Grit Privacy Policy

GRIT PRIVACY POLICY
Last Updated: 4/24/2024

Grit Digital Health LLC (“Grit,” “we,” “us,” or “our”) respects your privacy and understands the importance of protecting the Personal Information we collect from and about individuals. We have created this privacy policy (“Privacy Policy”) to explain the categories and sources of Personal Information that we collect on our websites that include a link to this Privacy Policy, including gritdigitalhealth.com (the “Websites”); when you use our products that include a copy or provide a link to this Privacy Policy, including You at College, Man Therapy, Nod, YOU Staff & Faculty, YOU at Work, Operation Veteran Strong and their associated mobile applications (collectively, our “Products”); when you use the services offered by Grit through our Products and Websites (our “Services”); or when you interact with us over phone or email. Together, our Websites, Products, Services, and any other way you communicate with us is our “Platform.” Please note, this Privacy Policy does not apply to Personal Information collected, stored, disclosed or otherwise processed by our affiliates or subsidiaries for their own purposes, including, without limitation, Cactus, Inc. For information about how our affiliates or subsidiaries collect, store, disclose or otherwise process Personal Information for their own purposes, please refer to their applicable privacy policy.

PLEASE READ THIS PRIVACY POLICY CAREFULLY. WE MAY MODIFY THIS POLICY AT ANY TIME. ALL CHANGES WILL BE EFFECTIVE IMMEDIATELY UPON POSTING TO THE SITE. MATERIAL CHANGES WILL BE CONSPICUOUSLY POSTED ON THE SITE OR OTHERWISE COMMUNICATED TO YOU.

IF YOU ARE A RESIDENT OF COLORADO, PLEASE SEE THE “YOUR PRIVACY RIGHTS” SECTION AT THE BOTTOM OF THIS POLICY FOR ADDITIONAL TERMS THAT MAY APPLY TO YOU.

1. What is Personal Information?

Grit collects Personal Information that you provide to us or one of our service providers when you use the Platform. “Personal Information” is information that, alone or in combination with other information, could be used to identify you or your household (“Personal Information”).

We may collect other information about users whenever they interact with our Platform that is anonymized or otherwise are not associated with a specific individual. Depending on how you use our Products, this may include the device type, login session durations, task or activity completion, activity rating, and anonymized responses to product assessments of mood/loneliness/motivation. Where these data points (i.e., usage information), are not stored or connected to your Personal Information, they are viewed as aggregate and de-identified data and are not subject to this Privacy Policy unless otherwise required by applicable law.

2. Categories of Personal Information We Collect:

We may collect the following categories of Personal Information when you visit our Platform, purchase products from our Platform or otherwise communicate with us. You may provide us with this information, or we may collect it through tracking technologies enabled on the Platform.

a) Identifiers

    • Examples: Name, email address, government- and school-issued IDs, user ID, your photograph, IP address, and any other information you elect to provide in response to questions and assessments available through our Products.
    • Retention Period: We retain this information for so long as you maintain an account with us; while we maintain a relationship with you; and for so long as required for any other business or legal purpose.

b) Sensitive Data

    • Examples: Religious information, sexual orientation, racial or ethnic information, or mental or physical health conditions, and any other information you elect to provide in response to questions and assessments available through our Products.
    • Retention Period: We may retain your Sensitive Data for so long as you maintain an account with us; while we maintain relationship with you; and for so long as required for any other business or legal purpose.

c) Education Information

    • Examples: Education related information, including information you elect to provide in response to questions and assessments available through our Products.
    • Retention Period: We retain this information for so long as you maintain an account with us; while we maintain a relationship with you; and for so long as required for any other business or legal purpose.

d) Internet Activity

    • Examples: Internet or other electronic network activity information, including the websites you visit before or after you visit the Platform, online ads you view before coming to the Platform, the date and time you visited our Platform; search history, keyboard strokes, mouse movements and clicks, scrolling, text input, page loading time and errors, information regarding your interactions, online identifiers like a customer or cookie ID, browser type, your internet service provider, operating system, application, or advertisement.
    • Retention Period: We retain this information for so long as you maintain an account with us; while we maintain a relationship with you; and for so long as required for any other business or legal purpose.

e) Employment Information

    • Examples: Professional or employment-related information that you may provide in assessments available through our products, or when you apply for jobs with us.
    • Retention Period: We retain this information for so long as you maintain an account with us; while we maintain a relationship with you; and for so long as required for any other business or legal purpose.

f) Inferences Drawn from Other Personal Information

    • Examples: Inferences drawn from the categories of Personal Information we collect are used to create a profile about your consumer preferences and purchasing tendencies.
    • Retention Period: We retain this information for so long as you maintain an account with us; while we maintain a relationship with you; and for so long as required for any other business or legal purpose.

g) FERPA Data

Some of our Products may collect information that is protected under the Family Educational Rights and Privacy Act (“FERPA”). In accordance with FERPA authorization, except for your school-issued login credentials you use to login to these Products through the single sign-on feature described below, we may collect your self-reported Personal Information that is subject to FERPA (“FERPA Personal Information”) through your use of these Products. Our collection of this FERPA Personal Information is authorized via partnership with your school and your FERPA Personal Information will only be used by us as authorized by your school. A school may be defined as a participating higher education entity that has authorized the use of these Products for its student body.

