This Privacy Policy governs our data collection, processing and usage practices. It also describes your choices regarding use, access, collection, and correction of your personal information. If you do not agree with the data practices described in this Privacy Policy, you should not use our Services.
Specifically, this Privacy Policy covers:
Information we collect about you
We may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“Personal Information"), non-personally identifiable information (“Non-Personal Information"), usage and device information (collectively, “information”, defined in detail below) about you in connection with your (or your organization’s) use of our Services that link to this Privacy Policy.
How we use your information
- We use the information we collect only in compliance with this Privacy Policy. We may use your information to provide services (either directly to you or to those third parties who have engaged us as service providers to process your information on their behalf); respond to inquiries and provide customer support and technical assistance; communicate with you; process transactions; improve, develop, provide content for, operate, deliver and market, as permitted in this Privacy Policy, our Services; implement social networking features; help you connect with third parties; comply with our company policies and procedures and with applicable law; ensure proper and authorized use of the Services; perform Services tracking and analysis; and, as otherwise permitted by applicable law.
How we share your information
- We may share your information with our business units, affiliates, subsidiaries, business partners, service providers and/or your representatives, in order to provide or improve our Services to you.
- If applicable to you, you acknowledge that you have signed a valid HIPAA authorization (the “HIPAA Authorization”) with your health care provider. With this HIPAA Authorization, we may share certain information with your electronic health record (“EHR”) and those parties that have access to your EHR in order to provide or improve our Services to you.
- We do not share information with third parties so that they can independently market their own products or services to you unless you have chosen to engage with that third party. We will never sell your Personal Information to any third party.
Your Rights Regarding Your Personal Information
- We provide you with the opportunity to be informed of whether we are processing your information and to access, correct, update, oppose, delete, block, limit or object to, upon request and free of charge, our use of your Personal Information to the extent required by applicable law.
Retention of your information
- We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature. We keep your account data until you use your account settings or tools to delete the data or your account because we use this data to provide you Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Your Information and How We Share Your Information sections.
Security of your information
- We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to protect the confidentiality, integrity and availability of your data. This includes using Transport Layer Security (“TLS”) to encrypt data transmission and 8Advanced Encryption Standard (“AES”) to encrypt data storage. No method of transmitting or storing data is completely secure, however.
- Your data may transmit through the HITRUST certified, HIPAA compliant servers of LifeOmic Holdings Inc, and be held to their privacy policy (https://lifeomic.com/privacy/) both while at rest and in transport, in relation to and in compliance with the Business Associate Agreement Readout Inc holds with LifeOmic Holdings Inc.
- If you have a security-related concern,please contact Customer Support:
jmsupport@journeysmetabolic.com
International Data Transfers
- Company is a U.S.-based company that offers our Services to U.S. customers. As a result, information that we collect, including Personal Information, may be transferred to our data centers or service providers in the U.S. By providing your Personal Information to us, you are consenting to the transfer of your Personal Information to the U.S. and to our (and our services providers’) use and disclosure of your Personal Information in accordance with this Privacy Policy.
Cookies and similar Technologies
- We may use “cookies” and similar technologies to help deliver our Services. This technology may involve placing small files/code on your device or browser that serve a number of purposes, such as remembering your preferences and to offer you a more personalized user experience. Read our Cookie Policy to learn more.
Marketing Analytics and Communications
- We work with partners who provide us with marketing analytics and communication services. This includes helping us understand how users interact with our Services, communicating with you about our Services and features, and measuring the performance of those communications. These companies may use cookies and similar technologies to collect information about your interactions with the Services and other websites and applications.
- To learn more and about your privacy choices, please see more details in the How We Use Your Information and How We Share Your Information sections and read our Cookie Policy.
Links to Other Websites
- Our Sites may contain links to other websites or services that are not owned or controlled by Company, including links to the websites of our sponsors and partners. This Privacy Policy only applies to information collected by our Services. We have no control over these third-party websites, and your use of third-party websites and features are subject to privacy policies posted on those websites. We are not responsible or liable for the privacy or business practices of any third-party websites linked to our Services. Your use of third parties’ websites linked to our Services is at your own risk, so we encourage you to read the privacy policies of any linked third-party websites when you leave one of our Services.
