(Last updated March 20, 2021)
(Last updated March 20, 2021)
Welcome to Lisa Health, our website is available at lisahealth.com (the “Site”) and the associated web application (the “Services”).
At Lisa Health, we believe that technology empowers people to take control of their health. We are committed to achieving the highest standards of privacy and security, as well as to being transparent about how we process data.
Further contact information can be found in the Contact Us section. Lisa Health has an appointed data protection officer, who can be contacted at firstname.lastname@example.org.
When you visit the Site, we log and store your IP Address and technical information about your visit like your browser type and how you progressed through the Site, where you abandoned it, etc. (“Usage Data”). We may also collect Usage Data in connection with your use of the Services.
If you sign up for the Services, we collect and connect with our third-party authentication provider using the email address, Facebook, or Google credentials you provide, and we may receive your email as a result of authenticating through such third-party services. When you sign up for our newsletter or for email updates about your use of the services, we collect your email address. If you sign up for text message alerts, we collect your phone number. We will also collect these items if you choose to input them into your “My Account” page within the Services. We refer to this information in this policy as “Account Information.”
If you take our menopause assessment, your answers to our questions, including your birthdate information, health history, and other demographic and historical information you input (collectively, “Assessment Information”), are stored in de-identified form in order to deliver you anonymous assessment results. This information is not associated with your Account Information unless you choose to create an account to undertake a menopause action plan, in which case your Assessment Information is associated with a unique account identifier that is also associated with your Account information. Your email address may also be associated with your Assessment Information if you request that we email your results.
If you choose to track your symptoms by providing our Services with information about how each symptom affects you (“Symptom Information”), we log the time you provided the update as well as the new and/or updated Symptom Information.
Here are the purposes for which we process data and the type of data that is processed to fulfill each purpose:
When you use the Services or visit the Site, Lisa Health collects, stores, and uses some personal and non-personal data and transmits it to some third-party services to improve our Services by better understanding how you use them.
We do this in order to understand your needs and your use of our products, to analyze bugs and fix issues, and to bring you more useful features. In a nutshell, we process this data to provide you the best and most reliable experience of our services.
Here are the types of data we collect for the primary purposes of improving our Services:
Device data This data informs us about the device you use to access our services, such as the model, name and identifiers, device settings, the application identifier, and crash information. On our website, we collect information about your browser and browser settings, the operating system you use, and the system settings of your device.
Event and usage data When you use the Services or visit the Site, our servers process data in order to understand your usage —for example, which pages you visit or which tab in the app you open. We collect this information and use it as aggregate data to better understand which features are the most relevant or useful to our users as a whole.
IP address We collect IP addresses provided by your browser or mobile device.
Referral data If you arrive at the Lisa Health app and website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us through our analytics tools.
Other data you want to share We may collect your personal information or data if you submit it to us in other contexts. For example, if you provide us with a testimonial, events you register for, or when running a contest with Lisa Health.
We use your Assessment Information to provide you with insights about your menopause journey, and we may also use Account Information for this purpose, for example when you request an email of your assessment results. When you request an email of your results, we share the Account Information with our email services provider for the purpose of delivering you that email, and we store your email for administrative purposes thereafter.
Your Assessment Information is processed by a third-party provider that operates our survey functionality, and that service provider may store your Assessment Information, but they have no access to your Account Information.
We use your Assessment Information to (1) generate your menopause score and the plans and challenges we recommend to you to help alleviate your symptoms and (2) to identify resources and materials that may be of particular interest to you given your demographics and symptoms.
We use your Symptom Information to refine your menopause score and improve the plans and challenges we recommend to you.
We may make available your personal data through the website, the app and/or the Services (for example, discussion boards, blogs, activities, polls, games and other communication forums) (each, a “Forum”) to which you can post information and materials. Any information, text, and images posted or disclosed by the user on or through such Forums may be visible to the user’s group(s) and authorized personnel, administrators, visitors to the Lisa Health website or app, and other users of the website or the app, as well as by the third-party forum operator. Any postings you have made to a Forum may also be available for view later by users of the website or the app by scrolling to older posts on the Forum. We recommend you do not post identifying information into the Forum.
In the case of your use of Forums, as described above, we are not responsible for the use by others of any information, including personal information, that is disclosed by you or on your behalf by your system in such Forums. By disclosing any of your information via Forums, you acknowledge and accept any risk and damage arising from disclosure of such information.
