Last updated: 25 May 2018
At Salubrious, we believe that technology can empower you to take control of your thyroid health and engage in data-driven conversations with your healthcare professionals.
We acknowledge the heavy responsibility that comes with safeguarding your sensitive data, such as information about your medication, symptoms, mood, vital signs, sleep, and activity. We are committed to achieving the highest standards of privacy and security, as well as being transparent about how we process your data.
PILIPALA: your thyroid diary (“PILIPALA”) is made in Cardiff, Wales, by Salubrious Ltd (“Salubrious”), and the way we handle data meets British and European Union legal requirements.
1. How we process your personal data
Whenever you use our services — e.g. when you use the PILIPALA app or when you visit the PILIPALA website — some of your personal and non-personal data is collected, stored, and analysed using third-party tools.
Here are the two purposes for which we process your data and the type of data that is processed:
1.1 To understand your needs and improve our services
When you use the PILIPALA app or when you visit our website we collect, store, and use some of your personal and non-personal data and transmit it to third-party services.
We do this in order to understand your needs and your use of our products, to analyse bugs and fix issues, and to bring you more useful features.
Here are the types of data we collect:
Device data This data tells us about the device you use to access our services, such as the model, name and identifiers, device settings, the application identifier, and crash information. On our website, we collect information about your browser and browser settings, the operating system you use, and the system settings of your device.
Usage data When you use the app or when visit our website, we process data in order to understand your usage of our services—for example, which pages you visit or which functions within the app you use. We collect this information and use it as aggregate data to better understand which features are the most relevant or useful to all of our users.
IP address We collect IP addresses provided by your browser or mobile device to deliver the service to your device. We also use the IP address to determine your approximate location for statistical and analytics purposes and to provide contextual weather information.
All the data we collect is necessary for Salubrious to deliver the services you use. The amount we collect has been minimised to respect your privacy.
_ Should you disagree with the collection and processing of this data, you should stop using our services and uninstall the PILIPALA app from your device._
1.2 To deliver personalised insights
The data you track in PILIPALA about your health and activities is considered sensitive personal data.
All of your sensitive personal data is stored solely on your device and we don’t have access to it. To deliver personalised insights about your health and activities, we process data on your device only.
If you delete PILIPALA or lose your device, your data in the PILIPALA app will also be lost.
2. Your consent for processing health and sensitive data
By completing the PILIPALA app setup process and creating an account with Salubrious you explicitly consent that:
i. Salubrious may store and process personal data you provide through the usage of the Pilipala app and through the account creation process solely for the purpose of providing services to you and to improve PILIPALA’s features. Such services may include sending you information and reminders through the PILIPALA app or to the email address you provided to Salubrious.
ii. Personal data you provide to Salubrious through the account creation process includes personal data you enter into the PILIPALA app, such as your name and email address, but does not include sensitive personal data about your health which never leaves your device.
iii. Salubrious will not transmit any of your personal data to third parties, except if it is required to provide services to you (e.g. technical service providers), unless Salubrious has asked for your explicit consent.
3. Your rights
Here are some key facts about us and your privacy that we think you should know:
i. Our products and services have been designed to minimise the use of your personal data. We only collect and process your data for the purposes that have been previously outlined.
ii. We do not retain your data in an identifiable format for longer than is necessary to deliver our services.
iii. Salubrious does not engage in automated decision-making or profiling activities.
As a user of Salubrious’ services and website, you have a right to:
i. Request information on your personal data processed by Salubrious. Upon your request, this information will be provided to you electronically.
ii. Gain access to your information by requesting a backup of your data (as explained in the next section) in a format that is readable by other companies or organisations (data portability).
iii. Correct your personal information and health data in the settings and tracking functions available in the Pilipala app.
iv. Withdraw your consent from data processing at any time by deleting your account and/or unsubscribing from messages by clicking the link at bottom of the email or by contacting firstname.lastname@example.org
v. Request we delete all of your data, including all past data sent to third-party services used for tracking and analysis, by contacting us at email@example.com. Your data will be deleted within 30 days.
vi. Raise your concerns to the Information Commissioners Office at https://ico.org.uk/concerns/ if you believe Salubrious is processing your personal data in violation of data protection regulations.
4. Data Security
We apply security measures to protect against the misuse, loss, and/or alteration of personal information under our control. We follow industry best practices when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.
4.1 How Salubrious stores your personal data
Salubrious operates a server-less environment. That means we don’t have the physical capability to store any of your personal data.
Some of your personal data is transmitted between your device and servers belonging to third parties that help us deliver services to you via PILIPALA. Data is transmitted using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser.
4.2 Salubrious’ recommendations for protecting your data
We recommend that you take these steps to protect your device and the data it holds:
i. Activate either PIN, TouchID, or FaceID authentication for your device. This automatically encrypts your Pilipala data and prevents any person from using your device without your permission.
ii. Set up a feature that will allow you to erase all the data from your device if it’s lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate “Find My iPhone” via iCloud – see instructions on Apple Support pages – and then enable “Erase your device” – see instructions on Apple Support pages).