Mobile Applications Disclosure
- Journeys Metabolic use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
- Within the Journeys Metabolic mobile app (available on Apple Store & Google Play), user account deletion is possible by accessing the user profile settings menu; alternatively a user may send an email to jmsupport@journeysmetabolic.com requesting their account be deleted.
- Upon account deletion, user ID data will be retained for 90 days and thereafter only data related to user experience (non-attached to the former user) will be retained for an additional 36 months.
Our Policies for Children
- Our Sites and Mobile Apps are directed toward adults and not for anyone under the age of 18 years old. We will not knowingly collect or use any Personal Information from any children under the age of 18. Such persons are prohibited from using our Sites and Mobile Apps. If we become aware that we have collected any Personal Information from children under 18, we will promptly remove such information from our systems.
Changes to this Privacy Policy
- We periodically update this Privacy Policy. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice by sending you notification by email or notification alert within our Services.
- While we will notify you of any significant, material changes to this Privacy Policy, we encourage you to review this Privacy Policy periodically. We will also keep prior versions of this Privacy Policy in an archive for your review.
How to contact us
- You can contact us using the Contact Us page on our Sites or by mail at:
Readout, Inc. d/b/a Journeys Metabolic
2940 Locust St.
St. Louis, MO 63103
- If you have questions, suggestions, or concerns about this policy, or about our use of your information, including filing a complaint, please contact our Customer Service: jmsupport@journeysmetabolic.com .
INFORMATION WE COLLECT ABOUT YOU
When you use our Services, we collect the following types of Personal Information and Non-Personal Information:
INFORMATION YOU PROVIDE US:
ACCOUNT INFORMATION:
Some information is required to create an account to use or access the Services. You provide this information to us directly by completing fillable webforms on the Site or Mobile App and submitting the information to us, such as your:
- name
- email address
- password
- phone number
- address
ADDITIONAL INFORMATION:
To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information, such as:
- profile photos,
- profile information (such as a biography),
- country information,
- demographic information (such as date of birth, gender, height, weight and geographical residence location),
- test results as provided by third parties such as biometric testing and genomic testing,
- additional health and medical information and logs (such as, but not limited to, diet, exercise, sleep, mental conditions),
- data from linked devices such as the Biosense® device, wireless scales, fitness bands, blood pressure cuffs, other applications, etc.
- community or social media username, and messages and media on discussion boards or to your social contacts on the Services.
- If you contact us or participate in a survey, contest, or promotion, we collect the information you submit directly from you such as your name, email address, contact information, and message.
INFORMATION FROM THIRD-PARTY SERVICES:
- If you choose to connect your account on a third-party service to your account on our Services, we may receive information from the third-party service. For example, if you connect to Facebook or Google, we may receive information like your name, profile picture, age range, language, email address and friend list.
- You may also choose to grant us access to your Personal Information such as activity data or health data from other services. You can stop sharing the information from the other services with us by removing our access to each other service. However, we will store historical data that has already been collected.
- If you are a health system user, your EHR will be shared with us via an API connected to our Services.
INFORMATION PROVIDED BY OTHER INDIVIDUALS:
While using our Services, individuals may provide information about another individual, or an authorized user (such as an account administrator) creating an account on your behalf may provide information about You. When one individual provides us with information (including Personal Information) about another individual, we assume that the individual has permission and authority to do so and to consent on behalf of that individual to the collection and use of Personal Information as described in this Privacy Policy. Please contact us immediately if you become aware of an individual providing us with Personal Information about another individual without being authorized to do so, and we will act consistently with this Privacy Policy.
PAYMENT AND CARD INFORMATION:
Some Company Services support payments and transactions with third parties. We do not store your payment information. We use a third-party service provider to manage payment card processing. Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms. This service provider is not permitted to store, retain or use information you provide except for the sole purpose of credit card processing on our behalf.
