Privacy Policy
Effective date: May 10, 2023
------------------------
Ourself LLC Privacy Policy
Effective May 10, 2023
1 Introduction
Ourself (“Ourself”, “us,” or “we”) is a personal health tracking and analytics solution designed to help women understand and take control of their health. How do we do that? We provide tools and analytics to help you collect and track hundreds of data points, from hormone levels to symptom scales, from cycle data to mental wellbeing (collectively, the “Services”).
Protecting the privacy and security of your information is a core value of our Service and fundamental to everything we do. We understand that you are trusting us with your data and we take this responsibility seriously. We have built our platform with privacy in mind with the goal of limiting the identifying information we collect and store. We never sell your personal information.
We have designed our platform to keep your health information anonymous. You can read more about the steps we take to anonymize your information in this Privacy Policy but the key principle is that our database is designed so that your health data is never linked to your unique user identifying information. Even we cannot link your health data back to you. This means, for example, if we receive a subpoena from law enforcement asking for your health information, we will not be able to provide this information.
This Privacy Policy (the “Policy”) applies to your use of the platform and describes how we collect, process, store, and delete the personal information we may have about you, what rights and choices you may have with respect to your personal information, how you can contact us, and the steps we take to protect your personal information.
2 Our Philosophy and Core Values
Data privacy always matters, and now more than ever - especially when it comes to personal and reproductive health data. Let’s take a closer look at what practices we have put in place to protect your privacy:
- a. We minimize the personal information we collect wherever possible. When you register, we only collect what we need to create your account.
- b. We keep your health data anonymous at all times. There is no way for us (or anyone asking us) to connect your personal data to the health information you track.
- c. We NEVER sell your data. We never have and never will sell your data or make it available to third parties other than service providers that help us operate the service (and who are required to use your data only for limited purposes at our direction).
When creating a profile in the Ourself App, we ask you to consent to this Policy so that we and our service providers may collect, store and process the data you provide when using our Service. The purpose of this data collection is to provide our Service to you, to improve our Service features and for other specific purposes described in this Policy. If you do not consent to the Policy, you should not use the Service.
3. Data we collect from you
We collect information about you that you provide to us directly and we collect some information automatically when you interact with the Service.
- a. Personal Data You Provide to Us Directly
Registration Information. When you register to create your Ourself account we collect your email address and your year of birth. We ask for, but not require, your gender. We may be able to infer your gender by your use of the Services. We do not ask for your name or other identifying information.
Country and Zip Code Information. We collect the name of the country and zip code where you live. We collect this information so that we can better provide our Service and support our academic research partners. We do not collect or use other geolocation data that could reveal your precise location or a physical address beyond a rough approximation of geographic region where you are located. You can also choose to not share this information by choosing skip on the zip code screen in onboarding.
Health Information and Health Tracking Data. We collect health information and health tracking data that you provide to us through the Service. For example we collect general health data including symptoms and events. However, we take steps to ensure that your health data is stored in an anonymous way and cannot be linked to your personal information. Learn more about how we secure the anonymity of your data in Section 6. With your consent, you may also allow us to connect to third-party services, such as Apple HealthKit and Google Health Connect, to enable us to import information about your health and activities into the Ourself App. We will process this data in order to provide you with App functionality and features. Importing this data is subject to the Google Health Connect and Apple HealthKit privacy policies and terms.
Other Information You Provide To Us. We may collect your contact information or other personal information if you contact us through the Platform, or if you provide personal information using any of the community features offered on our Platform.
Aggregated Information. We may aggregate, anonymize, or de-identify your personal data so that it cannot reasonably be used to identify you. We may share such data with third parties such as academic research institutions or use the data for statistical purposes. For example, we may share or use general age and demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users in articles, blog posts, and scientific publications. Sharing such data may contribute to the advancement of scientific research on female health. For certain targeted academic or user research studies, we will contact you and rely on your consent. You can withdraw your consent at any time by emailing us at support@ourself.health.
b. Information We Collect Automatically
We collect certain information automatically about you, your device, and your usage of the Service]. For example, we collect information about the mobile device you use (this includes the hardware model, the device’s operating system and its version, unique device identifiers and mobile network information). When you visit our website we collect information about which browser you use and its settings, the operating system you use and your device’s system settings.