The vision of Lisa Health to help advance midlife women’s health globally. Midlife women’s health has historically been underserved as a field of research. Lisa Health is on a mission to contribute to women’s health research by sharing aggregate data for the purposes of scientific and medical research about midlife health and menopause.
We plan to collaborate with academic researchers. We want to make it very clear that we will personally select our scientific collaborators with the utmost care and, most importantly, that we only provide data for scientific research after it has been anonymized following a strict protocol that involves the removal of any information that could be used to identify any specific user.
Finally, because we believe that research should benefit everyone, Lisa Health will publish the results of our academic, clinical, or internal research in ways that are easy to read for all our users.
Once again, you can withdraw your consent to use of your data for these purposes at any time by deleting your account. If you do this, your data won’t be included in any future research partnerships.
If you create an account with Lisa Health, your personal data—including sensitive data and data related to your health—is stored and processed on Lisa Health servers. By creating an account with Lisa Health, you explicitly consent that:
ii. Personal data you provide to Lisa Health through the assessment and account creation process includes personal data you enter into the Lisa Health app, such as your account data (e.g. your name and email address), and your symptom data (e.g. hot flashes, vaginal dryness, period status). Depending on the data you provide, it may also contain information about your general health (e.g. other health conditions, menstrual status) and lifestyle information (e.g., nutrition, exercise, if you smoke).
iii. Lisa Health may use your data to create anonymized sets of data for academic and clinical research purposes. Lisa Heath’s collaborators are individually selected through an internal review process. This anonymized research data cannot be linked to you as an individual or identify you in any way.
You may withdraw your consent to this use of your data at any time by deleting your Lisa Health account, as further described below.
We believe that privacy—including data privacy—is a fundamental right that we all possess. At Lisa Health we strive to ensure that your rights are respected.
i. Our products and services have been designed to minimize the use of your personal data. We only collect and process your data for the purposes that have been previously outlined. Lisa Health does not store sensitive personal data about your health and activities without your explicit permission. It is only when you give us explicit consent by creating a Lisa Health account that we start storing your health and sensitive data on our secured servers, alongside the personal data necessary to create an account.
ii. The security of our servers is routinely verified by experts to protect your data from unauthorized access. You can contact us at email@example.com if you have any questions about the security of our services.
iii. We do not retain your data in an identifiable format for longer than necessary to deliver our services.
iv. Lisa Health is not a clinical decision-making or clinical profiling system.
As a user of Lisa Health’s services and website, you may exercise your user rights to:
i. Request information on your personal data processed by Lisa Health. Upon your request, this information will be provided to you electronically. If you reside in the EU or Switzerland, you may access your information by sending a request to Lisa Health at the address specified in “Contacting Us” information below. If you reside in California and have provided your personally identifiable information to us, you may request information once per calendar year about our disclosures of certain categories of your personally identifiable information to third parties for their direct marketing purposes. Such requests must be submitted in writing using the email address in the “Contacting Us” section below.
ii. Gain access to your information by requesting a backup of your data in a format that is readable by other companies or organizations (data portability).
iii. Correct your personal information and health data in your profile settings and in the tracking categories available in the Health app and/or website.
iv. Withdraw your consent from data processing at any time by deleting your account and/or unsubscribing from our newsletter by clicking the link at bottom of the email or by contacting firstname.lastname@example.org.
v. Request the complete deletion of your data, including all past data sent to third-party services used for tracking and analysis, by reaching out to email@example.com. Your data will be deleted within 30 days. However, this will not remove (i) Assessment Information held by third parties or in anonymous accounts, or (ii) derivatives of your information, such as analytics data, that do not identify you. We will not delete the posts or comments you’ve written and shared publicly, including on social media or in any Forum.
vi. Log a complaint with the relevant supervising authority if you believe Lisa Health is processing your personal data under violation of applicable data protection regulations. For more information, please contact your local data protection authority. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
We apply security measures to protect against the misuse, loss, and/or alteration of personal information under our control. Our database is encrypted, and your account information is only available for view through the services following authentication. Database access is available only to our employees and to our development contractors, who are under contractual obligations to maintain the confidentiality of our business information. Your data is transmitted between your device and Lisa Health’s servers using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser. However, you are solely responsible for protecting the security of your login credentials for the Services.
Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use reasonable efforts to prevent it. No storage facility, technology, software, security protocols or data transmission over the Internet can be guaranteed to be 100% secure. Computer hackers that circumvent our security measures may gain access to certain portions of your personal data, and technological bugs, errors and glitches may cause inadvertent disclosures of your personal data; provided, however, that any attempt to breach the security of the network, our servers, databases or other hardware or software constitutes a crime punishable by law. For the reasons mentioned above, we cannot warrant that your personal data will be absolutely secure. Any transmission of data at or through the Lisa Health website and app is at your own risk.
If you have an account with Lisa Health, your personal profile data is stored in a separate database space from your health data and your account settings, but within the same data store. Your password is stored using one-way encryption (“hashing” plus “salting”) and it cannot be read by us.
We believe the biggest threat to the security and privacy of your data is if someone—probably someone you know—gains access to any of your devices. The data you enter into Lisa Health is private and it should stay that way. We have outlined some tips to keep your devices secure below.
Protect your Lisa Health account:
i. Create a unique password for the Lisa Health app. We recommend choosing passwords that are:
Protect your device:
i. Activate either PIN, TouchID (iPhone 5S-8), or FaceID (iPhone X) authentication for your device.
ii. Set up a feature that will allow you to erase all the data from your device if it’s been lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate “Find My iPhone” via iCloud (see instructions on Apple Support pages) and then enable “Erase your device” (see instructions on Apple Support pages).
For Android, download and set up Find My Device (formerly Android Device Manager) from the Google Play Store and, if needed, use the connected web interface to lock or wipe your phone remotely. Note, however, that both Find My iPhone and Find My Device create separate privacy concerns unrelated to your use of Lisa Health.
We share your data with third parties only as expressly set forth in this policy, including:
Lisa Health uses a third-party service, Typeform, a company based in Spain, to collect assessment and other survey data in the Lisa Health app. The data Typeform collects is de-identified. You are not asked for your name, email address, or other identifying information. By using Lisa Health, you explicitly consent to the use and processing of your data collected by Typeform as described above.
Lisa Health uses a third-party service, Disqus, a company based in San Francisco, California, to provide an online public comment sharing where you may login and create profiles to participate in conversations with peers and enjoy an interactive experience.
Lisa Health uses a third-party service, Mixpanel, a company based in San Francisco, California, to track and analyze user events to help us improve the user experience and our product and target user groups with messaging that can provide a better user experience. By using Lisa Health, you explicitly consent to the use and processing of your data by Mixpanel as described.
Lisa Health shares data with third parties in the following instances.
Service providers. We may permit our third-party agents, service providers, vendors and subcontractors (such as vendors and suppliers that provide us with technology, services, advertising and marketing assistance or content in connection with our operation and maintenance of the website and app and Lisa Health offerings) to access usage data, but they are only permitted to do so in connection with performing services for us or to operate the website, app, and offerings. Third parties are required to use your personal data only for the purpose of providing Services to you.
Analytics. We may also supplement the information that we collect with information from other sources to assist us in evaluating and improving the website, app, and offerings (such as analytics tools), and to determine your preferences so that we can tailor the website, app, and offerings to your needs.
Information that we collect about you also may be combined by us with other information available to us through third parties for research and measurement purposes, including measuring the effectiveness of content, advertising or programs. This information from other sources may include age, gender, demographic, geographic, personal interests, product purchase activity or other information. We may report aggregate information, which is not able to be identified back to an individual user of the website, to our current or prospective advertisers and other business and research partners.
Third party sites. Our website and app may contain links to third-party owned and/or operated websites, but we do not share personal information through such links. Lisa Health is not responsible for the privacy practices or the content of such websites. In some cases, you may be able to make a purchase through one of these third-party websites. In these instances, you may be required to provide certain information, such as a credit card number, to register or complete a transaction at such website. These third-party websites have separate privacy and data collection practices and Lisa Health has no responsibility or liability relating to them.
