Lisa Health Privacy Policy

(Last updated March 18, 2019)

Welcome to Lisa Health, our website is available at www.lisahealth.com (the “Site”) and the associated web application (the “Services”).

At Lisa Health, we believe that technology empowers people to take control of their health. We are committed to achieving the highest standards of privacy and security, as well as to being transparent about how we process data.

“Company,” “Lisa Health,” or the terms “we” or “us” or similar terms refer to Lisa Health Inc. in this Privacy Policy. “You” or “your” or similar terms refer to you as a user of our Services.  This Privacy Policy explains how we collect, process, store and secure your information when you use our Site and/or Services. Reach out to us at privacy@lisahealth.com if you have any questions about this policy or our privacy practices.

Further contact information can be found in the Contacting Us section. Lisa Health has an appointed data protection officer, who can be contacted at privacy@lisahealth.com.

Data We Collect

When you visit the Site, we log and store your IP Address and technical information about your visit like your browser type and how you progressed through the Site, where you abandoned it, etc. (“Usage Data”).  We may also collect Usage Data in connection with your use of the Services.

If you sign up for the Services, we collect, and connect with our third-party authentication provider using, the email address, Facebook, or Google credentials you provide, and we may receive your email as a result of authenticating through such third-party services. When you sign up for our newsletter or for email updates about your use of the services, we collect your email address.  If you sign up for text message alerts, we collect your phone number. We will also collect these items if you choose to input them into your “My Account” page within the Services. We refer to this information in this policy as “Account Information.”

If you take our menopause assessment, your answers to our questions, including your birthdate information, health history, and other demographic and historical information you input (collectively, “Assessment Information”), are stored in de-identified form in order to deliver you anonymous assessment results. This information is not associated with your Account Information unless you choose to create an account to undertake a menopause action plan, in which case your Assessment Information is associated with a unique account identifier that is also associated with your Account information.  Your email address may also be associated with your Assessment Information if you request that we email your results.

If you choose to track your symptoms by providing our Services with information about how each symptom affects you (“Symptom Information”), we log the time you provided the update as well as the new and/or updated Symptom Information.

Personal Data at Lisa Health

Here are the purposes for which we process data and the type of data that is processed to fulfill each purpose:

To understand your needs and improve our services

When you use the Services or visit the Site, Lisa Health collects, stores, and uses some personal and non-personal data and transmits it to some third-party services to improve our Services by better understanding how you use them.

We do this in order to understand your needs and your use of our products, to analyze bugs and fix issues, and to bring you more useful features. In a nutshell, we process this data to provide you the best and most reliable experience of our services.

Here are the types of data we collect for the primary purposes of improving our Services:

Device data This data informs us about the device you use to access our services, such as the model, name and identifiers, device settings, the application identifier, and crash information. On our website, we collect information about your browser and browser settings, the operating system you use, and the system settings of your device.

Event and usage data When you use the Services or visit the Site, our servers process data in order to understand your usage —for example, which pages you visit or which tab in the app you open. We collect this information and use it as aggregate data to better understand which features are the most relevant or useful to our users as a whole.

IP address We collect IP addresses provided by your browser or mobile device.

Referral data If you arrive at the Lisa Health app and website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us through our analytics tools.

Other data you want to share We may collect your personal information or data if you submit it to us in other contexts. For example, if you provide us with a testimonial, or when running a contest with Lisa Health.

To deliver personalized insights as your trusted health companion

We use your Assessment Information to provide you with insights about your menopause journey, and we may also use Account Information for this purpose, for example when you request an email of your assessment results.  When you request an email of your results, we share the Account Information with our email services provider for the purpose of delivering you that email, and we store your email for administrative purposes thereafter.

Your Assessment Information is processed by a third-party provider that operates our survey functionality, and that service provider may store your Assessment Information, but they have no access to your Account Information.

We use your Assessment Information to (1) generate your menopause score and the plans and challenges we recommend to you to help alleviate your symptoms and (2) to identify resources and materials that may be of particular interest to you given your demographics and symptoms.  

We use your Symptom Information to refine your menopause score and improve the plans and challenges we recommend to you.

To provide a community for you to exchange information and support

We may make available your personal data through the website, the app and/or the Services (for example, discussion boards, blogs, activities, polls, games, and other communication forums) (each, a “Forum”) to which you can post information and materials. Any information, text, and images posted or disclosed by the user on or through such Forums may be visible to the user’s group(s) and authorized personnel, administrators, visitors to the Lisa Health website or app, and other users of the website or the app, as well as by the third-party forum operator. Any postings you have made to a Forum may also be available for view later by users of the website or the app by scrolling to older posts on the Forum. We recommend you do not post identifying information into the Forum.

