similar technologies to operate our websites and online Services and to help collect information, including usage data, identifiers, and device information. 

What Are Cookies and Similar Technologies?

A ”cookie” is a small data file placed on your device to identify it in the future. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.

Web beacons are electronic images (also called single-pixel or clear GIFs) that are contained within a website or email. When your browser opens a webpage or email that contains a web beacon, it automatically connects to the web server that hosts the image (typically operated by a third party). This allows that web server to log information about your device and to set and read its own cookies. In the same way, third-party content on our websites (such as embedded videos or plug-ins) results in your browser connecting to the third-party web server that hosts that content. We may also include web beacons in our email messages or newsletters to tell us if you open and act on them.

Mobile analytics IDs are generated by operating systems for mobile devices (iOS and Android) and can be accessed and used by apps in much the same way that websites access and use cookies. Our Services may contain software that enables us and our analytics partners to access these mobile IDs.

How Do We and Our Partners Use Cookies and Similar Technologies?

We, and our analytics partners, use these technologies in our Services to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our Services, including personal information about your online activities over time and across different websites or online services. This data is used to store your preferences and settings, track your interaction with the site or app, develop inferences, combat fraud, analyze how our websites and other products and services perform, and fulfill other legitimate purposes. We and/or our partners also disclose the data we collect or infer to third parties for these purposes. For more information about the analytics partners that collect personal information on our Services, please see the “How We Disclose Personal Information” section of this Notice.

What Controls Are Available?

There are a range of cookie and related controls available through browsers, mobile operating systems, and elsewhere. See the “Choices and Control of Personal Information” section below for details.

How We Use Personal Information

We use the personal information we collect for purposes described in this Notice or as otherwise disclosed to you. This also applies to the extent you participate in a Health Program that links to or displays to this Notice (subject to terms provided in the specific informed consent and/or other disclosures for the relevant Health Program). For example, we use personal information for the following purposes: 

We utilize personal information to enhance user experience, ensuring our services are tailored to meet individual needs and preferences. This includes customizing content, providing personalized recommendations, and improving service delivery.‍

Product improvement, development, and research, including to develop new services or features, and conduct research

  • Name and contact information, demographic data, content and files, biometric information, identifiers and device information, geolocation information, usage data
  • Sensitive personal information: Sensitive demographic data, health data, sexuality, precise geolocation data

Product and Service delivery, including to provide and deliver our Services, including troubleshooting, improving, repairing, and personalizing the Services; for certain Services, this includes using personal information in machine learning and other artificial intelligence methods

  • Name and contact information, demographic data, content and files, biometric information, payment information, identifiers and device information, geolocation information, usage data
  • Sensitive personal information: Government ID, account access information, health data, sexuality, precise geolocation data

Marketing, including to communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our Services and those of our selected partners (see the “Choices and Control” section of this Notice for information about how to change your preferences for promotional communications)

  • Name and contact information, demographic data, content and files, identifiers and device information, geolocation information, usage data 
  • Sensitive personal information: Health data, sexuality

Communications, including to send you information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages

  • Name and contact information, demographic data, content and files, payment information, identifiers and device information, geolocation information
  • Sensitive personal information: Health data, sexuality

Customer support, including to provide customer support and respond to your questions

  • Name and contact information, demographic data, content and files, payment information, identifiers and device information, geolocation information, usage data 
  • Sensitive personal information: Account access information, health data, sexuality, precise geolocation data

Personalization, including to understand you and your preferences in order to enhance your experience and enjoyment of our Services

  • Name and contact information, demographic data, content and files, payment information, identifiers and device information, geolocation information, usage data 

Business operations, including to operate our business, such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent, illegal, or otherwise unauthorized activity, and meeting our legal obligations

  • Name and contact information, demographic data, content and files, payment information, identifiers and device information, geolocation information, usage data 
  • Sensitive personal information: Government ID, account access information, sensitive demographic data, health data, sexuality, precise geolocation data

Name and contact information, demographic data, content and files, payment information, identifiers and device information, geolocation information, usage data 

Sensitive personal information: Government ID, account access information, sensitive demographic data, health data, sexuality, precise geolocation data

We may combine information we collect from different sources for these purposes, and to give you a more seamless, consistent, and personalized experience. 