Court Orders, Legal Obligations, and Governmental Requests. We reserve the right to release current or past personal data: (i) in the event that we believe that the website, app, or offerings is/are being or has/have been used in violation of the Terms and Conditions or to commit unlawful acts; (ii) if the information is subpoenaed; provided, however, that, where permitted by applicable law, we shall provide you with e-mail notice, and opportunity to challenge the subpoena, prior to disclosure of any personal data pursuant to a subpoena; or (iii) if Lisa Health is sold, merged or acquired; provided, however, that if Lisa Health is involved in a merger, acquisition or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on the website of any change in ownership or uses of your personal data, as well as any choices that you may have regarding your personal data.
Affiliates, partners, and investors. Other parties in connection with any company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceedings, or with corporate affiliates of Lisa Health.
The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights regarding their Personal Information. If you are a California resident, you have the right to:
i. Request we disclose to you free of charge the following information covering the 12 months preceding your request: (a) the categories of Personal Information about you that we collected; (b) the categories of sources from which the Personal Information was collected; (c) the purpose for collecting Personal Information about you; (d) the categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you; and (e) the specific pieces of Personal Information we collected about you;
ii. Request we delete Personal Information we collected from you, unless the CCPA recognizes an exception;
iii. If the business sells Personal Information, you have a right to opt-out of that sale.
Consistent with California law, if you choose to exercise your applicable CCPA rights, we won’t charge you different prices or provide you a different quality of services. If we ever offer a financial incentive or product enhancement that is contingent upon you providing your Personal Information, we will not do so unless the benefits to you are reasonably related to the value of the Personal Information that you provide to us. If you are a California resident and wish to exercise your rights under the CCPA, please contact us at firstname.lastname@example.org.
Minors under 18 are not permitted to use our Site without express parental consent to both use the Services and be bound by our Terms of Service and this Policy. We do not intentionally collect information from minors under 13. If you believe we have collected any personal information from a child younger than 13 years of age, please notify us immediately at email@example.com and we will do anything reasonably possible to remove that information from our systems.
The Lisa Health app and our website also use third-party analysis and tracking services to track the performance of our services, understand how you use our services, and offer you an improved and safer experience.
You may withdraw your consent at any time by emailing us at firstname.lastname@example.org.
For the purpose of tracking the performance of our services and to improve Lisa Health services Lisa Health uses the following third-party services:
Google analyzes this information to offer reports for Lisa Health on website usage and online usage of associated services. Google may also transfer this information to third parties either when this is required by law or when third parties are contracted by Google to process this data. Google will not automatically link your IP address to any other personal data. You can prevent cookies from being stored on your computer by changing your browser settings; however, if you choose to do this, your experience when visiting our website or using some of our features may be altered.
By using Lisa Health’s website, you consent to have non-personal data used and processed by Google as described above.
Lisa Health uses your personal information, such as your email address, to contact you with messages, emails, and newsletters. These include push notifications and in-app messages, informational content about health delivered to you via email, as well as occasional promotional materials that may be of interest to you, also sent via email.
Such services are only provided to you if you have signed up for the newsletter service or given your consent for these notifications. You can withdraw your consent at any time from either or both of the two—you can unsubscribe from our newsletter by clicking the unsubscribe link at the bottom of the message and disable notifications sent by Lisa Health in your account settings.
Notwithstanding the foregoing, we may continue to contact you for the purpose of communicating information relating to your request for Lisa Health Services, as well as to respond to any inquiry or request made by you. To opt-out of receiving Lisa Health Service-related and inquiry response-related messages from Lisa Health, you must stop requesting and/or utilizing the Lisa Health Services and stop submitting inquiries to Lisa Health, as applicable.
In order to provide these services, Lisa Health may forward information such as your email address to third-party providers in order to carry out such newsletter service or notification. These providers include the Rocket Science Group LLC (“MailChimp”), located in Atlanta, USA, which may process your email address, name and usage data to send you informational and occasional commercial content via email and Typeform S.L., located in Barcelona, Spain, which may process information from survey forms filled out by you.
If you choose to send a link to refer Lisa Health to a friend or family member, that person will receive an email from your email address that has a link to Lisa Health. If you do not want that person to know your email address you should not send such a link.
If you’d like to enter a promotion or contest we’re running, we may ask you to provide personal data so that we can let you know if you won a prize. The specific rules and regulations governing the particular promotion or contest will vary, and your participation constitutes your agreement to abide by those rules and regulations.
Lisa Health Inc.
195 41st Street, Box 11210
Oakland, CA 94611