  1. INFORMATION WE COLLECT THROUGH THIRD PARTY SOURCES

We may receive your Personal Information from third parties, including your school or employer (depending on which Products you use), our business partners and third parties we collaborate with on the development and operation of our Products and Services, social media sites, ad networks and analytics providers. We may also receive your Personal Information from others that refer you to our Platform.

a) Service Providers

    • Purpose of Collection and Use: Marketing
    • Examples: We may use third-parties or service providers to deliver marketing communications to you.
    • Category: Identifiers, Internet Activity, Inferences Drawn from other Personal Information

b) Analytics Providers, Marketing Providers

    • Purpose of Collection and Use: Business Purposes, Platform Analytics, Marketing and Advertising
    • Examples: We use third-parties or service providers to help us understand the Platform’s demographics and user preferences, and to evaluate the Platform’s operations. We also use third parties to conduct marketing and targeted advertising, promote and implement events, and allow you sign up for our marketing emails. We also receive Personal Information from third parties that provide us with contact lists compiled by those third parties, such as trade show attendee lists and contact lists sold or made available by data aggregators.
    • Category: Identifiers, Internet Activity, Commercial Information, Inferences Drawn from other Personal Information

c) Single Sign-On Providers

    • Purpose of Collection and Use: Account Maintenance and Customer Service
    • Examples:
      1. School Single Sign-On: Some of our Products may offer the ability for you to register and sign-in through a school-issued credential or by using a username or password. In these instances, you will either follow the single sign-on steps to log in through your school-issued credentials, or you will be asked to set up a username and password, depending on the approach your school elected to adopt. In either case, we ensure the same data security and privacy standards for the data you provide.
      2. Third Party Single Sign-On Providers – Google and Facebook: Some of our Products may offer the ability for you to register and sign in using your Google or Facebook Accounts. As with single sign-on for school-based logins, this option only gathers the minimum data necessary to create a user within the applicable Product(s). These Products will store and utilize the following attributes: first name, last name, email address, and unique ID in order to create your user record. Your Google or Facebook data (as applicable) will not be sold, redisclosed, or edited through this process. We only collect the above noted data, regardless of other data you may have allowed for public consumption. Access to this registration and sign-in option may be limited by which Product(s) you access or having a compatible device/operating system that meets Google or Facebook requirements. By using a third-party single sign-on provider’s single sign-on service, that company will know that you are signing into our Products and that you are a user of our Products.
    • Category: Identifiers, Internet Activity, Inferences Drawn from other Personal Information

d) Information Collected in Connection with Research and Evaluation Studies

    • Purpose of Collection and Use: From time to time, you may be invited to participate in a research and evaluation study that includes the use of Personal Information we have collected about you and may involve the collection of additional Personal Information from you in connection with such research and evaluation study. Prior to releasing or otherwise using your Personal Information in connection with any such research and evaluation study, we will ensure that you: (1) have received and accepted an invitation to participate in such research and evaluation study; and (2) have agreed to any additional terms and conditions applicable to such research and evaluation study. Without limiting the foregoing, where any research study includes the use of any FERPA Personal Information, we will only release FERPA Personal Information for approved research, authorized by your school, to your school or partners your school authorizes.
      1. Please note, as otherwise described in this Privacy Policy, the foregoing only applies to research and evaluation studies that utilize your Personal Information and does not apply to any research and evaluation study conducted utilizing aggregated, de-identified or otherwise anonymized information.
    • Category: Identifiers, Sensitive Data, Education Information
  1. INFORMATION WE AUTOMATICALLY COLLECT THROUGH THE USE OF TECHNOLOGY

We use technology to automatically collect certain Personal Information when you visit our Platform. For example, we may collect information such as the websites you visit before or after you visit the Platform, online advertisements presented to you before visiting the Platform, pages you click-on on the Platform, your IP address, location information, keyboard activity, search requests, browser type, operating system, data and time you visit the Platform, the amount of time spent on the Platform, and the device you use to access the Platform. We do not use this information to identify or contact individual users.

Account Activity. We may collect data about how you use (i) your online account, and (ii) the Platform when you are logged into your account. For example, if you use the Platform while signed into your account, we will collect information on how you use your account and the Platform.

Cookies & Other Tracking Technologies. We use cookies and other tracking technologies when you use our Platform. A cookie is a small text file that our Platform saves onto your computer or device when you use the Platform that allows the Platform to remember your actions and preferences and recognize you or your browser. Web beacons or pixel tags are small graphics on a webpage that monitor your activity when viewing a webpage (together with cookies, “Cookies”). The Platform may use both Cookies that we implement and Cookies implemented by third-parties. To learn more about how we use Cookies and your options to limit the data collected from our Platform, see Your Consumer Data Choices in Section 7 below.