We collect information about your usage and behavior on the Service, such as how you interact with the Platform, how often you use the Service, the sections and features that you use the most and how you engage with them as well as payment information.
4. How We Use Your Personal Data
We limit our use of your personal data to the following purposes described in this Policy:
- a. We use your email address to authenticate you and create your account.
- b. To deliver our Service and support you on your personal health journey by providing metrics and analytics.
- c. To improve our Service and give you the best possible user experience.
- d. To communicate with you, including to respond to inquiries you submit to us or to provide you with information about our services, features, special offers or events. You may opt-out of receiving such messages and notifications at any time.
- e. To enhance research in the field of women’s health. Specifically, we may share your anonymous health information and health tracking data with academic research partners who focus on advancing women’s health. The data we share with academic research partners does not contain any personal information and cannot be linked back to an individual user.
- f. To improve the security of the Platform and to investigate and prevent malicious, deceptive, fraudulent, or illegal activity, and enforce our terms and policies.
-
- g. For legal, regulatory, safety, and compliance purposes, including compliance with applicable laws or regulations.
-
- h. For other purposes about which we will notify you in advance and for which we will obtain your consent.
5. How We Share Your Personal Information
We use third-party service providers to help us operate and maintain the Service. These service providers are contractually restricted from using or disclosing your information except as necessary to perform services on our behalf and pursuant to our instructions, or to comply with legal requirements. The service providers that we may share your information with include:
We reserve the right to share your information in the event of any merger, consolidation or reorganization except those in which our equity outstanding immediately prior to such merger, consolidation or reorganization continues to represent a majority of our company, or sale of substantially all of our assets, voluntary or involuntary liquidation, assignment, dissolution or winding up of our company. Any acquirer of, or successor to us will be contractually obligated to use data only as described in this Policy.
6. Data Security
We use commercially reasonable administrative, physical, and technical safeguards to protect the information that we have about you from loss, theft, and unauthorized use, access, modification, or destruction. We also require any third-party service providers acting on our behalf or with whom we share your information to maintain reasonable security measures, and we endeavor to select service providers that maintain high standards of data security. Notwithstanding our safeguards, it is impossible to guarantee absolute security.
To protect the security and privacy of your health information and health tracking data, such information is stored in a separate database from your personally identifiable information. It is linked by a unique encrypted identifier stored only on your device. This design is intended to keep your health information and health tracking data anonymous so that it cannot be linked back to you. We have implemented technical safeguards and business processes that prohibit re-identification of this data.
- a. Data encryption
All of your personal and health data is encrypted in transit and in rest. Ourself has created a security solution called an AVID (Access Verification ID) where the key to connect the user’s health data to their identifying information resides on the user’s device in their local storage. The AVID is then combined and hashed with further auto-generated and anonymized verification keys that add an additional level of security for our users as they access our services and use the app. -
- b. Two factor authentication
We use the third-party provider authO to provide two factor authentication of your email to help you create an account.
- c. Further security measures we put in place
- Because we know some health events are specifically intimate and vulnerable we let you customize the name of these events. You do not have to name them in clinical terms, you can choose whatever definition you feel most comfortable with. If you choose to not customize your event, it will be identified by a default name.
7. Ourself Community Features and Third-Party Links
We believe in the value of community, especially when it comes to health and well-being. This is why Ourself includes several community features where users can interact with each other.
However, all the information you post in these community features can be seen, disclosed to or collected by others and we have no control over how this information is processed further. We therefore strongly encourage you to think carefully about what you post in our public community.
The Platform, including our community features, may contain links to websites operated by third parties, such as social media websites, and your personal information may be collected by those third parties if you use their websites or services. Should you choose to visit these third-party sites, you should review their privacy policies to ensure you understand and are comfortable with their practices concerning your information. We disclaim any responsibility for the privacy policies and information collection, use, and sharing practices of any third-party website. Links are provided to you for convenience purposes only and any information collected by third-party websites will be governed by their respective privacy policies.
