Privacy Policy

Last updated: 25 May 2018

At Salubrious, we believe that technology can empower you to take control of your thyroid health and engage in data-driven conversations with your healthcare professionals.

We acknowledge the heavy responsibility that comes with safeguarding your sensitive data, such as information about your medication, symptoms, mood, vital signs, sleep, and activity. We are committed to achieving the highest standards of privacy and security, as well as being transparent about how we process your data.

We hope you will find this privacy policy clear and informative. Please get in touch at help@salubrious.co if you have any questions.

PILIPALA: your thyroid diary (“PILIPALA”) is made in Cardiff, Wales, by Salubrious Ltd (“Salubrious”), and the way we handle data meets British and European Union legal requirements.

Salubrious is registered with the Information Commissioners Office (reference number: ZA262968) and has an appointed data protection officer who can be contacted at help@salubrious.co.

1. How we process your personal data

Whenever you use our services — e.g. when you use the PILIPALA app or when you visit the PILIPALA website — some of your personal and non-personal data is collected, stored, and analysed using third-party tools.

Here are the two purposes for which we process your data and the type of data that is processed:

1.1 To understand your needs and improve our services

When you use the PILIPALA app or when you visit our website we collect, store, and use some of your personal and non-personal data and transmit it to third-party services.

We do this in order to understand your needs and your use of our products, to analyse bugs and fix issues, and to bring you more useful features.

Here are the types of data we collect:

Device data This data tells us about the device you use to access our services, such as the model, name and identifiers, device settings, the application identifier, and crash information. On our website, we collect information about your browser and browser settings, the operating system you use, and the system settings of your device.

Usage data When you use the app or when visit our website, we process data in order to understand your usage of our services—for example, which pages you visit or which functions within the app you use. We collect this information and use it as aggregate data to better understand which features are the most relevant or useful to all of our users.

IP address We collect IP addresses provided by your browser or mobile device to deliver the service to your device. We also use the IP address to determine your approximate location for statistical and analytics purposes and to provide contextual weather information.

All the data we collect is necessary for Salubrious to deliver the services you use. The amount we collect has been minimised to respect your privacy.

_ Should you disagree with the collection and processing of this data, you should stop using our services and uninstall the PILIPALA app from your device._

1.2 To deliver personalised insights

The data you track in PILIPALA about your health and activities is considered sensitive personal data.

All of your sensitive personal data is stored solely on your device and we don’t have access to it. To deliver personalised insights about your health and activities, we process data on your device only.

If you delete PILIPALA or lose your device, your data in the PILIPALA app will also be lost.

2. Your consent for processing health and sensitive data

By completing the PILIPALA app setup process and creating an account with Salubrious you explicitly consent that:

i. Salubrious may store and process personal data you provide through the usage of the Pilipala app and through the account creation process solely for the purpose of providing services to you and to improve PILIPALA’s features. Such services may include sending you information and reminders through the PILIPALA app or to the email address you provided to Salubrious.

ii. Personal data you provide to Salubrious through the account creation process includes personal data you enter into the PILIPALA app, such as your name and email address, but does not include sensitive personal data about your health which never leaves your device.

iii. Salubrious will not transmit any of your personal data to third parties, except if it is required to provide services to you (e.g. technical service providers), unless Salubrious has asked for your explicit consent.

3. Your rights

Here are some key facts about us and your privacy that we think you should know:

i. Our products and services have been designed to minimise the use of your personal data. We only collect and process your data for the purposes that have been previously outlined.

ii. We do not retain your data in an identifiable format for longer than is necessary to deliver our services.

iii. Salubrious does not engage in automated decision-making or profiling activities.

As a user of Salubrious’ services and website, you have a right to:

i. Request information on your personal data processed by Salubrious. Upon your request, this information will be provided to you electronically.

ii. Gain access to your information by requesting a backup of your data (as explained in the next section) in a format that is readable by other companies or organisations (data portability).

iii. Correct your personal information and health data in the settings and tracking functions available in the Pilipala app.

iv. Withdraw your consent from data processing at any time by deleting your account and/or unsubscribing from messages by clicking the link at bottom of the email or by contacting help@salubrious.co

v. Request we delete all of your data, including all past data sent to third-party services used for tracking and analysis, by contacting us at help@salubrious.co. Your data will be deleted within 30 days.

vi. Raise your concerns to the Information Commissioners Office at https://ico.org.uk/concerns/ if you believe Salubrious is processing your personal data in violation of data protection regulations.

