Effective from Wednesday 26 August 2020
At Salubrious, we believe that technology can empower you to take control of your thyroid health and engage in data-driven conversations with your healthcare professionals.
We acknowledge the heavy responsibility that comes with safeguarding your sensitive data, such as information about your medication, symptoms, mood, vital signs, sleep, and activity. We are committed to achieving the highest standards of privacy and security, as well as being transparent about how we process your data.
PILIPALA: thyroid health plan (“PILIPALA”) is made in Cardiff, Wales, by Salubrious Ltd (“Salubrious”), and the way we handle data meets British and European Union legal requirements.
1. How we process your personal data
When you use the PILIPALA app or when you visit our website we collect, store, and use some of your personal and non-personal data and transmit it to third-party services.
We do this in order to understand your needs and your use of our products, to analyse bugs and fix issues, and to bring you more useful features and insights.
Here are the types of data we collect:
Device data This data tells us about the device you use to access our services, such as the model, name and identifiers, device settings, the application identifier, and crash information. On our website, we collect information about your browser and browser settings, the operating system you use, and the system settings of your device.
Usage data When you use the app or when you visit our website, we process data in order to understand your usage of our services — for example, which pages you visit or which functions within the app you use. We collect this information and use it as aggregate data to better understand which features are the most relevant or useful to all of our users.
IP address We collect IP addresses provided by your browser or mobile device to deliver the service to your device. We also use the IP address to determine your approximate location for statistical and analytics purposes and to provide contextual weather information.
Personal Data is information that can be used, directly or indirectly, alone or together with other information, to identify you as an individual: your name and e-mail address; your date of birth, your weight, your medication type and dosage and your laboratory test results.
Other information is information that is de-identified, anonymised and aggregated, and which does not reveal your identity. We collect and use this information to provide insight into thyroid conditions and to understand how you use our service.
All the data we collect is necessary for Salubrious to deliver the services you use. The amount we collect has been minimised to respect your privacy.
Should you disagree with the collection and processing of this data, you should stop using our service and uninstall the PILIPALA app from your device.
2. Your consent for processing health and sensitive data
By completing the PILIPALA app setup process and creating an account with Salubrious you explicitly consent that:
i. Salubrious may store and process personal data you provide through the usage of the Pilipala app and through the account creation process solely for the purpose of providing services to you and to improve PILIPALA’s features. Such services may include sending you information and reminders through the PILIPALA app or to the email address you provided to Salubrious.
ii. Salubrious will not transmit any of your personal data to third parties, except if it is required to provide services to you (e.g. technical service providers), unless Salubrious has asked for your explicit consent.
3. Your rights
Here are some key facts about us and your privacy that we think you should know:
i. Our products and services have been designed to minimise the use of your personal data. We only collect and process your data for the purposes that have been previously outlined.
ii. We do not retain your data in an identifiable format for longer than is necessary to deliver our services.
iii. Salubrious does not engage in automated decision-making or profiling activities.
As a user of Salubrious’ services and website, you have a right to:
i. Request information on your personal data processed by Salubrious. Upon your request, this information will be provided to you electronically.
ii. Gain access to your information by requesting a backup of your data (as explained in the next section) in a format that is readable by other companies or organisations (data portability).
iii. Correct your personal information and health data in the settings and tracking functions available in the PILIPALA app.
iv. Withdraw your consent from data processing at any time by deleting your account and/or unsubscribing from messages by clicking the link at bottom of the email or by contacting firstname.lastname@example.org
v. Request we delete all of your data, including all past data sent to third-party services used for tracking and analysis, by contacting us at email@example.com. Your data will be deleted within 30 days.
vi. Raise your concerns to the Information Commissioners Office at https://ico.org.uk/concerns/ if you believe Salubrious is processing your personal data in violation of data protection regulations.
4. Data Security
We apply security measures to protect against the misuse, loss, and/or alteration of personal information under our control. We follow industry best practices when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.
4.1 How Salubrious stores your personal data
Salubrious operates a server-less environment. That means we don’t have the physical capability to store any of your personal data.