How We Disclose Personal Information

We disclose personal information with your consent (such as in connection with your participation in a Health Program) or as we determine necessary to complete your transactions or provide the services you have requested or authorized. In addition, we may disclose each of the categories of personal information described above, to the types of third parties described below, for the following business purposes:

  • Service Providers. We provide personal information to vendors or agents working on our behalf for the purposes described in this Notice. For example, companies we’ve hired to assist in protecting and securing our systems and services may need access to personal information to provide those functions.
  • Affiliates. We enable access to personal information across our subsidiaries, affiliates, and related companies, for example, where we share common data systems or where access helps us to provide our Services and operate our business.
  • Financial Services & Payment Processing. When you provide payment data, for example to redeem rewards, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services.
  • Business Partners. We may disclose your information to partners with which we offer co-branded services or engage in joint marketing activities, for example, where you use a co-branded service and where access helps us to provide you with the co-branded service and operate our business. 
  • When Required by Law or as Necessary to Protect Our Users and Services. We access, disclose, and preserve personal information when we believe that doing so is necessary to:
    • protect, enforce, or defend the legal rights, privacy, safety, or property of ourselves or others, including enforcing our agreements, terms, and policies; 
    • comply with applicable law;
    • respond to valid legal process (such as subpoenas or warrants), including from law enforcement, national security, or other government agencies;
    • protect our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone; or
    • operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks.
  • Corporate Transactions. We disclose personal information as part of a corporate transaction or proceeding such as a sale, transfer, divestiture, or transfer of all or a portion of our business or assets, or a merger, financing, acquisition, bankruptcy, or dissolution. 

Third party analytics companies also collect personal information through our website and apps including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as described in the “Cookies” section of this Notice. These third-party vendors may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.

Some of the data disclosures to these third parties may be considered a “sale” or “sharing” of personal information as defined under the laws of California and other U.S. states. Please see the “Choice and Control” and “California Privacy Rights” sections below for more details.

Please note that some of our Services also include integrations, references, or links to services provided by third parties whose privacy practices differ from ours. If you provide personal information to any of those third parties, or allow us to share personal information with them, that data is governed by their privacy statements.

Finally, we may disclose de-identified information in accordance with applicable law.

Security of Personal Information

We take reasonable and appropriate steps to help protect personal information from unauthorized access, use, disclosure, alteration, and destruction.

If you want to report a potential cyber security vulnerability, please contact us at security@evidation.com.

Retention of Personal Information

We retain personal information for so long as reasonably necessary to provide the Services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and for other legitimate and lawful business purposes. 

Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the information, the availability of automated controls that enable users to delete data, and our legal and contractual obligations. For example, if you participate in a Health Program, applicable retention periods for data processed in connection with your participation may be described in the terms of the specific informed consent and/or other disclosures for that Health Program.

Choices and Control of Personal Information

We provide a variety of ways for you to control the personal information we hold about you, including choices about how we use that data. In some jurisdictions, these controls and choices may be enforceable as rights under applicable law.

Access, Portability, Correction, and Deletion

If you wish to access, correct, or delete personal information about you that we hold, you may access your account by logging into your Evidation account and navigating to your “Account” page. You may also complete the “Submit a Request” form (available here: https://help.evidation.com/hc/en-us/requests/new); please select “Privacy” under the “What’s this about?” dropdown. 

If you are unable to access, copy, correct, or delete certain personal information we have via the means described above, you can send us a request by using contact methods described at the bottom of this Notice.

Communications Preferences

You may choose whether to receive promotional communications from us by email and SMS. If you receive promotional email or SMS messages from us and would like to stop, you can do so by following the directions in that message or by contacting us as described in the “Contact Us” section below. These choices do not apply to certain informational communications including surveys and mandatory service communications.

Browser or Platform Controls

  • Cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies may be deleted and may need to be recreated.
  • Global Privacy Control. Some browsers and browser extensions support the “Global Privacy Control” (GPC) or similar controls that can send a signal to the websites you visit indicating your choice to opt-out from certain types of data processing, including data sales, as specified by applicable law. 
  • Do Not Track. Some browsers include a “Do Not Track” (DNT) setting that can send a signal to the websites you visit indicating you do not wish to be tracked. Unlike the GPC described above, there is not a common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the GPC and cookie controls described above.
  • Mobile ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the mobile IDs.

Email Web Beacons

Most email clients have settings that allow you to prevent the automatic downloading of images, including web beacons, and the automatic connection to the web servers that host those images.

Except for the automated controls described above, if you send us a request to exercise your rights or these choices, to the extent permitted by applicable law, we may charge a fee or decline requests in certain cases. For example, we may decline requests where granting the request would be prohibited by law, could adversely affect the privacy or other rights of another person, would reveal a trade secret or other confidential information, or would interfere with a legal or business obligation that requires retention or use of the data. Further, we may decline a request where we are unable to authenticate you as the person to whom the data relates, the request is unreasonable or excessive, or where otherwise permitted by applicable law. If you receive a response from us informing you that we have declined your request, in whole or in part, you may appeal that decision by submitting your appeal using the contact method described at the bottom of this Notice.