INFORMATION WE RECEIVE FROM YOUR USE OF OUR SERVICES USAGE AND DEVICE INFORMATION
When you use our Services, we receive certain usage data (“Usage and Device Information”). This includes information about your interaction with the Services, for example, when you view or search content, install or open applications or software, create or log into your account, import data into your account, or integrate a third-party service to your account.
We may also collect data about the devices and computers you use to access our Services, including IP addresses, browser type, language, operating system, or mobile device information (including device and application identifiers), the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.
HEALTH AND OTHER SPECIAL CATEGORIES OF PERSONAL INFORMATION:
- To the extent that information we collect directly from you or pulled from your connected EHR is health data or another special category of sensitive Personal Information, we ask for your explicit consent to process such sensitive Personal Information. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you enter in health survey data or grant us access to your health or activity data from another service. You can use your account settings or contact us to withdraw your consent at any time by requesting deletion of your data or closing your account.
- However, if we are acting as a service provider (a “Data Processor”) processing your Personal Information on behalf of a third party that has collected such data from you, and such third party is the party that has the right to determine the purposes for which it will process your Personal Information and the means it will use to process your Personal Information (the “Data Controller”), then such Data Controller has the legal obligation to ask for your explicit consent to process your sensitive Personal Information (including health data), and we are not responsible for obtaining such consent from you. In such a scenario, the Data Controller may have their own, separate policies regarding the use and disclosure of your Personal Information, including any sensitive Personal Information you provide to such Data Controller. In such a scenario, this Privacy Policy does not apply to, we cannot control the activities of, and we are not responsible for the activities of the applicable Data Controller generally; this Privacy Policy only applies to our processing of your Personal Information that we, as a Data Processor, have been asked to process on behalf of the applicable Data Controller. We encourage you to review such Data Controller’s privacy policy and/or contact the applicable Data Controller for more information about the policies that apply to their use and disclosure of your Personal Information, including any sensitive Personal Information
HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:
PROVIDE AND MAINTAIN THE SERVICES:
We use the information we collect to deliver the Services to you and honor our Terms of Use for each Service or business contract with you. For example:
- to administer, operate, maintain and secure our Services;
- to monitor and analyze trends, usage and activities in connection with our Services;
- to calculate metrics in the Mobile Appl;
- for accounting, recordkeeping, backup and administrative purposes;
- to customize and improve the content of our communications, websites and social media accounts;
- to provide customer service and support, service requests sent through the platform, requesting feedback, surveys, requesting testimonials about the Services;
- to communicate with you, including responding to your comments, questions and requests regarding our Services; and
- to process and complete transactions, and send you related information, including alerts and notifications about your service, purchase confirmations and invoices; and
- to educate and train our workforce in data protection and customer support.
IMPROVE, PERSONALIZE, AND DEVELOP THE SERVICES:
- We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys and develop new features and Services.
- We may use the information collected about you and your use of the Services to provide you with generalized health and wellness notifications and information that may be of interest to you.
COMMUNICATE WITH YOU:
- We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in as well as request feedback, user surveys, and testimonials. You can control marketing communications and most Service notifications by using your notification preferences in account settings or via the “Unsubscribe” link in an email or sending an email to Opt-Out@journeysmetabolic.com.
- We may also contact you to provide feedback on the Service such as taking surveys or providing testimonials.
CONNECTING YOU TO OTHERS’ PRODUCTS AND SERVICES:
- We also may use the information we collect about you and your use of our Services to provide you with targeted, personalized advertising and promotional information about offers, services or products of third parties that may be of interest to you. We do not share your Personal Information with third parties in connection with this targeted advertising and promotion (although you may choose to share your information with such third parties if you choose to access the third party’s website, click on the link in an advertisement, contact the third party in regards to the offer or otherwise communicate with the applicable third party whose products or services are being promoted).
- Additionally, if you ask us to share your information with a third party provider of products or services, we may transmit information about you to such third party provider and otherwise facilitate your direct communications with such third party providers through our Services or through other communications channels with the third party provider. For example, you may choose to use the Services to associate and connect with an organization (such as in the case of researchers, public health initiatives, healthcare organizations, employers, etc.) in which case we will provide your information to that organization.