Some of your personal data is transmitted between your device and servers belonging to third parties that help us deliver services to you via PILIPALA. Data is transmitted using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser.
4.2 Salubrious’ recommendations for protecting your data
We recommend that you take these steps to protect your device and the data it holds:
i. Activate either PIN, TouchID, or FaceID authentication for your device. This automatically encrypts your PILIPALA data and prevents any person from using your device without your permission.
ii. Set up a feature that will allow you to erase all the data from your device if it’s lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate “Find My iPhone” via iCloud - see instructions on Apple Support pages - and then enable “Erase your device” - see instructions on Apple Support pages).
5. Data transfer outside the European Union (EU) and to third-party applications
Any personal data collected from you may only be transferred to countries outside the European Union/ the European Economic Area (EEA) observing applicable privacy regulations and ensuring that your privacy rights remain protected.
5.1 Apple Health (iOS)
PILIPALA will not exchange any personal data with Apple’s Health app without your prior approval. Approval is given by you in the relevant settings of the Health app or within the PILIPALA app during initial setup and can be revoked by you at any time. If you have given your approval, PILIPALA may interact with the Health app on your iOS device and read and/or write information between the PILIPALA app and Health. This may include a transfer of your personal data to Apple servers located outside the European Union.
You can choose if and to what extent your personal data is exchanged between PILIPALA and Health by granting or revoking permissions in the Health app settings. Please read Apple's Privacy Information to find out more.
5.2 Google Analytics
Google analyses this information to offer reports to Salubrious on website usage and online usage of associated services. Google may also transfer this information to third parties either when this is required by law or when third parties are contracted by Google to process this data. Google will not allow your IP address to be linked to any other personal data. You can prevent cookies from being stored on your computer by changing your browser settings; however, if you choose to do this, your experience when visiting our website or using some of our features may be altered.
By using PILIPALA’s website, you consent to have non-personal data used and processed by Google as described above. You can withdraw consent for this use of your data at any time, but this withdrawal only applies to future activities.
5.3 Heap Analytics
Salubrious uses a data analysis service called Heap which is operated by Heap Inc.. Heap uses device identifiers that are stored on your mobile device and allow us to analyse your use of the PILIPALA app in order to improve our app features. Data concerning your use of the PILIPALA app will be transferred to and stored on a server in the USA operated by Heap Inc.
By using our service, you explicitly consent to the use and processing of your data collected by Heap as described above. You can prevent your participation in Heap’s analysis by switching off the sending of usage data within the Settings section of the PILIPALA app.
Salubrious uses a data management service called Segment which is operated by Segment.io Inc Inc.. Segment uses device identifiers that are stored on your mobile device and allow us to analyse your use of the PILIPALA app in order to improve our app features. Data concerning your use of the PILIPALA app will be transferred to and stored on a server in the USA operated by Segment.io Inc.
By using our service, you explicitly consent to the use and processing of your data collected by Segment as described above.
5.5 EU-US Privacy Shield
7. Communications and newsletter activities
Salubrious uses your personal information, such as your email address, to contact you with messages, emails, and newsletters. These may include push notifications and in-app messages, informational content about health delivered to you via email, as well as occasional promotional materials that may be of interest to you, also sent via email.
Such services are only provided to you if you have signed up for the newsletter service or given your consent for these notifications. You can withdraw your consent at any time from either or both of the two — you can unsubscribe from email messages and disable notifications sent by the PILIPALA app by clicking the unsubscribe link at the bottom of the message.
In order to provide these services, Salubrious may forward information such as your email address to third-party providers in order to carry out newsletter service or notification. Our provider is Helpcrunch Corporation (“Helpcrunch”) based in San Francisco, USA, which processes names and email addresses as well as the personal information that may be included in support emails and messages.
8. Child users
You can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country or if you have the consent of your parent or legal guardian.
If you are a parent and learn that your child is using PILIPALA without your permission or if you have specific questions about data privacy at Salubrious, do not hesitate to get in touch with us at firstname.lastname@example.org
Copyright 2018-20 Salubrious Ltd. All rights reserved.