In the case of your use of Forums, as described above, we are not responsible for the use by others of any information, including personal information, that is disclosed by you or on your behalf by your system in such Forums. By disclosing any of your information via Forums, you acknowledge and accept any risk and damage arising from disclosure of such information.

To advance scientific research about women’s health and menopause

The vision of Lisa Health to help advance midlife women’s health globally. Midlife women’s health has historically been underserved as a field of research. Lisa Health is on a mission to contribute to women’s health research by sharing aggregate data for the purposes of scientific and medical research about midlife health and menopause.

We plan to collaborate with academic researchers. We want to make it very clear that we will personally select our scientific collaborators with the utmost care and, most importantly, that we only provide data for scientific research after it has been anonymized following a strict protocol that involves the removal of any information that could be used to identify any specific user.

Finally, because we believe that research should benefit everyone, Lisa Health will publish the results of our academic, clinical, or internal research in ways that are easy to read for all our users.

Once again, you can withdraw your consent to use of your data for these purposes at any time by deleting your account. If you do this, your data won’t be included in any future research partnerships.

Your consent for processing health and sensitive data

If you create an account with Lisa Health, your personal data—including sensitive data and data related to your health—is stored and processed on Lisa Health servers. By creating an account with Lisa Health, you explicitly consent that:

1. Lisa Health may store and process personal data you provide through the usage of the Lisa Health app and through the account creation process for the purpose of providing Lisa Health services to you, to improve Lisa Health’s service features, and as otherwise described in this Privacy Policy. Such Lisa Health services may include sending you information and reminders through the Lisa Health app, the email address you provided to Lisa Health, or by SMS/text message to the mobile phone number you provided to Lisa Health.
2. Personal data you provide to Lisa Health through the assessment and account creation process includes personal data you enter into the Lisa Health app, such as your account data (e.g. your name and email address), and your symptom data (e.g. hot flashes, vaginal dryness, period status). Depending on the data you provide, it may also contain information about your general health (e.g. other health conditions, menstrual status) and lifestyle information (e.g., nutrition, exercise, if you smoke).

iii. Lisa Health may use your data to create anonymized sets of data for academic and clinical research purposes. Lisa Heath’s collaborators are individually selected through an internal review process. This anonymized research data cannot be linked to you as an individual or identify you in any way.

You may withdraw your consent to this use of your data at any time by deleting your Lisa Health account, as further described below.

Your Rights

We believe that privacy—including data privacy—is a fundamental right that we all possess. At Lisa Health we strive to ensure that your rights are respected.

You can withdraw your consent to all processing by Lisa Health at any time by sending an email to privacy@lisahealth.com. We will use our best efforts to remove all data about you within thirty (30) days.  However, this will not remove (i) Assessment Information held by third parties or in anonymous accounts, or (ii) derivatives of your information, such as analytics data, that do not identify you.  

How We Secure Your Data

We apply security measures to protect against the misuse, loss, and/or alteration of personal information under our control. Our database is encrypted, and your account information is only available for view through the services following authentication. Database access is available only to our employees and to our development contractors, who are under contractual obligations to maintain the confidentiality of our business information.  Your data is transmitted between your device and Lisa Health’s servers using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser. However, you are solely responsible for protecting the security of your login credentials for the Services.

Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use reasonable efforts to prevent it. No storage facility, technology, software, security protocols or data transmission over the Internet can be guaranteed to be 100% secure. Computer hackers that circumvent our security measures may gain access to certain portions of your personal data, and technological bugs, errors and glitches may cause inadvertent disclosures of your personal data; provided, however, that any attempt to breach the security of the network, our servers, databases or other hardware or software constitutes a crime punishable by law. For the reasons mentioned above, we cannot warrant that your personal data will be absolutely secure. Any transmission of data at or through the Lisa Health website and app is at your own risk.

How We Store Your Data

If you have an account with Lisa Health, your personal profile data is stored in a separate database space from your health data and your account settings, but within the same data store. Your password is stored using one-way encryption (“hashing” plus “salting”) and it cannot be read by us.

