Sharecare provides web and mobile delivery of traditional health, wellness, and other services designed to allow you to manage all of your health information in one place. Sharecare’s digital platform and services may be offered through your employer, health plan, or other program sponsor (“Enterprise Program”), always on a voluntary basis. Sharecare is a U.S. based corporation, organized under the laws of the State of Delaware, and is headquartered at 255 East Paces Ferry Road NE, Suite 700, Atlanta, Georgia, 30305.
- Information we collect;
- How we collect the information;
- How we use the information;
- Legal grounds for the processing of your data;
- With whom we may share the information;
- Privacy rights and choices;
- Retention Periods and protection of your data;
- Children’s privacy;
- Compliance and cooperation with regulatory authorities;
- California Privacy Rights;
- Rights in other jurisdictions such as the EEA;
- How you can contact us.
Please visit our Terms page for additional terms and conditions applicable to the Services.
Information we collect
The information Sharecare collects is highly variable based on the type of Services you use and the manner in which you access them. Depending on these factors, Sharecare may collect the following information about you:
Personal Information. This is information that directly or indirectly identifies you, such as your name, email address, or other identifying information about you.
Protected Health Information (“PHI”). PHI is your Personal Information that is protected under the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA and other laws closely regulate how Sharecare may handle, protect, and share your PHI. Sharecare may offer certain Services to you based on your relationship with employers, healthcare providers, insurance companies, or other entities (each an "Enterprise Organization") with an interest in your health ("Enterprise Programs"). If such Enterprise Organizations are Covered Entities as defined by HIPAA, Sharecare must comply with HIPAA in connection with the corresponding Enterprise Program.
Other Information. Other Information is information that, by itself does not individually identify you, such as browser type, operating system, technical data, and usage. We may link together different types of Other Information or link Other Information to Personal Information.
How We Collect Information
We collect information in the following ways:
- Information You Give Us Upon Registration. For example, many of our Services require you to sign up for a Sharecare Account. When you do, we’ll ask for personal information, like your name, email address, telephone number or credit card. If you want to take full advantage of the sharing features we offer, we might also ask you to create a publicly visible Sharecare Profile, which may include your name and photo.
- Information from Your Employer or Health Plan. When you are eligible to participate in an Enterprise Program, an Enterprise Organization may provide us with PHI such as your name, date of birth, gender, mailing address, health coverage details, and health plan identification number, among other things. We use this information to provide services to you on behalf of your health plan or employer, in our capacity as a business associate under HIPAA.
- Information Provided to Us by Your Healthcare Provider or Third-Party Lab. When you participate in an Enterprise Program and are asked to obtain your health screening, we may receive information such as your biometric data and blood test data and results.
- Information from Other Sources. We may obtain information about you from affiliates, partners, and other third parties. This information may be used to provide services to you and to provide analysis about you in comparison to people who are demographically similar to you. We may combine the information we obtain from third parties with information that we have collected about you.
- Information We Get from Your Use of Services. We may collect information about the Services that you use and how you use them. This information includes:
- Information You Provide. We may collect information provided by you while using our Services.
- Computer, Tablet, or Mobile Telephone information. We may collect device-specific information such as your hardware model, operating system version, unique device identifiers, device sensors and mobile network information including phone number. Sharecare may associate your device identifiers or phone number with your Sharecare Account. We will comply with the usage/license restrictions and requirements applicable to the device from which the information comes.
- Information from Wearables: When you connect your wearable fitness tracker, heart rate monitor, pedometer or other wearable technology (“Wearable”) with the Services, we may collect information about your steps, fitness activities, exercise frequency, sleep, and information about nutrition, such as calorie intake, nutritional statistics, blood pressure, and other biometric data. You may disable this integration through your device.
- Log Information. When you use our Services or view content provided by Sharecare, we may automatically collect and store certain information in server logs. This may include:
- details of how you used our service.
- Internet protocol address.
- device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- cookies that may uniquely identify your browser or your Sharecare Account.
- Location Information. The large majority of Sharecare services do not depend on your location; however, some Services (e.g. the Find-a-Doctor tool) are location-enabled. When you use a location-enabled Sharecare service, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.
- Unique Application Numbers. Certain Services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Sharecare when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
- Local Storage. We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
How We Use Information We Collect
To Provide Services To You. We use the information that we collect about you to provide, maintain, protect and improve the Services that Sharecare provides to you.
