Privacy Notice

Last Updated: November 2021

This Privacy Notice (“Notice”) explains how information is collected, used, and disclosed by Evidation Health, Inc. (“Evidation,” “Health Programs,” “we,” “us,” or “our”) in connection with your use of our websites such as https://my.evidation.com, mobile applications, and other online services (collectively, our “Services”). For the purposes of certain of our Services, Evidation is also known as “Achievement”. This Privacy Notice applies to only those websites, services, and applications included within the Services and does not apply to any third-party websites, services, or applications (including those of our Partners), even if accessible through the Services. When you use the Services, you consent to our collection, use, disclosure, and protection of information about you as described in this Privacy Notice. IF YOU DO NOT AGREE TO THIS PRIVACY Notice, PLEASE DO NOT USE THE SERVICES.

This Privacy Notice contains the following sections:

Information We Collect
Do Not Track
How We Use Your Information
How We Share Your Information
Retention of Information
Your Choices
How We Protect Your Information
Links to Other Sites
Children’s Privacy
International Transfer
California Privacy Rights
Contact Us
Additional Information for Participants in Health Programs
Changes to the Privacy Notice

Information We Collect

We may collect and store information about you in various ways. For example, we may collect information that you provide to us, information that we collect via social networking sites or third-party applications, information that we automatically collect through your use of the Services, and information from publicly available sources or non-affiliated third parties.

1. Information you provide to us

When you use the Services, you may be invited to provide information directly to us. We may collect the following illustrative (but not exhaustive) types of information from you when you use the Services:

Registration information such as your email and password;
Account information that you submit, such as name, gender, date of birth, address, and certain health information;
Survey responses and information you submit regarding your eligibility to participate in a study, including but not limited to information about your demographics, health, household, employment, and health goals;
Documents or other records that you choose to share with us, including metadata associated with such documents (e.g., if you share a photo, depending on your device’s settings, location data may be associated with the photo);
The communications or requests you submit to us through the Services; and
Information to provide you rewards, such as your PayPal username or address.

Information about others. In the process of using the Services, you may provide us with information about others (such as a family member); if you choose to share such information, we will use the information you provide about the other person only to facilitate the indicated action or service.

Other information collected with your express consent. In addition to the information collected pursuant to this Privacy Notice, we may collect information about you if we have your express consent to do so. For example, if you opt in to participate in a study, or a sponsored program, via the Services, we will collect information for that study or program, including information you submit and we obtain from third parties. In order to participate, you must agree to the terms of a separate Informed Consent, Patient Authorization, or an equivalent project-specific disclosure. Please review all Informed Consent or otherwise authorized disclosure documents carefully as they will outline the specific information to be collected and how it will be used and/or shared for a given study, project, or sponsored program.

2. Third-Party Applications and Services

If you opt in to connect the Services with any applications, devices, services, or third-party accounts that you maintain (collectively “Third-Party Applications”), we will collect certain information from such Third-Party Applications as permitted by your privacy settings in the Application, including, but not limited to health, activity, and wellness data or your contacts.

Additionally, if you choose to register for the Services via a third-party service with which you have an account, such as Facebook or Google, we may collect certain information from your third-party account, such as name, email address, profile picture, birthday, list of friends, people you follow, likes, work and education history, current city or other third-party account information that your privacy settings in your third-party account permit us to access. Third-party services, such as Facebook and other social networking services, have their own policies concerning the collection, use, sharing, and protection of your information. Evidation does not have any control over the way any third-party service uses or discloses the information they collect about you.

3. Automatically collected information

When you utilize our Services, certain information is automatically collected. For example, we and our third-party service providers may automatically collect your Internet Protocol (IP) address (and associated city and state or province for the IP address), computer operating system, browser type, other system settings, as well as the language your system uses and the country and time zone where your device is located, device identifiers, the website you visited before our Services, the number of clicks, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services and upload or post content, error logs, and other similar information. Even if you do not register with our Services, or submit information directly, our Services may collect this automatically collected information.

Location Information. When you use the Services, we and our service providers may automatically collect general location information (e.g., IP address, city/state and or zip code associated with an IP address) from your computer or mobile device. If you access the Services through a mobile device, we may also ask your permission to collect your precise geo-location information. If you do not wish to have specific geo-location information collected and used by us and our service providers, you may disable the location features on your device. For more information regarding location services, please contact your device manufacturer or mobile carrier. Turning off location services may impact certain features of the Services.