  1. PURPOSES FOR COLLECTING AND USING YOUR PERSONAL INFORMATION

Below, we explain the purposes for which we collect your Personal Information and the entities with whom we disclose your Personal Information.

We do not sell your Personal Information to third parties.Grit uses the Personal Information we collect for the following purposes:

a) To Communicate with You and Provide Customer Service

    • Activities Related to the Purpose: To respond to your questions via email, our online webforms, or your account; to notify you of changes to our Terms or this Privacy Policy; to keep your information current; to provide customer service; and as you request or consent.
    • Categories of Personal Information Collected to achieve the Purpose: Identifiers, Internet Activity.
    • Entities to Whom the Personal Information is Disclosed: professional advisors, email service providers.
    • Categories of Personal Information Disclosed: Identifiers, Internet Activity.
    • Categories of Personal Information Used for Targeted Advertising: Not applicable.

b) Online Account Creation and Maintenance

    • Activities Related to the Purpose: To create an account; to maintain your password; and maintain your account settings.
    • Categories of Personal Information Collected to achieve the Purpose: Identifiers, Internet Activity.
    • Entities to Whom the Personal Information is Disclosed: our website hosting service provider.
    • Categories of Personal Information Disclosed: Identifiers, Internet Activity.
    • Categories of Personal Information Used for Targeted Advertising: Not applicable.

c) To Facilitate Your Use of the Platform

    • Activities Related to the Purpose: To operate the Platform to improve your experience when you use the Platform; to send you administrative emails, tips, reminders, and notifications; to evaluate user needs and customize Platform content and your experience; to secure the Platform; to operate and troubleshoot problems with the Platform.
    • Categories of Personal Information Collected to Achieve the Purpose: Identifiers, Sensitive Data, Employment Information, Education Information, Internet Activity.
    • Entities to Whom the Personal Information is Disclosed: service providers, affiliated companies, business partners, third-party advertising partners.
    • Categories of Personal Information Disclosed: Identifiers, Internet Activity.
    • Categories of Personal Information Used for Targeted Advertising: Identifiers, Internet Activity, Commercial Information, Inferences Drawn from other Personal Information.

d) To Perform Platform Analytics and Improve Our Products and the Platform

    • Activities Related to the Purpose: To conduct statistical and other analyses of the Platform; to notify you of new features of our Platform; to develop and improve our Websites, mobile apps, Products, and Services; to inform you of marketing and communication plans and strategies; to choose what products we offer, offer you new products, and to predict trends with regard to our products.
    • Categories of Personal Information Collected to Achieve the Purpose: Identifiers, Sensitive Data, Internet Activity, Inferences Drawn from other Personal Information.
    • Entities to Whom the Personal Information is Disclosed: Market research service providers; our website hosting service provider, website analytics providers, website design and testing service provider.
    • Categories of Personal Information Disclosed: Internet Activity.
    • Categories of Personal Information Used for Targeted Advertising: Identifiers, Internet Activity, Commercial Information, Inferences Drawn from other Personal Information.

e) To Serve You Advertising and Marketing Communications

    • Activities Related to the Purpose: To serve targeted advertising to you about our products we believe may be of interest to you; to develop our marketing materials; to communicate with you about our products; to administer contests, promotions, events and surveys; to notify you of our new products, App features, and programs; to customize content and to improve our ability to contact you; to enhance our marketing capabilities, and to inform marketing our communication plans and strategies.
    • Categories of Personal Information Collected to Achieve the Purpose: Identifiers, Internet Activity, Inferences Drawn from other Personal Information.
    • Entities to Whom the Personal Information is Disclosed: marketing service providers, email marketing service providers, sweepstakes hosting provider.
    • Categories of Personal Information Disclosed: Identifiers, Commercial Information, Internet Activity, Inferences Drawn from other Personal Information.
    • Categories of Personal Information Used for Targeted Advertising: Identifiers, Internet Activity, Commercial Information, Inferences Drawn from other Personal Information.

f) Your Educational Institution and for Research Purposes

    • Activities Related to the Purpose: We may share Personal Information through some of our Products with your educational institution. We or educational institutions may view and use your Personal Information for research purposes with your consent, if necessary.
    • Categories of Personal Information Collected to Achieve the Purpose: Identifiers, Sensitive Data, Internet Activity, Inferences Drawn from other Personal Information.
    • Entities to Whom the Personal Information is Disclosed: marketing service providers, email marketing service providers.
    • Categories of Personal Information Disclosed: Identifiers, Sensitive Data, Internet Activity, Inferences Drawn from other Personal Information.
    • Categories of Personal Information Used for Targeted Advertising: Identifiers, Internet Activity, Commercial Information, Inferences Drawn from other Personal Information.