To Provide Enterprise Programs To You. We use the information that we collect about you to provide Services on behalf of an Enterprise Organization to you and the Enterprise Organization.
Analytics. We use analytics tools and other third-party technologies, such as Google Analytics to collect non-personal information in the form of various usage and user metrics when you use our site. These tools and technologies collect and analyze certain types of information, including cookies, IP addresses, device and software identifiers, referring and exit URLs, onsite behavior and usage information, feature use metrics and statistics, usage and demographics, and other similar information. You can deactivate Google Analytics using a browser add-on if you do not wish the website analysis to take place. You can download the add-on here: tools.google.com/dlpage/gaoptout.
To Improve Our Services. We use de-identified, anonymous information that we collect about you for statistical and analysis purposes to improve our products and services, and to provide population statistical analysis and well-being trend information.
For Certain Data and User Types, for Advertising. In certain limited scenarios (never in connection with an Enterprise Program), we may use certain information for advertising as set forth in the “Advertising” section below.
Legal Grounds for Processing Your Personal Data
We rely on the following legal grounds to process your personal information:
Performance of Services. We may need to collect and use your personal information to enter into and perform under an agreement with you or an Enterprise Organization.
Legitimate Interests. We may use your personal information for our legitimate interests, including but not limited to marketing, to provide our Services and to improve our Services and the content on our sites.
What Information We Share
We take your privacy seriously. We do not sell your Personal Information to third parties as part of any Enterprise Program and all information disclosed is the minimum amount necessary to fulfill the legitimate business purpose. We do not sell anyone’s sensitive data to data miners or data brokers. We do not share Personal Information with companies, organizations and individuals outside of Sharecare except in the following circumstances:
- With Your Consent. We may share your Personal Information with companies, organizations or individuals outside of Sharecare when we have your consent to do so.
- Enterprise Organization. Under U.S. laws, we may share PHI with your health plan for the administration of your plan. If you receive Services through your relationship with a non-US-based Enterprise Organization, we will adhere to the applicable laws in your country.
- Healthcare Providers. We may share information with your healthcare providers and any clinics or organized healthcare organizations with whom they are associated, provided such sharing is allowable under HIPAA.
- Your Employer. We will not share your PHI with your employer for employment-related purposes. We may only share the information needed to for your employer to deliver Enterprise Programs. For example, we may share completion status of a wellness plan requirement but not the actual results of the required action.
- Third-Party Service Providers. We may disclose your PHI to our business associates who perform various functions on our behalf, but Sharecare requires these third parties to agree in writing to safeguard your PHI appropriately and in accordance with the law. Sharecare does not sell or rent your PHI to third parties. Sharecare does not use your PHI to market, sell, or otherwise promote goods or services that are not health-related benefits provided by your health plan, employer, or provider.
- For External Services. We may, from time to time, outsource some or all of the operations of our business to third-party service providers. In such cases, it may be necessary for us to disclose your data to those service providers. In some cases, the service providers may collect data directly from you on our behalf. We restrict how such service providers may access, use and disclose your data. We employ other companies and individuals to perform functions on our behalf. Examples include processing compensation, providing employee benefits, and performing legal and other professional services. These agents may have access to your data as needed to perform their functions, but they are not permitted to use it for other purposes.
- In a Transaction. As we continue to develop our business, we might sell or buy companies, subsidiaries, or business units. In such transactions, data generally is one of the transferred business assets but remains subject to the promises made in any pre-existing privacy statement (unless, of course, the person consents otherwise). Also, in the unlikely event that Sharecare or all of its assets is acquired, your data may be one of the transferred assets.
- After Being Fully Deidentified, Incapable of Reidentification. We may share aggregated, de-identified information publicly and with our partners to evaluate the effectiveness, value, and analytic trends of the Services.
How We Protect Your Information
We work hard to protect Sharecare and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. Sharecare is committed to using industry-leading security practices such as ISO27001 and HITRUST. In particular:
- We comply with HIPAA’s security rule
- We encrypt many of our Services using SSL.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to Personal Information to Sharecare employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
We keep Personal Information housed on servers in the United States. If you are located outside of the United States, information we collect (including cookies) are processed and stored in the United States. By using the Services and providing information to us, you consent to the transfer to and processing of the information in the United States, which currently lacks an adequacy decision with the European Commission.
We store Personal Information for as long as required under applicable law. Where there is no legal, fiscal, administrative, or contractual requirement to retain the data for a longer or shorter period, data will be destroyed within five (5) years of its collection.