Cookies & Similar Technologies. To collect the information noted in this section, we and our third-party service providers also collect information about you, your usage of the Services and your devices through cookies, web beacons, pixels and similar technologies. A ”cookie” is a small data file placed on your device to identify your device in the future and help us better understand user behavior, personalize preferences, perform research and analytics, deliver tailored advertising, and improve the products and services we provide. We or our third-party service providers also may use certain of these technologies in emails to end users, to help us track email response rates, whether our emails are forwarded, and when our emails are viewed. A ”session cookie” disappears after you close your web browser, or may expire after a fixed period of time. A ”persistent cookie” remains after you close your web browser and may be accessed every time you use our Services. We and our third-party service providers may use both session and persistent cookies on our Services. You should consult your web browser to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may not be able to use certain features of our Services. In addition to cookies, we may also use technologies such as local storage objects to collect information (e.g., HTML5). Various browsers may offer their own management tools for removing HTML5. Please consult your browser settings.

We may utilize the services of third parties in conjunction with this automatically collected information. These third parties may collect information about you over time such as about your use of our Services, as well as your online activities across other websites or online services.

4. Information from other sources

We may, at times, seek to obtain information about you from other sources. We may receive, or affirmatively gather information about you from such sources and may combine it with the information that we already have for any purpose described throughout this Privacy Notice. The extent to which we may obtain information from such sources is governed by the terms of your relationship with that source.

Do Not Track

We do not currently employ technologies that recognize “Do Not Track” signals from your browser.

How We Use Your Information

We, and our service providers, use the information collected to provide our Services to you or as otherwise described in this Privacy Notice. For example, we may use your information to:

Operate and improve our Services, including development of new products, features and functionalities;
Process and deliver program and/or study rewards;
Contact you, or otherwise provide you with information about:

your account;
referrals;
current and future programs offered via the Services;
studies in which you are currently participating; or
participation in studies, programs or other opportunities for which you may be eligible, based upon information previously collected.

Respond to your feedback, comments, or questions, or to otherwise send you information about our Services;
Ask you to complete surveys as part of the Services or other programs;
Perform research, including for publication (in a manner that does not identify you personally) pursuant to Institutional Review Board approval or exemption, as necessary;
Analyze how you use and interact with our Services;
Protect our Services and the information collected against fraudulent, illegal, or otherwise unauthorized activity, including any investigation into such activity;
For any other purpose described in this Notice, or the Terms of Use; or
When we have your consent, such as pursuant to your participation in a study or other program.

We may combine information that we collect from you through the Services with information that we obtain from affiliated and non-affiliated third parties, and information derived from any other products or services we provide.

We may aggregate and/or de-identify information collected through the Services and use such data for any purpose, including without limitation for our own internal research and marketing purposes or to prepare analyses or reports for our blog, public presentations, partners or others regarding the use of our Services and/or data about our user population.

By providing your mobile phone number as part of your enrollment in a study or other program, you expressly consent to receive text or other SMS messages at the number provided for the administration of the study. Standard message and data rates may apply.

Collection of Information Across Devices and Applications. Sometimes, we (or our service providers) may use the information we collect – for instance, usernames, IP addresses and unique mobile device identifiers – to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones, tablets, or computers), or work with providers that do this, in order to better tailor content and features and provide you with a seamless experience across devices. If you wish to opt out of cross device tracking for purposes of interest-based advertising, you may do so through your Android or Apple device-based settings or by using the Network Advertising Initiative (NAI), Digital Advertising Alliance’ (DAA) and your online choices NAI Opt-Out link DAA Opt-Out link.

Online Analytics. We may use third-party web analytics services, such as those provided by Google Analytics. These service providers use cookies and other technologies described in this Notice to help us analyze how users interact with our Platform. The information collected by the technology will be disclosed to or collected directly by these service providers. To prevent Google Analytics from using information for analytics, a user may install the Google Analytics Opt-Out Browser Add-on by clicking here.

We neither have access to, nor does this Privacy Notice govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device you use to access the Platform by non-affiliated, third-party ad technology, ad servers, ad networks or any other non-affiliated third parties. Those parties that use these technologies may offer you a way to opt out of ad targeting as described below.

Tailored Advertising. You may receive advertising about Evidation on your computer through a web browser when you visit other sites. If you are interested in more information about this type of tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the NAI’s Consumer Opt-Out link or the DAA’s Consumer Opt-Out link to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page.

We may use third-party service providers for mobile application analytics. Each operating system, iOS for Apple phones, Android for Android devices and Windows for Microsoft devices provides its own instructions on how to prevent the delivery of tailored in-application advertisements. We do not control how the applicable platform operator allows you to control receiving personalized in-application advertisements; thus, you should contact the platform provider for further details on opting out of tailored in-application advertisements. You may review the support materials and/or the device settings for the respective operating systems to opt-out of tailored in-app advertisements.