g) Joint Collaboration Products

    • Activities Related to the Purpose: Certain Products are developed in collaboration with and may be jointly owned and operated by Grit and a third party (“Joint Collaboration Products”). The Personal Information collected, if any, through and in connection with your use of any Joint Collaboration Products will be collected, stored, used and disclosed in accordance with the privacy policy specific to such Joint Collaboration Product as well as by Grit as described in this Privacy Policy and by such other third party in accordance with its privacy policy. Our current Joint Collaboration Products are:
      1. You at Your Best, which is a joint collaboration between, and jointly owned by, Grit and Wellpower. For information about Wellpower’s practices with respect to their collection and use of your Personal Information, please review their privacy policy available at https://wellpower.org/privacy-policy/.
      2. The Collective, which is a joint collaboration between, and jointly owned by, Grit and Wellpower. For information about Wellpower’s practices with respect to their collection and use of your Personal Information, please review their privacy policy available at https://wellpower.org/privacy-policy.
    • Categories of Personal Information Collected to Achieve the Purpose: Identifiers, Sensitive Data, Internet Activity, Inferences Drawn from other Personal Information.
    • Entities to Whom the Personal Information is Disclosed: joint collaborators.
    • Categories of Personal Information Disclosed: Identifiers, Sensitive Data, Internet Activity, Employment Information, Education Information, Inferences Drawn from other Personal Information.
    • Categories of Personal Information Used for Targeted Advertising: Identifiers, Internet Activity, Commercial Information, Employment Information, Education Information, Inferences Drawn from other Personal Information.

h) To Protect Our Legal Rights and the Rights of Third Parties

    • Activities Related to the Purpose: To protect our legal rights or interests, or those of third parties, including to bring a legal action against you or anyone who may be causing harm to us, the Platform, or other users of the Platform; to respond to a subpoena or government inquiry, to seek business, financial or legal advice; and to respond to subpoenas, court orders and other legal processes.
    • Categories of Personal Information Collected to Achieve the Purpose: Identifiers, Internet Activity, Employment Information, Education Information.
    • Entities to Whom the Personal Information is Disclosed: professional advisors, law enforcement.
    • Categories of Personal Information Disclosed: Identifiers, Sensitive Data, Internet Activity, Employment Information, Education Information.
    • Categories of Personal Information Used for Targeted Advertising: Not applicable.

i) Business Purposes

    • Activities Related to the Purpose: To inform our business strategies; to understand the Platform’s demographics and user preferences; to evaluate job applications; to provide data processing services; to facilitate transactions; to provide public relations services; to seek business, financial or legal advice; to complete a business transaction; and to manage profiles.
    • Categories of Personal Information Collected to Achieve the Purpose: Identifiers, Sensitive Data, Internet Activity, Employment Information, Education Information.
    • Entities to Whom the Personal Information is Disclosed: our website hosting service provider, parties to business transactions, professional advisors.
    • Categories of Personal Information Disclosed: Identifiers, Sensitive Data, Internet Activity, Employment Information, Education Information.
    • Categories of Personal Information Used for Targeted Advertising: Not applicable.

j) Receive and Review Your Qualifications When You Submit a Job Application

    • Activities Related to the Purpose: To enable you to fill out our job application and submit application materials; to enable email communications; and to process and track job applications.
    • Categories of Personal Information Collected to Achieve the Purpose: Identifiers, Sensitive Data, Employment Information, Education Information.
    • Entities to Whom the Personal Information is Disclosed: hosted email and project management providers.
    • Categories of Personal Information Disclosed: Identifiers, Sensitive Data, Employment Information, Education Information.
    • Categories of Personal Information Used for Targeted Advertising: Not Applicable.
  1. ADDITIONAL INFORMATION ABOUT OUR PRIVACY PRACTICES SECURITY

Grit uses commercially reasonable efforts to protect your Personal Information. Grit and its third-party service providers have implemented security measures to help protect against the risk of loss, misuse or alteration appropriate to the type of Personal Information under Grit’s control.

WHILE WE STRIVE TO PROTECT PERSONAL INFORMATION, WE DO NOT GUARANTEE THE SECURITY OF PERSONAL INFORMATION AND YOU PROVIDE PERSONAL INFORMATION AT YOUR OWN RISK.

SERVICE PROVIDERS

We engage third parties to provide services to us, such as hosting our Platform, providing services related to the communications we send, processing payments and other services necessary to provide, operate, evaluate and improve our Platform (“Service Providers”). As described above, we may disclose your Personal Information to Service Providers where that Personal Information is relevant to the services that Services Provider provides to us, however, we limit the Personal Information we disclose to them and authorize them to use that Personal Information only for the purpose of performing those Services, including, without limitation, prohibiting Service Providers that merely store Personal Information on our behalf, such as our website hosting Service Providers, from access that Personal Information. Our Service Providers include, among others, the following third parties:

  • SendGrid, an email service provider that provides services that we use to send out automated emails from our Platform, such as registration and welcome messages, basic notifications and password resets. To learn more about how SendGrid protects your Personal Information, see their privacy policy, available at https://www.twilio.com/legal/privacy.
  • Salesforce, a customer relationship management service that provides services to us that we use to manage our relationships with our customers. To learn more about how Salesforce protects your Personal Information, see their privacy information, available at https://www.salesforce.com/company/privacy/.
  • Stripe, a payment processor that provides services to us that we use to process payments made to us. To learn more about how Stripe protects your Personal Information, see their privacy policy, available at https://stripe.com/privacy.