Transparency and Your Privacy Rights and Choices
People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:
- Manage your email preferences in your Notifications settings.
- Control who you share information with through your Privacy settings.
- Take information out of many of our Services by contacting Sharecare Customer Support or firstname.lastname@example.org
Advertising. Unless you are receiving Services as part of an Enterprise Program, we also personalize your experience on our sites and mobile Services by showing you advertisements from Sharecare or our advertising partners that are tailored to your interests. Learn more about interest-based advertising, including how to opt out. Use the AdChoices icon in the footer below to opt out of interest-based advertising from Sharecare.
Sharecare does not advertise, market, or promote products or services to patients, participants, or practitioners who receive Services as part of an Enterprise Program. In the event your health plan sponsor, employer, or health plan, through which you receive services, instructs us provide advertising content on this site, Sharecare would first obtain your valid authorization in compliance with applicable data privacy laws.
Information Shared By You. Many of our Services let you share information with others. Remember that when you share information publicly, it may be indexable by search engines. Our Services provide you with different options on sharing and removing your content.
Accessing and Updating Your Personal Information. Whenever you use our Services, we aim to provide you with access to your personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request. Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our Services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our Services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems. Access, correction, or deletion requests can be made by contacting Sharecare Customer Support or email@example.com.
Information of Children. The Services are not directed to or intended for use by minors. In compliance with laws, we will not intentionally collect any personal information from children under the age of 18. If you think that we have collected personal information from a minor child, please contact us.
Compliance and Cooperation with Regulatory Authorities
California Privacy Rights
Residents of the State of California may have additional rights as set forth in our Privacy Notice for California Residents. To opt of any potential sale of your personal information, click here: DO NOT SELL MY PERSONAL INFORMATION.
It is necessary for us to perform our obligations in accordance with any contract or engagement that we may have with you. It is in our legitimate interest or a third party's legitimate interest to use personal information in such a way to ensure that we provide the Services in the best way that we can.
Sharecare is located in the United States. When you submit personal information to us, or when others provide personal information to us, we will receive it and process it in the United States.
As detailed above, we sometimes provide personal information to third parties to perform services. If we transfer personal information received from the EEA to a third party, the third party's access, use, and disclosure of the personal data must also be in compliance with our Data Processing Addendum, including but not limited to the Standard Contractual Clauses contained therein.
Privacy rights under European Data Protection law, which may be exercised by all users, include:
- Transparency and the right to information. Through this policy we explain how we use and share your information. However, if you have questions or need additional information you can contact us any time.
- Right of access, restriction of processing, erasure. You may contact us to request information about the personal data we have collected from you and to request the correction, modification or deletion of such personal information, which requests we will do our best to honor subject to any legal, ethical and contractual obligations. To make a request or to ask us a question about our data practices, please contact us via email at firstname.lastname@example.org or make use of the self-service tools in “Settings” menu of your mobile app.
- Right to withdraw your consent at any time. When we process your personal data based on your consent, you have the right to withdraw it at any time.
- Right to object at any time. You have the right to object at any time to receiving marketing or promotional materials from us by either following the opt-out instructions in commercial e-mails or by contacting us, as well as the right to object to any processing of your personal data based on your specific situation. In the latter case, we will assess your request and provide a reply in a timely manner, according to our legal, ethical and contractual obligations. Some non-marketing communications are not subject to a general opt-out, such as communications about transactions and disclosures to comply with legal or ethical requirements.
- Right to data portability. You have the right to data portability of your own personal data by contacting us.
- Right not to be subject to an automated decision, including profiling. We do not make automated decisions using your personal data that may negatively impact you.
- Right to lodge a complaint with the competent Personal Data supervisory authority, if you believe that the processing of your personal data does not comply with legal requirements.
If you reside or otherwise find yourself in the outside of the U.S., we are committed to facilitate the exercise of your rights granted by the European Data Protection law and/or the laws of your country. If you have any inquiries or complaints about our handling of your personal data or about our privacy practices generally, please contact us (including our Data Protection Officer) at: email@example.com. We will respond to your inquiry promptly.
Our EEA representative is Sharecare France, 105 avenue Raymond Poincare, 75116 Paris, France.
We may require you to provide us with sufficient information such as your name, address, any other information necessary for us to verify your identity. We reserve the right to request additional information from you, such as a photocopy of your passport or other identification card in order to verify your identity.
Last modified: December 31, 2020