How We Share Your Information

We will not sell, rent, or otherwise share your information with our clients without your express consent as detailed below.

We may share your information with our affiliates, service providers, and third party business partners. For instance:

Affiliates and Subsidiaries. We may share information we collect within the Evidation family (e.g., other companies owned by or under common ownership as Evidation) to deliver products and services that we think may be of interest to you, to ensure a consistent level of service, and to enhance our products, services, and your customer experience.

Service Providers. We may share your information with third parties that help us operate our business and provide the Services, such as for email management, data hosting, analytics, payment processing, fraud and safety protection and legal and accounting services.

Third-Party Applications or Services. If you access the Services through our partners' websites and applications, in order to provide and administer the Services we may be required to share user identification information, such as a login name associated with your Account, with such partners.

When Required by Law or as Necessary to Protect Our Users and Services. We may share information when we have a good faith belief that doing so is reasonably necessary to protect, enforce, or defend the legal rights, privacy, safety, or property of Evidation (including enforcement of our Terms of Service, Privacy Notice, or contracts), our employees or agents or users, or if we reasonably believe that is necessary in order to comply with laws, regulations, legal process (such as subpoenas or warrants), or any other legal or regulatory request.

Business Transfers. We may disclose or transfer your information to a third party if we sell, transfer, divest, or disclose all or a portion of our business or assets to another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction, or proceeding or take steps in anticipation of such a transaction.

Otherwise with Your Consent or at Your Direction. In addition to the sharing described in this Notice, we may share information about you with third parties whenever you consent to or direct such sharing. For example, if you participate in a research study or other sponsored program, we may share your information as disclosed in the informed consent or other disclosures for such program.

Retention of Information

The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

Your Choices

Manage Your Account Information. You may modify your account information by accessing the Settings area of your account.

Email & Text Messages. You may opt-out of receiving certain communications from us. To opt-out of any communications, follow the instructions in that communication or visit the settings tab of your account.

You may opt-out of receiving text messages from us by replying to a text from us with the words “STOP”, “QUIT”, or “UNSUBSCRIBE.” You will not be able to opt-out of transactional or relationship email messages related to the management of your account or customer support.

Cookies and Other Automated Technologies. For information about opt-out options relating to data collected using cookies and other automated technologies (e.g., for analytics), please review the hyperlinks in the “Automatically Collected Information” section of this Notice, above.

How We Protect Your Information

We use technical, physical, and administrative safeguards to protect your information from misuse and unauthorized access or disclosure. However, no method of Internet, email, or mobile device transmission, or electronic storage is 100% secure or error-free. Please keep this in mind when disclosing any information to us via the Internet or other electronic means.

Links to Other Sites

Our Services may contain links to other websites and services. Any information that you provide on or to a third-party website or service is provided directly to the owner of the website or service and is subject to that party's privacy Notice. Our Privacy Notice does not apply to such websites or services and we are not responsible for the content, privacy or security practices and policies of those websites or services. To protect your information, we recommend that you carefully review the privacy policies of other websites and services that you access.

Children’s Privacy

Our Services are not intended for children under the age of 18. If we become aware that we have collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 13 without valid parental consent, we will take reasonable steps to delete it as soon as possible, and will remove underage users’ access to our application(s)

International Transfer

Your information may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. Our Services are intended for use only in the United States. If you are located outside the United States and choose to provide your information to us, we may transfer your information to the United States and process it there (or any other country in which we operate). Your submission of information using the Services represents your agreement to such transfer.

California Privacy Information

Shine the Light. California residents have the right, under certain circumstances, to request information regarding the sharing of certain categories of “personal information” (as defined by applicable California law) during the prior year to third parties for their direct marketing purposes. As noted above, we do not share your personal information with third parties for their direct marketing purposes unless we have your explicit permission. For any questions regarding this, please contact us as described below.

California Consumer Privacy Act (CCPA). Under the CCPA, if you are a California resident, you have certain rights with respect to your personal information. This includes the:

Right to Know:

You can request information about, and access to, personal information that we have collected, disclosed, or sold in the past 12 months, including the categories of:

information collected;
sources from which the personal information is collected;
personal information that we have sold or disclosed about you for a business purpose;
third parties with whom we share personal information;

the business or commercial purpose for collecting the information; and
the specific pieces of personal information that we have collected about you.

Right to Deletion:

You can request that we delete your personal information (subject to certain exemptions).