5. Data transfer outside the European Union (EU) and to third-party applications
Any personal data collected from you may only be transferred to countries outside the European Union/ the European Economic Area (EEA) observing applicable privacy regulations and ensuring that your privacy rights remain protected.
5.1 Apple Health (iOS)
PILIPALA will not exchange any personal data with Apple’s Health app without your prior approval. Approval is given by you in the relevant settings of the Health app or within the PILIPALA app during initial setup and can be revoked by you at any time. If you have given your approval, PILIPALA may interact with the Health app on your iOS device and read and/or write information between the PILIPALA app and Health. This may include a transfer of your personal data to Apple servers located outside the European Union.
You can choose if and to what extent your personal data is exchanged between PILIPALA and Health by granting or revoking permissions in the Health app settings. Please read Apple’s Privacy Information to find out more.
5.2 Google Analytics
Google analyses this information to offer reports to Salubrious on website usage and online usage of associated services. Google may also transfer this information to third parties either when this is required by law or when third parties are contracted by Google to process this data. Google will not allow your IP address to be linked to any other personal data. You can prevent cookies from being stored on your computer by changing your browser settings; however, if you choose to do this, your experience when visiting our website or using some of our features may be altered.
By using PILIPALA’s website, you consent to have non-personal data used and processed by Google as described above. You can withdraw consent for this use of your data at any time, but this withdrawal only applies to future activities.
5.3 Firebase Authentication
Salubrious uses Firebase, provided by Google Inc. (“Google”), to enable us to verify your email address and set up your account. Using this authentication service will send your email address to Google. Using authentication does not transfer any of your health data to third parties.
5.4 Firebase Dynamic Links
Salubrious uses Firebase, provided by Google Inc. (“Google”), to enable “dynamic linking” into the PILIPALA app for install attribution. It is used, among others, to enable you to invite your friends to use Butterfly and download it from the App Store. Using this dynamic links service will send usage data such as your IP address to Google. Using deep linking does not transfer any of your health data to third parties.
Salubrious uses a data analysis service called Appsee which is operated by Shift 6 Ltd. Appsee uses device identifiers that are stored on your mobile device and allow us to analyse your use of the PILIPALA app in order to improve our app features. Data concerning your use of the PILIPALA app will be transferred to and stored on a server in the USA operated by Shift 6 Ltd.
By using our service, you explicitly consent to the use and processing of your data collected by Appsee as described above. You can prevent your participation in Appsee’s analysis by switching off the sending of usage data within the Settings section of the PILIPALA app.
If you are using the PILIPALA app as an invited member of our beta testing programme, and you disagree with the collection and processing of this data, you should stop using our services and uninstall the beta version of the PILIPALA app from your device.
5.6 Facebook Lookalike Audience
If you have communicated to Facebook that you are using the PILIPALA app, Salubrious may use this information via a Facebook advertising service called “lookalike audiences” to identify potential new PILIPALA users based on the Facebook characteristics of certain existing PILIPALA users (e.g. what they liked on Facebook). We use this service in order to reach more people with similar attributes or behavior to our existing users. For this purpose, we may share your email address with Facebook, but only if you downloaded PILIPALA via a Facebook advertisement. In other words, if you didn’t tell Facebook you use PILIPALA, we will not share that information. Additionally, Salubrious does not in any way share data you are tracking in the app (e.g. what medication you take, what symptoms you experience) or any other personal information with Facebook.
5.7 EU-US Privacy Shield
7. Communications and newsletter activities
Salubrious uses your personal information, such as your email address, to contact you with messages, emails, and newsletters. These may include push notifications and in-app messages, informational content about health delivered to you via email, as well as occasional promotional materials that may be of interest to you, also sent via email.
Such services are only provided to you if you have signed up for the newsletter service or given your consent for these notifications. You can withdraw your consent at any time from either or both of the two — you can unsubscribe from email messages and disable notifications sent by the PILIPALA app by clicking the unsubscribe link at the bottom of the message.
In order to provide these services, Salubrious may forward information such as your email address to third-party providers in order to carry out newsletter service or notification. These providers are the Rocket Science Group LLC (“MailChimp”), based in Atlanta, USA, which may process your email address, name and usage data to send you informational and occasional commercial content via email; and Intercom Inc. (“Intercom”) based in San Francisco, USA, which processes names and email addresses as well as the personal information that may be included in support emails and messages.
8. Child users
You can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country or if you have the consent of your parent or legal guardian.
If you are a parent and learn that your child is using PILIPALA without your permission or if you have specific questions about data privacy at Salubrious, do not hesitate to get in touch with us at firstname.lastname@example.org
Copyright 2018 Salubrious Ltd. All rights reserved.