Last Updated: August 27, 2019
1. Information We Collect
Personal Information is generally defined as information that may be able to identify you or that may be used to get access to your account including: name, email address, username and password.
With the exception of email addresses, we only transmit or store Personal Information in an encrypted form. This means that your personal information can only be viewed if decrypted in order to present you with your data within the Product, or if shared for allowed research under FERPA regulations.
We collect your email address in an unencrypted form in order to communicate with you. However, the email address you provide us will not be associated with any usage or other data. Data created by your usage on the Products is viewable by our developers in a secured environment but is not associated with your email or password and is only used for development purposes.
You may also provide your real name. Our Product may allow you to associate your real name with your account. You are under no obligation to provide this information.
Except for data that may be viewable only in a secure development environment, the only Personal Information that we collect in an unencrypted or decipherable format are email addresses.
We may collect other non-Personal Information about users whenever they interact with our Products. Non-Personal Information may include the device type, login session durations, task or activity completion, activity rating, and responses to product assessments of mood/loneliness/motivation. These data points are not stored or connected to your personal information and are viewed in aggregate for product analysis or research.
2. How We Collect and Use Information
School-Based Single Sign-On/Traditional Login
Products offered by the Product Entities may offer the ability to register and sign in through a school-issued credential or by creating a username and password. In these instances, you will either follow the single-sign-on steps to login through your school issued credentials, or you will be asked to set up a username and password, depending on the approach your institution elected to adopt. In either case, we ensure the same data security and privacy standards for the data you provide.
Single Sign-On Through External Services
Products offered by the Product Entities may also provide the ability to register and sign in through other services you already utilize. Please see the following sections for information on which services are available, what data we receive, and how that data is used.
· Apple Single Sign-On: Products may offer the ability for a user to register and sign in using their Apple ID. As with single sign-on for school-based logins, this option only gathers the minimum data necessary to create a user within the Product(s). The Products will only store and utilize the following attributes: first name, last name, email address in order to create your user record. Your Apple data will not be sold, redisclosed, or edited through this process. We only collect the above noted data, regardless of other data you may have allowed for public consumption. Access to this registration and sign-in option may be limited by which Product(s) you access from the Product Entities or having a compatible device/operating system that meets Apple requirements.
· Google Single Sign-On: Products may offer the ability for a user to register and sign in using their Google Account. As with single sign-on for school-based logins, this option only gathers the minimum data necessary to create a user within the Product(s). The Products will only store and utilize the following attributes: first name, last name, email address in order to create your user record. Your Google data will not be sold, redisclosed, or edited through this process. We only collect the above noted data, regardless of other data you may have allowed for public consumption. Access to this registration and sign-in option may be limited by which Product you access from the Product Entities, or having a compatible device/operating system that meets Google requirements.
· Facebook Single Sign-On: Products may offer the ability for a user to register and sign in using their Facebook Account. As with single sign-on for school-based logins, this option only gathers the minimum data necessary to create a user within the Product(s). The Products will only store and utilize the following attributes: first name, last name, email address in order to create your user record. Your Facebook data will not be sold, redisclosed, or edited through this process. We only collect the above noted data, regardless of other data you may have allowed for public consumption. Access to this registration and sign-in option may be limited by which Product you access from the Product Entities, or having a compatible device/operating system that meets Facebook requirements.
There are areas on the Products where you may be asked to provide us with Personal Information, or through the Single Sign On interface whereby such Personal Information or other information may be collected from you in an automated manner.
Personal Information you provide through forms on the Products is immediately encrypted and stored in a secure database.
We also may collect statistics about how you use and engage with the Product using cookies and other passive collection mechanisms. This information does not contain personal details about you and is not tied to any Personal Information.
In accordance with FERPA authorization, we may collect user self-reported personal information through your use of the Product. This data collection is authorized via partnership with your school and personal information may only be used in order to evaluate the product if approved by your school. A school may be defined as a participating higher education entity that has authorized the use of the Product for its student body. We only release personal information for approved research, authorized by your school, to your school or partners your school authorizes.