THIRD-PARTY WEBSITES

This Privacy Policy applies only to the Platform and our collection and use of Personal Information through the Platform, and not to the collection of your Personal Information by third parties. We may provide links to other websites which we believe may be of interest to our visitors. However, due to the nature of the internet, we cannot guarantee the privacy standards of websites to which we link or be responsible for the contents of sites other than this one, and this Privacy Policy is not intended to be applicable to any linked, websites, mobile applications or other online services.

Some users access our Platform via a webpage that is hosted by the user’s individual school, college or university (“School Product”). We do not control the content or links that appear on these School Products and are not responsible for the practices employed by School Products. In addition, School Products and services each have their own privacy policies and customer service policies. Browsing and interaction on any other School Product is subject to that School Product’s own terms and policies

SOCIAL MEDIA WEBSITES

Grit participates in social media platforms such as Facebook, Twitter, Instagram, LinkedIn, Vimeo and YouTube (“Social Media”) that enable online sharing and collaboration among customers. This Platform may allow you to connect to and share information with these various social media platforms. These features may require us to implement Cookies, plug-ins, and application protocol interfaces (APIs) provided by those Social Media platforms to facilitate those communications and features.

By choosing to use any third-party social media platform or choosing to share content or communications with any social media platform, you are providing information that may be collected, used, disclosed, and stored by the designated social media platform. We cannot control any policies or terms of any third-party platforms. Your use of Social Media is governed by the privacy policies and terms of the third parties that own and operate those websites and not by this Policy. We encourage you to review those policies and terms. As a result, we cannot be responsible for any use of your information or content you post, share or communicate on or through a third-party platform, which you do at your own risk.

We use the YouTube application programming interface (API) services to allow you to access YouTube content from our Platform. Your use of YouTube is governed by YouTube’s Terms of Service and Privacy Policy and not by our Terms of Use or Privacy Policy. We encourage you to read the YouTube Terms of Service and Privacy Policy which are available on its website at https://www.youtube.com/t/terms.

We use the Vimeo application programming interface (API) services to allow you to access Vimeo content from our Platform. Your use of Vimeo is governed by the Vimeo Terms of Service and Privacy Policy and not by our Terms of Use or Privacy Policy. We encourage you to read the Vimeo Terms of Service, available on its website at https://vimeo.com/terms, and the Vimeo Privacy Policy, available on its website at https://vimeo.com/privacy.

ACCESS BY CHILDREN

The Platform is intended for individuals 18 years of age and older and individuals at least 16 years old but younger than 18 years of age (or the age of majority if higher in their place of residence) and have permission from their parent or legal guardian to access the Platform. If you do not meet one of these requirements, you may not access, attempt to access, or use our Platform.

Without limiting the foregoing, the Platform is not directed at, marketed to, nor intended for children under the age of 13 and we do not intentionally collect any information from or about children under the age of 13. If you believe a child under 13 years of age has provided us with information, contact us at support@gritdigitalhealth.com. If we learn that any information was provided through the Product by a person younger than 13 years of age, we will delete the information immediately.

ACCESS FROM OUTSIDE THE UNITED STATES

By providing Personal Information to us, you understand and consent to the collection and processing of your Personal Information in the United States, regardless that certain governmental authorities may not consider the level of protection of Personal Information in the United States to be equivalent to that required by the European Union or other jurisdictions.

7. YOUR CONSUMER DATA CHOICES

Cookies

Most browsers automatically accept Cookies. You can disable this function by changing your browser settings but disabling Cookies may impact your use and enjoyment of the Platform. You cannot disable all Cookies, as some Cookies are essential to the functioning of the Platform. You can manually delete persistent Cookies, or Cookies that track your activity across websites, through your browser settings.

To change your preferences with respect to certain online ads and to obtain more information about third-party ad networks and online behavioral advertising, visit National Advertising Initiative Consumer opt-out page or the Digital Advertising Alliance Self-Regulatory Program. Changing your settings with individual browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt-outs you request, you may still see our ads.

We describe below some of the tools we use on our Platform to collect information, including Personal Information for Targeted Advertising and Analytics and the and options for those tools provide to you to limit the use of opt-out of remarketing or analytics for those tools.

Analytics

The Platform uses third-party analytics tools, including those listed below.

Mixpanel, is a web analytics service used to collect Platform engagement data unique to Grit Services. Mixpanel will cookie your computer or mobile device to help identify unidentified visits to logged out sections of Grit Services. Should you register an account on a Grit Service, and not all Grit Services allow for account creation, Mixpanel will also receive a unique identifier associated with your account meant to enable anonymous analysis of Platform engagement. Information you provide to create your account (first name, last name, email address, password, and external unique IDs) will never be stored in Mixpanel. Anonymous aggregate information gathered by Mixpanel may be used by Grit or your Institution for analysis of Platform utilization. For more information on Mixpanel’s Privacy Policy, please visit https://mixpanel.com/legal/privacy-policy.