Right to Opt-Out of the Sale of Personal Information:

We do not and will not sell your personal information (as defined by the CCPA).

Right to Non-Discrimination for Exercising your Rights.

Requests can be made through the Evidation app or by emailing help@my.evidation.com.

Additionally, we are required to inform California residents of the following:

Sale of Personal Information: As noted above, we do not and will not sell your personal information.
Financial Incentives: We do not offer financial incentives for personal information. We do reward you for participating in the Evidation program, which includes taking part in healthy activities, participating in surveys, or other programs. When you join the Evidation community, you can sync your wearable devices and certain apps with the Evidation app, or self-report information, in order to earn points for healthy behaviors. You can learn more about earning points in the Evidation program here.
Categories of Personal Information Collected: The following categories of information cover the personal information that we intend to collect from our users with their consent in the future, in addition to covering what we have previously collected, with our user’s consent, in the past 12 months:

Identifiers
Protected Classifications
Biometric information
Electronic network activity
Geolocation data;
Employment-related information;
Education information; and
Inferences.

Information Shared for a Business Purpose: We may share any of the above categories of information with our service providers for business purposes in order to provide the Services to you. We do not disclose your personal information to Third Parties (as defined in the CCPA) without your consent.
Categories of Sources: The information that we collect comes from Consumers and their devices. This includes information that has been submitted directly by you, for example, through emails and surveys, and information that we collect when you sync supported apps and devices with the Evidation app.
Business Purpose: We collect information from you in order to provide and improve the Services, conduct research and analytics, identify and correct technical errors, advertise the Services to you, secure the services, prevent fraud, and to comply with applicable law. It allows us to build your Evidation profile, tailor which programs that we offer to you, and enables us to empower you to participate in better health outcomes.

Any queries or requests in relation to these rights can be made using the contact information listed below.

Nevada Privacy Rights

Pursuant to Nevada law, you may direct a business that operates an internet website not to “sell” certain “covered information” (each as defined by such law). As noted above, we do not sell your personal information. For any questions regarding this, please contact us as described below.

Contact Us

For any questions regarding this Privacy Notice, or our data practices, please direct your inquiry to:

Evidation

Attn: Privacy

63 Bovet Rd #146

San Mateo, CA 94402

privacy@evidation.com

Additional Information for Participants in Health Programs

We may also offer Health Program options for your participation. In Health Programs, we focus on specific chronic diseases to help empower you to improve your health and the health of others. If you choose to participate in one of our Health Programs, in addition to all of the descriptions above for our Evidation program, the following shall also apply:

Additional information you may provide as a Health Program participant

Diagnosis information specific to the chronic condition of the Health Program option
Information you provide us related to your mood and symptoms
Information related to prescription medications that you are taking, including how frequently and regularly you take that medication
Diagnosis information specific to the chronic condition of the Health Program option
Appointments you have with various medical providers
Clinical events that you experience (for example if you have to go to the emergency room or an urgent care clinic)
Certain biometric information about you, such as your height, weight, blood pressure

Additional uses of Health Program participant data

We may use the additional information you provide to us to send you information that may be of interest to you based on your condition or responses to our questions
We may send you reminders and other encouragement to help you to manage your condition or events that are occurring to you
We may review our communications with you and your responses so we can find the most effective way to communicate with you and others about health-related topics
We may review your activities and responses to see if they provide us with insight on the types of programs or information that might be helpful to our participants to help manage their chronic conditions.
We may use your information to evaluate the usefulness of our Services
We may de-identify and aggregate information (so you are not identifiable)

Additional ways in which we share Health Program collected data

We may find partners who are interested in developing strategies for managing or coping with chronic diseases and share aggregated and de-identified information with them

Those partners could include pharmaceutical companies, health plan or health care providers, or other organizations interested in promoting healthy lifestyles
We may be compensated for providing that aggregated and de-identified data, but we will never sell or share your identifiable information without your consent

How we may serve as your Third Party Authorized Representative to help you collect your data

We may ask you if you would like us to act as your authorized representative to help you gain access to or obtain a copy of your medical records from your various providers. We will always ask for your specific permission prior to doing so.
In some cases, even if you would like us to help you gain access to your medical records, we may not be able to fulfill your request. We will let you know if that is the case.

Changes to this Privacy Notice

We may update this Notice from time to time to reflect changes or updates to our technology, data practices, and other factors. Changes to this Notice will become effective when published in the revised Notice, unless otherwise noted. Please check the “Last Updated” date at the top of this page to see when this Notice was last revised. Your continued use of the Services following the effective date of these changes indicates your consent to the practices disclosed in the updated Privacy Notice.