The Services are operated in the United States of America and our cloud servers are also located in the US. If you are located in another jurisdiction, please be aware that information you provide to us may be transferred to, stored and processed in the U.S.A. By using the Services or providing us with any information, you consent to this transfer, processing, and storage of your information in the U.S.A., a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside or are a citizen. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Lisa Health’s recommendations for how you can better protect your data

We believe the biggest threat to the security and privacy of your data is if someone—probably someone you know—gains access to any of your devices. The data you enter into Lisa Health is private and it should stay that way. We have outlined some tips to keep your devices secure below.

Protect your Lisa Health account:

1. Create a unique password for the Lisa Health app.

Protect your device:

1. Activate either PIN, TouchID (iPhone 5S-8), or FaceID (iPhone X) authentication for your device.
2. Set up a feature that will allow you to erase all the data from your device if it’s been lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate “Find My iPhone” via iCloud (see instructions on Apple Support pages) and then enable “Erase your device” (see instructions on Apple Support pages).

For Android, download and set up Find My Device (formerly Android Device Manager) from the Google Play Store and, if needed, use the connected web interface to lock or wipe your phone remotely. Note, however, that both Find My iPhone and Find My Device create separate privacy concerns unrelated to your use of Lisa Health.

Sharing Your Data

We share your data with third parties only as expressly set forth in this policy, including:

Typeform

Lisa Health uses a third-party service, Typeform, a company based in Spain, to collect assessment and other survey data in the Lisa Health app. The data Typeform collects is de-identified. You are not asked for your name, email address, or other identifying information. By using Lisa Health, you explicitly consent to the use and processing of your data collected by Typeform as described above.

Disqus

Lisa Health uses a third-party service, Disqus, a company based in San Francisco, California, to provide an online public comment sharing where you may log in and create profiles to participate in conversations with peers and enjoy an interactive experience.

MixPanel

Lisa Health uses a third-party service, MixPanel, a company based in San Francisco, California, to track and analyze user events to help us improve the user experience and our product and target user groups with messaging that can provide a better user experience. By using Lisa Health, you explicitly consent to the use and processing of your data by MixPanel as described.

Other Third Parties
Lisa Health shares data with third parties in the following instances.

Service providers. We may permit our third-party agents, service providers, vendors and subcontractors (such as vendors and suppliers that provide us with technology, services, advertising and marketing assistance or content in connection with our operation and maintenance of the website and app and Lisa Health offerings) to access usage data, but they are only permitted to do so in connection with performing services for us or to operate the website, app, and offerings. Third parties are required to use your personal data only for the purpose of providing Services to you.

Analytics. We may also supplement the information that we collect with information from other sources to assist us in evaluating and improving the website, app, and offerings (such as analytics tools), and to determine your preferences so that we can tailor the website, app, and offerings to your needs.

Information that we collect about you also may be combined by us with other information available to us through third parties for research and measurement purposes, including measuring the effectiveness of content, advertising or programs. This information from other sources may include age, gender, demographic, geographic, personal interests, product purchase activity or other information. We may report aggregate information, which is not able to be identified back to an individual user of the website, to our current or prospective advertisers and other business and research partners.

Third party sites. Our website and app may contain links to third-party owned and/or operated websites, but we do not share personal information through such links. Lisa Health is not responsible for the privacy practices or the content of such websites. In some cases, you may be able to make a purchase through one of these third-party websites. In these instances, you may be required to provide certain information, such as a credit card number, to register or complete a transaction at such website. These third-party websites have separate privacy and data collection practices and Lisa Health has no responsibility or liability relating to them.

Court Orders, Legal Obligations, and Governmental Requests. We reserve the right to release current or past personal data: (i) in the event that we believe that the website, app, or offerings is/are being or has/have been used in violation of the Terms and Conditions or to commit unlawful acts; (ii) if the information is subpoenaed; provided, however, that, where permitted by applicable law, we shall provide you with e-mail notice, and an opportunity to challenge the subpoena, prior to disclosure of any personal data pursuant to a subpoena; or (iii) if Lisa Health is sold, merged or acquired; provided, however, that if Lisa Health is involved in a merger, acquisition or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on the website of any change in ownership or uses of your personal data, as well as any choices that you may have regarding your personal data.

Affiliates, partners, and investors. Other parties in connection with any company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceedings, or with corporate affiliates of Lisa Health.

Your California Privacy Rights

If you are a California resident:

At any time, you may email privacy@playerpager.com for more details about what personal information a business has collected about them, where it was sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold – though we do not sell, nor do we plan to sell, Personal Information about our users. Your inquiries will not affect your ability to receive equal service and pricing from us.