Applicable Products/Sites: YOU for Students, YOU for Staff & Faculty YOU at Work, YOU Responder Strong, YOU Operation Veteran Strong, YOU Serve Strong, Nod, YOU at Your Best, The Collective, Man Therapy, and HelpCompass.

Keen, is a web analytics service used to collect Platform engagement data unique to Grit Services. Similar to Mixpanel, Keen analytics will generate session IDs to identify unidentified visits to logged out sections of Grit Services. Should you register an account on a Grit Service, Keen will also receive a unique identifier associated with your account meant to enable anonymous analysis of Platform engagement. Information you provide to create your account (first name, last name, email address, password, and external unique IDs) will never be stored in Keen. Anonymous aggregate information gathered by Keen may be used by Grit or your Institution for analysis of Platform utilization. For more information on Keen’s Privacy Policy, please visit https://keen.io/privacy-policy.

Applicable Products/Sites: YOU for Students, YOU for Staff & Faculty, YOU at Work, YOU Responder Strong, YOU Operation Veteran Strong, YOU Serve Strong, Nod, YOU at Your Best, The Collective, and HelpCompass

Google Analytics, a web analytics service provided by Google, Inc. (“Google”), which we use to assist us in understanding how our Platform is used. Google Analytics, Google Tag Manager, and DoubleClick. These applications will place Cookies on your computer or mobile device that will generate information that we select about your use of the Platform, including your computer’s or mobile device’s IP address. That information will be transmitted to and stored by Google. The information will be used for the purpose of evaluating use of the Platform, compiling reports on Platform activity for our use, and providing other services relating to Platform activity and usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. You may refuse the use of Cookies by selecting the appropriate settings on your browser. Please note that by doing so, you may not be able to use the full functionality of our Platform. The use of Cookies by Google Analytics is covered by Google’s Privacy Policy, available at: https://policies.google.com/privacy. Google allows you to opt out of Google Analytics. You may opt out by visiting https://tools.google.com/dlpage/gaoptout?hl+en=GB.

Applicable Products/Sites: Man Therapy, YOU Responder Strong, YOU Operation Veteran Strong, YOU at Your Best, The Collective, youatcollege.com, heynod.com, and gritdigitalhealth.com

Google Tag Manager (“GTM”) is a tag management system that allows JavaScript and HTML tags to be quickly deployed and updated on portions of our Platform for tracking and analytics. We use GTM on our Websites to include Google Analytics. If you have opted out of Google Analytics, GTM takes this opt-out into account. For more information about GTM’s privacy practices, please refer to https://policies.google.com/privacy/ and the terms of use at https://www.google.com/analytics/tag-manager/use-policy.

Applicable Products/Sites: Man Therapy, YOU Operation Veteran Strong, YOU Responder Strong, youatcollege.com, heynod.com, and gritdigitalhealth.com

Advertising

Facebook Pixel, a Cookie placed by Facebook, enables us to measure the effectiveness of advertising campaigns served on Facebook. The information collected by that Cookie will be transmitted to and stored by Facebook. For more information about Facebook’s privacy practices, please refer to https://www.facebook.com/about/privacy/. To opt out, please see https://www.facebook.com/ads/preferences.

Applicable Products/Sites: Man Therapy, YOU Operation Veteran Strong, YOU Responder Strong

LinkedIn Insight Tag, a tracker placed by LinkedIn, enables us to measure the effectiveness of advertising campaigns served on LinkedIn. The information collected by that Cookie will be transmitted to and stored by LinkedIn. For more information about LinkedIn’s privacy practices, please refer to https://www.linkedin.com/legal/privacy-policy. To opt out you can update your advertising preference through your LinkedIn account. If you do not have a LinkedIn account, LinkedIn allows you to opt out of targeted advertising by visiting https://www.linkedin.com/psettings/guest-controls.

Applicable Products/Sites: youatcollege.com

Salesforce  uses first party cookies to help us gather information and execute our email marketing campaigns. Because these Cookies are not maintained by Salesforce, they do not send Salesforce any data.

Applicable Products/Sites: youatcollege.com, heynod.com, gritdigitalhealth.com, Man Therapy

Google Ads, an online advertising service provided by Google, to serve targeted advertisements on our behalf across the Internet and sometimes through direct communications with you. To opt out of remarketing advertising provided through Google, to customize your ad preferences, or to limit Google’s collection or use of this information, visit Google’s Safety Center, available at https://safety.google, and Google’s Ad Settings, available at https://myadcenter.google.com. Opting out will not affect your use of the Platform.

Applicable Products/Sites: Man Therapy, YOU Operation Veteran Strong, YOU Responder Strong, YOU at Your Best, youatcollege.com, and heynod.com,

Email Opt-Out.

By using some portions of our Platform, you may be consenting to be included in both system generated emails and our mailing list for promotional content.