Non individually identifiable information may be used for Product utilization and behavior evaluation by us. Personal information, in accordance with FERPA, may only use used for approved research and evaluation in partnership with the providing school. In the event your institution elects to conduct a research and evaluation study, you will be invited to participate.
Mobile Application Events and Cookies
We collect information about how you use our Products by setting and accessing cookies on your device and tagging events in product code. A cookie is a small piece of information sent by our Products that is saved on your local storage by your device. The cookie holds information our Products may need to personalize or enhance your experience and to gather statistical data, such as which pages are visited, which actions are completed, and overall usage metrics. You may disable cookies on your browser. Please review your browser’s instructions for doing so. Note that certain features of the Products may not be available if you delete or reject cookies.
3. How We Use Collected Information
We use secure encrypted information to facilitate access to our Product and services. If you provide us with your email address, we may also send you updates, tips, and reminders with your consent. We may also use any information we collect in a de-identified, aggregate form (“Usage Information”) to help us understand usage and demographic patterns and improve the functionality of our Products
If you choose to provide your real name and your photograph, it may be associated with your account number and relevant statistical and demographic information.
We may also share aggregated demographic and statistical information that is not personally identifiable with third parties as described below.
4. Sharing Your Personal Information
We may share certain portions of Personal Information and other information to make the Products and services related to the Products function properly. This may include sharing portions of Personal Information with development, hosting and email service providers to encrypt your information and receive, transfer, use, and host your encrypted Personal Information.
We may share Personal Information or Usage Information with your educational institution. However, we also may share aggregated demographic and statistical information that is not personally identifiable: (1) with other educational institutions for informational purposes; and (2) for research purposes. We or educational institutions may view and use your Personal Information or Usage Information with your consent for research purposes. You agree that we may use Usage Information for development purposes, including to improve the Product and to develop future applications and products.
If permitted under an agreement with your educational institution, we may share your Personal Information and other information with a third party if our ownership status changes, such as if any Product Entity is acquired or acquires another entity.
Other than what is referenced above, the Personal Information and other information collected from you is not shared with nor sold to any person or entity outside of us.
5. Third Party Websites
Some users access our Product via a webpage that is hosted by the user’s individual school, college or university (“School Product”). We do not control the content or links that appear on these School Products and are not responsible for the practices employed by School Products. In addition, School Products and services each have their own privacy policies and customer service policies. Browsing and interaction on any other School Product is subject to that School Product’s own terms and policies.
In addition to encryption, we take reasonable precautions and follow industry best practices to make sure information is not lost, misused, accessed, disclosed, altered or destroyed.
7. Children’s Information
The Product is intended for individuals over 18 years of age and older located in the United States.
The Products is not directed at, marketed to, nor intended for children under the age of 13 and we do not intentionally collect any information from or about children under the age of 13. If you believe a child under 13 years of age has provided us with information, contact us at email@example.com. If we learn that any information was provided through the Product by a person younger than 13 years of age, we will delete the information immediately.
8. Email Opt Out
We will only add you to our email list with your consent.
If you have consented to receive emails from us, we may send you updates, news, and information about our services. If at any time you wish to stop receiving emails or mailings from us please send us an email to firstname.lastname@example.org with the phrase “Privacy Opt-out: Grit Mailings” in the subject line, or write to us at the address provided below, and we will remove you from our mailing list. Alternatively, for email communications, you may opt out of receiving such communications by following the unsubscribe instructions set forth at the bottom of most e-mail messages from us.
Please note that even if you do not sign up to receive email from us, we may send you important service announcements.
Also, please note that we have not yet developed a response to browser “Do Not Track” signals, and do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to “Do Not Track” signals in light of industry developments or legal changes.
9. California Privacy Rights
We do not share Personal Information as defined by California Civil Code Section 1798.83 (“Shine the Light Law”) with third parties for their direct marketing purposes absent your consent. If you are a California resident, you may request information about our compliance with the Shine the Light law by contacting us by email to email@example.com or by sending a letter to:
Grit Digital Health LLC
2128 15th Street
Denver, CO 80202
Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address or mail address.
10. Updates to this Policy and Contact Information
If you have any questions about your privacy or security on our Products, please contact us using the following information:
Grit Digital Health LLC
2128 15th Street
Denver, CO 80202