- You may opt out of any of the above services provided in this section by sending an email to Opt-Out@journeysmetabolic.com
PROMOTE SAFETY AND SECURITY:
We use the information we collect to promote the safety and security of the Services, our users and other parties. For example, we may use the information:
- to authenticate users;
- to facilitate secure payments;
- to respond to a legal request or claim, conduct audits, and enforce our terms and policies;
- to investigate and protect against fraud, malicious or unauthorized access, and other illegal activities; and
- to demonstrate and verify compliance with our internal policies and procedures, and applicable privacy and data security laws and regulations, such as HIPAA and the California Consumer Privacy Act of 2018 (“CCPA”).
AUTOMATED INDIVIDUAL DECISION-MAKING (PROFILING):
We may create profiles to analyze or predict your health outcomes, personal preferences, interests and behavior. However, we do not make any decision about you that would have legal consequences or similarly significant affects for you based solely on automated decision-making, including the use of such profiles.
USE AND DISCLOSURE OF DE-IDENTIFIED INFORMATION
“De-identified” means that we have removed, or rendered unreadable through complex computational algorithms, your personally-identifiable information, such as your name, address, or birthdate. We may use de-identified information that we have obtained from our Services for various purposes, including for example:
• In accordance with regulatory requirements, we may de-identify, store and use your information for internal quality control, validation and research and development. This is important for Company to maintain high quality Services. We may use de-identified information as permitted by law.
• We may use or disclose de-identified information for general research and communications purposes. This may include analysis of this information to communicate observations and learnings, for example in the case of aggregated data. This may also include research collaborations with third parties, such as universities, hospitals or laboratories, in which we utilize de-identified clinical cases, at the individual level or in the aggregate, in accordance with our study protocols, and we may present or publish such information. This may also include commercial collaborations with private companies for purposes such as to determine the prevalence of particular disorders or variants among the patients we have tested, or to determine whether any of the patients we have tested might be suitable for potential recruitment for research, clinical trials, or clinical care.
We use cookies and similar technologies for the purposes described above. For more information, please read our Cookie Policy.
For Personal Information subject to the CCPA, we rely on several legal bases to process the data. These include when you have given your consent, which you may withdraw at any time using your account settings and/or other tools; when the processing is necessary to perform a contract with you, like the Terms of Use: and our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described above.
HOW WE SHARE YOUR INFORMATION
We do not share your Personal Information except in the limited circumstances described below:
TO YOUR EHR:
- If you are using our Services through an access code provided by your health care provider, your HIPAA Authorization permits us to share certain information and have access to your EHR in order to facilitate the Services we provide to you. We will comply with HIPAA through a Business Associate Agreement we signed with your health care provider and your HIPAA Authorization.
- You acknowledge and consent to our recording of certain information you disclose to us to your EHR. Information disclosed to your EHR is accessible to medical providers and all other service providers that you have granted EHR access to.
WHEN YOU AGREE OR DIRECT US TO SHARE:
- You may direct us to disclose your information to others, such as when you use our social features in our Mobile Apps or as described in the section above titled “Connecting You to Others’ Products and Services”. For certain information, you may change your privacy preferences in account settings and use other provided tools to control how your information is visible to other users of the Services.
- You may also authorize us to share your information with others, for example, with a third-party application when you give it access to your account, or with your employer company or other organizations and provide consent to each organization. Remember that their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with third party applications or employee wellness programs using your account settings.
FOR EXTERNAL PROCESSING:
We transfer information to our corporate affiliates, service providers and other partners who process it for us, based on our instructions and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research and surveys.
FOR LEGAL REASONS OR TO PREVENT HARM:
- We may preserve or disclose information about you to comply with a law, regulation, legal process or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect or investigate illegal activity, fraud, abuse, violations of our terms or threats to the security of the Services or the physical safety of any person.
- Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
- We may share Non-Personal Information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about exercise and activity, to partners under agreement with us or as part of the community benchmarking information we provide to users of our subscription services.