If your registration resulted in joining our promotional mailing list, we may send you updates, news, and information about our services. If at any time you wish to stop receiving emails or mailings from us please send us an email to support@gritdigitalhealth.com with the phrase “Privacy Opt-out: Grit Mailings” in the subject line, or write to us at the address provided below, and we will remove you from our mailing list. Alternatively, for email communications, you may opt out of receiving such communications by following the unsubscribe instructions set forth at the bottom of most e-mail messages from us.

Please note that even if you do not sign up to receive email from us, we may send you important service announcements.

Shine the Light

Pursuant to California Civil Code Section 1798.83, if you are a California resident, you have the right to obtain: (a) a list of all third parties to whom we may have disclosed your personal information within the past year for direct marketing purposes, and (b) a description of the categories of personal information disclosed, by contacting us by email at support@gritdigitalhealth.com or by sending a letter to:

Grit Digital Health LLC
2128 15th Street
Denver, CO 80202

Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address or mail address.

8. CONTACT US

Email: support@gritdigitalhealth.com

Mail:

Grit Digital Health LLC
2128 15th Street
Denver, CO 80202

9. YOUR COLORADO PRIVACY RIGHTS: TERMS APPLICABLE TO COLORADO RESIDENTS ONLY

This section provides additional terms that apply to residents of the State of Colorado. In this section only, any capitalized terms not defined in this Privacy Policy have the meanings set forth in the Colorado Privacy Act (“CPA”). In the event of a conflict between this section and the remainder of this Privacy Policy, this section shall take precedence for Colorado residents only. Certain capitalized terms not defined in this Policy have the meanings set forth in the CPA.

Under the CPA, Colorado residents have the following additional rights regarding their Personal Information:

  • Right of Access. You have the right to know if we process your Personal Information and to access that Personal Information.
  • Right to Correct. You have the right to correct your Personal Information
  • Right to Delete. You have the right to delete your Personal Information.
  • Right to Portability. When exercising your right to access your Personal Information, you have the right to receive that data in a portable, readily usable format.
  • Right to Opt Out. You have the right to opt out of the processing of your Personal Information for the purposes of i) targeted advertising, ii) the sale of your Personal Information, or iii) profiling in furtherance of decisions that produce legal effects.
  • Right to Appeal. You have the right to appeal any adverse decision we make regarding your request to exercise your privacy rights.

How to Exercise Your Rights to Access, to Correct, and to Delete

Requests to Exercise your Rights. To exercise your rights to access, correct, or delete your Personal Information described in this section, you may submit your request to us by emailing us at support@gritdigitalhealth.com or sending a letter to:

Grit Digital Health LLC
2128 15th Street
Denver, CO 80202

We will respond to any initial request free of charge, however, if you submit a second or subsequent request within a 12-month period, we may require you to pay a fee covering the cost of responding to the request. We may also charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded.

Authenticated Consumer Request. In order to respond to your data rights request, we must be able to authenticate such requests. In order for us to authenticate your request to know, correct or delete, you must provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information, and you must describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it. We need you to provide your first and last name, and the linked email address(es) to us. Please note however, that we may request additional information as necessary to confirm your identity. If you have an account with us, you will be required to submit the request through your account.

Who May Exercise These Rights? You may only make a request to exercise your rights on behalf of yourself. A parent or legal guardian may make a request on behalf of their child.

When We Will Respond. We will try to respond to your request within 45 days of the date of receipt of the request. If we cannot verify your request within that 45-day time period, we may deny your request. If we require additional time to verify or respond to your request, we will inform you of the reason and extension period before the original 45-day response period ends. Any disclosures we provide will comply with your Right to Portability and will cover the 12-month period preceding our receipt of your request.

How to Exercise Your Request to Opt Out of Certain Processing Activities

You may direct us to cease processing your Personal Information for targeted advertising, sale of Personal Information, or profiling in furtherance of decisions that produce legal or similarly significant effects. To opt out of this processing of your Personal Information, please email us at support@gritdigitalhealth.com and indicate that you wish to opt out and provide your identifying information as requested.

If you do not have a Grit online account or if you are not logged into your account, your request to opt out of targeted advertising will be linked to your browser identifier only and not linked to any account information because the connection between your browser and the account is not known to us.

If you would like us to make the connection between your browser and your identity, please log into your account while using the GPC or submit an opt-out request through our webform, linked below.

You may submit your opt-out request by:

  • Emailing us at: support@gritdigitalhealth.com
  • Completing our webform at: https://wkf.ms/3yczFbC

Authorized Agents. You may authorize another person to act on your behalf to opt out of the processing of your Personal Information for one or more of the purposes described above by doing the following: (1) provide the authorized agent written permission to do so; and (2) verify your own identity (per the process stated above), as well as the identity of the authorized agent directly. We may deny a request from an authorized agent if we do not have proof that they are authorized by you to act on your behalf.

Please note that even if you opt out of the processing of your Personal Information, we may still: (1) use or share your Personal Information with service providers and other entities for business purposes consistent with the CPA, (2) share your Personal Information in connection with certain business transactions consistent with Section 3 above; and (3) send you marketing communications.