California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by Player Pager to third parties for the third parties’ direct marketing purposes. To make such a request, please contact us at the email or address listed below.

Children

Minors under 18 are not permitted to use our Site without express parental consent to both use the Services and be bound by our Terms of Service and this Policy.  We do not intentionally collect information from minors under 13. If you believe we have collected any personal information from a child younger than 13 years of age, please notify us immediately at privacy@lisahealth.com and we will do anything reasonably possible to remove that information from our systems.

Cookies, Web Beacons, and Tracking

Our Site and Service does not use cookies for purposes other than Site analytics at this time, which are small text files that are intended to make the site better for you to use. In general, cookies are used to retain preferences, store information for things like shopping carts, and provide tracking data to third-party applications like Google Analytics. You may, however, disable cookies on Lisa Health’s site. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser or doing your own web research on how to disable cookies.

Please note that linked third-party websites may also use cookies. We cannot control the use of cookies by these third-party websites. For example, when you link from our website or app to a third-party website, that website may have the ability to recognize that you have come from Lisa Health by using cookies. If you have any questions about how third-party websites use cookies, you should contact such third parties directly.

The Lisa Health app and our website also use third-party analysis and tracking services to track the performance of our services, understand how you use our services, and offer you an improved and safer experience.

Your consent for Lisa Health tracking and analysis

By using our app and our website you consent that Lisa Health may use cookies and third-party services, and collect your usage data under a unique identifier, for the purposes of tracking, analysis, and improvement of our website and app.

You may withdraw your consent at any time by emailing us at privacy@lisahealth.com.

For the purpose of tracking the performance of our services and to improve Lisa Health services Lisa Health uses the following third-party services:

Google Analytics

Our website uses Google Analytics, a web analysis service operated by Google Inc. (“Google”). Google Analytics uses cookies (text files) stored on your computer to allow for analysis of your visits to websites and interactions with them in order to personalize your experience and improve our services. Information produced via cookies will be transferred to and stored on a server in the USA operated by Google.

Google analyzes this information to offer reports for Lisa Health on website usage and online usage of associated services. Google may also transfer this information to third parties either when this is required by law or when third parties are contracted by Google to process this data. Google will not automatically link your IP address to any other personal data. You can prevent cookies from being stored on your computer by changing your browser settings; however, if you choose to do this, your experience when visiting our website or using some of our features may be altered.

By using Lisa Health’s website, you consent to have non-personal data used and processed by Google as described above.

Communications, Surveys and Newsletter Activities

Lisa Health uses your personal information, such as your email address, to contact you with messages, emails, and newsletters. These include push notifications and in-app messages, informational content about health delivered to you via email, as well as occasional promotional materials that may be of interest to you, also sent via email.

Such services are only provided to you if you have signed up for the newsletter service or given your consent for these notifications. You can withdraw your consent at any time from either or both of the two—you can unsubscribe from our newsletter by clicking the unsubscribe link at the bottom of the message and disable notifications sent by Lisa Health in your account settings.

Lisa Health may also use surveys to receive your feedback, e.g. on the performance of the app or on certain health topics. Such information given by you via such surveys is processed by Lisa Health for the purposes as set forth in this privacy policy.

Notwithstanding the foregoing, we may continue to contact you for the purpose of communicating information relating to your request for Lisa Health Services, as well as to respond to any inquiry or request made by you. To opt-out of receiving Lisa Health Service-related and inquiry response-related messages from Lisa Health, you must stop requesting and/or utilizing the Lisa Health Services and stop submitting inquiries to Lisa Health, as applicable.

In order to provide these services, Lisa Health may forward information such as your email address to third-party providers in order to carry out such newsletter service or notification. These providers include the Rocket Science Group LLC (“MailChimp”), located in Atlanta, USA, which may process your email address, name and usage data to send you informational and occasional commercial content via email and Typeform S.L., located in Barcelona, Spain, which may process information from survey forms filled out by you.

The privacy policy of these services can be found on their respective websites.

Changes to this Privacy Policy

Lisa Health reserves the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and data use practices, the features of Lisa Health’s services, or advances in technology. If we make a change to this Privacy Policy that, in our sole discretion, is material, we will notify you by emailing you at the email address we have on file.

Contacting Us

If you have any questions about this Privacy Policy, please contact us by email at privacy@lisahealth.com or by regular mail at:

Lisa Health Inc.
195 41st Street, Box 11210
Oakland, CA 94611