IN CONNECTION WITH A MERGER, ACQUISITION OR SALE OF OUR ASSETS: We may disclose your Personal Information to a buyer or other successor to our business in the event of a sale of equity or assets, reorganization, merger or a similar corporate transaction and any due diligence review with respect to any such proposed transaction. If we are involved in such a transaction or related due diligence activities, we will continue to take measures to protect the confidentiality of Personal Information and give affected users notice for the transferring of any Personal Information to a new entity.
NO SALES OF PERSONAL INFORMATION
We do not sell your Personal Information to third parties (within the meaning provided in the CCPA and will not do so in the future without separately obtaining your prior express consent.
YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION
You can access and control your Personal Information via account settings and/or our tools we provide to you, regardless of where you live.
REQUEST TO KNOW AND REQUEST TO DELETE
Subject to certain exceptions set forth under the CCPA, you have a right to request that we disclose to you (and, if requested, to receive a portable copy of) the Personal Information about you that we collect, use, disclose and sell to third parties (a “Request to Know”), and you have a right to request that we delete your Personal Information that we have collected or that we maintain (a “Request to Delete”). You may submit a Request to Know or Request to Delete by contacting us at our toll free telephone number, 1-833-732-3688, by emailing us at jmsupport@journeysmetabolic.com , or by logging in to your password-protected account on the Site or the Mobile App and accessing the self-service portal we have provided for you there. You can access the self-service portal by going to the app settings section located within the profile section of the app and selecting the account deletion option from the list of items.
Upon receipt of your Request to Know or Request to Delete, we will take steps to verify your identity in order to confirm that the person making the request is actually the person about whom we have collected Personal Information (that the “you” making the request is actually you). We verify such requests by asking users to log in to their existing password-protected accounts on the Site or the Mobile App and re-authenticate themselves by re-entering their username and password. If you choose to submit your Request to Know or Request to Delete using the telephone number or webform described above, we will respond (for verification purposes) by providing detailed instructions directing you to log in to your existing password-protected account on the Site or the Mobile App, access the self-service portal we have provided for you there (as described above), and re-authenticate yourself by re-entering your username and password. If you choose to submit your Request to Know or Request to Delete by logging in to your password-protected account on the Site or the Mobile App and accessing the self-service portal we have provided for you there (as described above), then for verification purposes we will ask you to re-authenticate yourself by re-entering your username and password.
If you have submitted a verified Request to Delete, please note that while most of your information will be deleted within 14 days, it may take up to 90 days to delete all of your information, such as the data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the How We Share Your Information section.
You may also designate an authorized agent to make a Request to Know or Request to Delete on your behalf. To designate an authorized agent to act on your behalf in this manner, you or your authorized agent must submit verifiable proof (acceptable to us, acting in our reasonable discretion) that either (1) such agent has actually been authorized in writing to act on your behalf, or (2) you have provided the authorized agent with power of attorney pursuant to the applicable laws in your jurisdiction. You may submit such proof by e-mailing us jmsupport@journeysmetabolic.com . If a duly-designated authorized agent makes a Request to Know or Request to Delete on your behalf, we will still require you to verify your own identity using the process described above, unless you have submitted verifiable proof to us that you have provided the authorized agent with power of attorney (in which case your submission to us of verifiable proof that you have provided the authorized agent with power of attorney, as described above, will serve as the required verification of your identity for purposes of processing the Request to Know or Request to Delete).
ADDITIONAL RIGHTS
In certain circumstances, you have a right under the law not to receive differential treatment by us as a result of your choice to exercise rights with respect to your Personal Information that are granted to you under applicable law. Our treatment of you would be differential (and therefore prohibited by applicable law) if we treat you differently because you exercised a right with respect to your Personal Information that is granted to you under applicable law, subject to certain exceptions. For more information, you should consult the privacy laws, rules and regulations that are applicable in your jurisdiction.
Changes to Privacy Policy. If we are using your Personal Information on the basis of your consent, and we change our Privacy Policy to permit any use or disclosure of your Personal Information that is materially different than the uses for which it was originally collected or subsequently authorized by you, we will obtain your consent before we make such further uses of your Personal Information.
Further Assistance. If you need further assistance regarding your rights, please contact our Customer Service at jmsupport@journeysmetabolic.com and we will consider your request in accordance with applicable laws.