Colorado Appeals Process

Right to Appeal. If you disagree with our refusal to comply with a request to exercise your Colorado data rights, you may appeal within a reasonable period after your receipt of our denial by contacting us at support@gritdigitalhealth.com Once we receive your email, we will acknowledge your request and start processing your appeal.

Appeal Timeframe. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision. If we are unable to make a decision within the 45-day period, we will extend our response time by sixty (60) days, but we will inform you of the reason and extension period before the original 45-day response period ends.

Rights Upon Denial of an Appeal. If you disagree with our decision after appeal, you may read more on the Colorado Privacy Act here and use the “Contact Us” information on the page to contact the Colorado Attorney General.

10. EUROPEAN USERS’ RIGHTS

If you are located in the EU or Switzerland, you have certain rights with respect to your Personal Information. The following is a summary of those rights and additional information applicable to our collection and use of your Personal Information.

Data Controller. When you provide us with your Personal Information through the Platform, we serve as a data controller. When we act as a data controller we determine how your Personal Information will be utilized, in accordance with this Privacy Policy.

Legal Basis for Processing Personal Information

If you are located in the EU or Switzerland, we rely on several legal bases to process your Personal Information. These legal bases include where:

  • The processing is necessary to perform our contractual obligations, such as to provide you with our Services;
  • You have given your prior consent, which you may withdraw at any time (such as for marketing purposes or other purposes we obtain your consent for from time to time);
  • The processing is necessary to comply with a legal obligation, a court order or to exercise or defend legal claims; and
  • The processing is necessary for the purposes of our legitimate interests, such as in improving, personalizing, and developing our Site and Services, marketing new features or products that may be of interest, and promoting safety and security as described above.

If you have any questions about or would like further information concerning the legal bases on which we collect and use your Personal Information, please contact us by emailing support@gritdigitalhealth.com.

Rights Under the General Data Protection Regulation

If you are located in the EU or Switzerland, you have the following rights in respect of your Personal Information that we hold:

  • Right of access. The right to obtain access to your Personal Information.
  • Right to rectification. The right to obtain rectification of your Personal Information without undue delay where that Personal Information is inaccurate or incomplete.
  • Right to erasure. The right to obtain the erasure of your Personal Information without undue delay in certain circumstances, such as where the Personal Information is no longer necessary in relation to the purposes for which it was collected or processed.
  • Right to restriction. The right to obtain the restriction of the processing undertaken by us on your Personal Information in certain circumstances, such as where the accuracy of the Personal Information is contested by you, for a period enabling us to verify the accuracy of that Personal Information.
  • Right to portability. The right to portability allows you to move, copy or transfer Personal Information easily from one organization to another.
  • Right to object. You have a right to object to processing based on legitimate interests and direct marketing.

If you wish to exercise one of these rights, please email us at support@gritdigitalhealth.com. You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

Retention of Personal Information

When reserve the right to retain any Personal Information as long as it is needed to: (1) fulfill the purposes for which we collected the Personal Information; and (2) comply with applicable law.

Transfers of Personal Information

If you are located in the EU, the Personal Information we collect may be stored and processed in any country in which we or our affiliates, suppliers, third party electronic payment processors and/or financial institutions or agents maintain facilities, including, but not limited to, the United States of America. YOU CONSENT TO ANY AND ALL PERSONAL INFORMATION YOU PROVIDE AND SUBMIT VIA THE SITE AND SERVICES BEING SENT TO THE UNITED STATES OF AMERICA. The United States of America has not sought nor received a finding of “adequacy” from the EU under Article 45 of the GDPR. We rely on derogations for specific situations as set forth in Article 49 of the GDPR. YOU ARE ALSO INFORMED THAT THE UNITED STATES OF AMERICA PRESENTLY DOES NOT HAVE AN ADEQUATE LEVEL OF PERSONAL DATA PROTECTION AS DETERMINED BY THE EUROPEAN COMMISSION’S ADEQUACY DECISION ON OCTOBER 6, 2015 (CASE C-362/14) AND ARTICULATED IN THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION AND HAS NOT RECEIVED A SIMILAR DESIGNATION OF ADEQUACY BY ANY OTHER FOREIGN DATA PROTECTION AUTHORITY. YOU AGREE TO THE TRANSFER OF YOUR DATA AND PERSONAL INFORMATION TO THE UNITED STATES OF AMERICA, HOWEVER, TO BE USED IN ACCORDANCE WITH THIS PRIVACY POLICY.

Obligations to Data Protection Authorities (DPAs)

We will respond diligently and appropriately to requests from DPAs about this Privacy Policy or compliance with applicable data protection privacy laws and regulations. We will, upon request, provide DPAs with names and contact details of the individuals designated to handle this process. With regard to transfers of Personal Information, we will (1) cooperate with inquiries from the DPA responsible for the entity exporting the data and (2) respect its decisions, consistent with applicable law and due process rights. With regard to transfers of data to third parties, we will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.