8. Data retention
We will retain your personal information for as long as needed to provide you with the Service or otherwise fulfill the purposes for which it was collected. You can deactivate your account and erase your personal information by emailing support@ourself.health. If you choose to deactivate your account, we will delete all your personal information and health information and health tracking data and it will not be recoverable should you later create another account.
You should be aware that, although we anonymize and de-identify your data wherever possible, we may retain certain personal information and other information after your account has been terminated or deleted as necessary to comply with legal obligations, resolve disputes and enforce our agreements.
9. Your Privacy Rights
We want you to be confident in trusting us with your data. And we want to be very transparent about what exactly we do with it. So if you have any questions or requests regarding the following topics, please contact us at privacy@ourself.com and we will process your request as soon as reasonably practicable.
- a. Access to and correction of your personal data
You have the right to know what personal data we hold from or about you and whether it has been sold, shared, or disclosed to any third party in the past 12 months. In some circumstances, we may need to ask you for personal information to verify your identity before responding to your request. You also have the right to request that your personal data be corrected if you believe the personal data we collected from you is inaccurate.
- b. Withdrawing consent from data processing
You can withdraw your consent for data processing at any time by sending an email request to privacy@ourself.com. However, without processing your data our ability to provide our Services to you will be very limited.
- c. Deletion of your personal data
You can request the deletion of the personal information we have about you, including any data that we have shared with third-party service providers who help us run and improve the Service. If you request deletion of your data, we will attempt to delete your personal and health data.
- d. Opt-out of the use or disclosure of sensitive personal data
You may have the right to opt-out of the use or disclosure of sensitive personal data, including the use of health data. Please be aware that if you exercise this right our ability to provide our Services to you will be very limited.
- e. Additional Privacy Rights
You may also have the right to opt-out of the sale or sharing of personal data, the right to opt-out of the processing of personal data for targeted advertising purposes, and the right to opt out of profiling based on personal data. Please be aware that we never sell your data and we only share it with trusted service providers, as described in this Policy. We also never process your data for targeted advertising or for profiling. You may also have the right to data portability.
10. Data requests by law enforcement agencies
We all have read and thought about this scenario in the months following the Supreme Court's decision to overturn Roe vs. Wade. In a legal landscape where the right to reproductive health choices is not protected by federal law your personal reproductive health data might be vulnerable.
While we cannot prevent law enforcement agencies from issuing a subpoena for your personal and health data we are unable to comply with such subpoenas due to the nature of our database. As already outlined in Section 6: “Data Security,” your personal data is never connected with the health data you track because the key to connect the data is located on your phone. We do not know who the data belongs to and therefore we cannot hand over health data from a specific individual even if subpoenaed.
11. Children’s privacy
The Service is not intended for children and we do not knowingly collect personal information about children under 13 years old through the Service. The minimum age to use the Service is 13 years old. By consenting to the Terms of Use you are confirming that you are at least 13 years old to use this Service.
If you are aware of anyone under the age of 13 using the Service, please contact us at privacy@ourself.com and we will take the required steps to delete any personal information obtained and/or delete the child’s account.
12. Changes to this Privacy Policy
Ourself reserves the right to modify the contents of this Privacy Policy from time to time to take into account changes in the features we provide, advances in technology or changes in data collection or data analysis to better support our platform. We advise you to check this page on a regular basis to see if there are any updates since the last time you checked in on our Privacy Policy.
The “last updated” date at the top of this page will show you when the last changes were made.
In the event we make material changes to this Privacy Policy we will notify you via email or through an inApp message to obtain additional consent for such changes. If permitted by law, your continued use of the Services after this policy has been updated indicates your acceptance of changes made. In some cases, you will be given a choice to accept changes to this policy. We always keep our Privacy Policies available to you on our website and make every effort to write them in a comprehensible manner. If you have any questions please feel free to always reach out:privacy@ourself.com