Location of Personal Information

The personal information we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers process data, some of which may have laws that offer different levels of data protection than the country in which you reside. Currently, we primarily use data centers in the United States. The storage location(s) are chosen to operate efficiently and improve performance. We take steps to process and protect personal information as described in this Notice wherever the data is located.

California Privacy Rights 

If you are a California resident and the processing of personal information about you is subject to the California Consumer Privacy Act (CCPA), you have certain rights with respect to that information.

Notice at Collection

At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this Notice by clicking on the above links.

Right to Know

You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note we have provided much of this information in this Notice. You may make such a “request to know” by logging into your Evidation account and navigating to your “Account” page, or by completing the “Submit a Request” form (available here: https://help.evidation.com/hc/en-us/requests/new); please select “Privacy” under the “What’s this about?” dropdown. You can also send us a request by using contact methods described at the bottom of this Notice.

Right to Request Correction or Deletion 

You have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions. To make a request to correct or delete, please log into your Evidation account and navigate to your “Account” page, or complete the “Submit a Request” form (available here: https://help.evidation.com/hc/en-us/requests/new); please select “Privacy” under the “What’s this about?” dropdown. You can also send us a request by using contact methods described at the bottom of this Notice. 

Right to Opt-Out / “Do Not Sell or Share My Personal Information” 

You have a right to opt-out from future “sales” or “sharing” of personal information as those terms are defined by the CCPA.

Note that the CCPA defines “sell,” “share,” and “personal information” very broadly, and some of our data disclosures described in this Notice may be considered a “sale” or “sharing” under those definitions. In particular, we let analytics providers collect identifiers (IP addresses, cookie IDs, and mobile IDs), activity data (browsing, clicks, app usage), device data, and geolocation data through our sites and apps when you use our online Services, but do not “sell” or “share” any other types of personal information. If you do not wish for us or our partners to “sell” or “share” personal information relating to your visits to our sites for advertising purposes, you can make your request by visiting our “Do Not Sell or Share My Personal Information” page (https://evidation.com/do-not-share-or-sell), using a Global Privacy Control, emailing us using the contact information at the bottom of this Notice, or using other controls described in the “Choices and Control” section of this Notice. If you opt-out using these choices, we will not disclose or make available such personal information in ways that are considered a “sale” or “sharing” under the CCPA. We will continue to make available to our partners (acting as our service providers) some personal information to help us perform analytics-related functions. Further, using these choices will not opt you out of the use of previously “sold” or “shared” personal information or stop all interest-based advertising.

We do not knowingly sell or share the personal information of minors under 16 years of age.

Right to Limit Use and Disclosure of Sensitive Personal Information

You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law. Note that we do not use sensitive personal information for any such additional purposes.

Verification of Data Subject Requests

To provide, correct, or delete specific pieces of personal information we will need to verify your identity to the degree of certainty required by law. We will verify your request by requiring you to provide information necessary to verify your identity. For example, we may request your name, email, and/or information about how you have used our Services. 

Authorized Agents

You may also designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we may require the agent to provide proof you have authorized the agent to act on your behalf, and we may require you to verify your own identity directly with us. 

Finally, you have a right to not be discriminated against for exercising these rights set out in the CCPA.

“Shine the Light” Law 

Under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed certain categories of personal information to any third parties for the third parties’ direct marketing purposes. Please be aware that we do not disclose personal information to any third parties for their direct marketing purposes as defined by this law. California Customers may request further information about our compliance with this law by emailing privacy@evidation.com; please include “Shine the Light Request” in the email subject to help us better handle your request. Please note that businesses are required to respond to one request per California Customer each year and may not be required to respond to requests made by means other than through the designated email address. 

Changes to this Notice

We will update this Notice when necessary to reflect changes in our Services, how we use personal information, or the applicable law. Changes to this Notice will become effective when published, unless otherwise noted. When we post changes to the Notice, we will revise the “Last Updated” date at the top of this Notice. If we make material changes to this Notice, we will provide notice or obtain consent regarding such changes as may be required by law.

Contact Us

For any privacy questions, complaints, or inquiries regarding this Notice, please direct your inquiry to:

Evidation Health

Attn: Privacy Office

63 Bovet Rd #146

San Mateo, CA 94402

privacy@evidation.com 

Download app