4. Data Security

We apply security measures to protect against the misuse, loss, and/or alteration of personal information under our control. We follow industry best practices when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.

4.1 How Salubrious stores your personal data

Salubrious operates a server-less environment. That means we don’t have the physical capability to store any of your personal data.

Some of your personal data is transmitted between your device and servers belonging to third parties that help us deliver services to you via PILIPALA. Data is transmitted using the HTTPS protocol for encryption. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser.

4.2 Salubrious’ recommendations for protecting your data

We recommend that you take these steps to protect your device and the data it holds:

i. Activate either PIN, TouchID, or FaceID authentication for your device. This automatically encrypts your Pilipala data and prevents any person from using your device without your permission.

ii. Set up a feature that will allow you to erase all the data from your device if it’s lost or stolen. For iOS, activating this feature is a two-step process: first, you need to Activate “Find My iPhone” via iCloud – see instructions on Apple Support pages – and then enable “Erase your device” – see instructions on Apple Support pages).

5. Data transfer outside the European Union (EU) and to third-party applications

Any personal data collected from you may only be transferred to countries outside the European Union/ the European Economic Area (EEA) observing applicable privacy regulations and ensuring that your privacy rights remain protected.

5.1 Apple Health (iOS)

PILIPALA will not exchange any personal data with Apple’s Health app without your prior approval. Approval is given by you in the relevant settings of the Health app or within the PILIPALA app during initial setup and can be revoked by you at any time. If you have given your approval, PILIPALA may interact with the Health app on your iOS device and read and/or write information between the PILIPALA app and Health. This may include a transfer of your personal data to Apple servers located outside the European Union.

You can choose if and to what extent your personal data is exchanged between PILIPALA and Health by granting or revoking permissions in the Health app settings. Please read Apple’s Privacy Information to find out more.

5.2 Google Analytics

Our website uses Google Analytics, a web analysis service operated by Google Inc. (“Google”). Google Analytics uses cookies (text files) stored on your computer to allow for analysis of your visits to websites and interactions with them in order to personalize your experience and improve our services. Information produced via cookies will be transferred to and stored on a server in the USA operated by Google.

Google analyses this information to offer reports to Salubrious on website usage and online usage of associated services. Google may also transfer this information to third parties either when this is required by law or when third parties are contracted by Google to process this data. Google will not allow your IP address to be linked to any other personal data. You can prevent cookies from being stored on your computer by changing your browser settings; however, if you choose to do this, your experience when visiting our website or using some of our features may be altered.

By using PILIPALA’s website, you consent to have non-personal data used and processed by Google as described above. You can withdraw consent for this use of your data at any time, but this withdrawal only applies to future activities.

5.3 Firebase Authentication

Salubrious uses Firebase, provided by Google Inc. (“Google”), to enable us to verify your email address and set up your account. Using this authentication service will send your email address to Google. Using authentication does not transfer any of your health data to third parties.

Salubrious uses Firebase, provided by Google Inc. (“Google”), to enable “dynamic linking” into the PILIPALA app for install attribution. It is used, among others, to enable you to invite your friends to use Butterfly and download it from the App Store. Using this dynamic links service will send usage data such as your IP address to Google. Using deep linking does not transfer any of your health data to third parties.

5.5 Appsee

Salubrious uses a data analysis service called Appsee which is operated by Shift 6 Ltd. Appsee uses device identifiers that are stored on your mobile device and allow us to analyse your use of the PILIPALA app in order to improve our app features. Data concerning your use of the PILIPALA app will be transferred to and stored on a server in the USA operated by Shift 6 Ltd.

By using our service, you explicitly consent to the use and processing of your data collected by Appsee as described above. You can prevent your participation in Appsee’s analysis by switching off the sending of usage data within the Settings section of the PILIPALA app.

If you are using the PILIPALA app as an invited member of our beta testing programme, and you disagree with the collection and processing of this data, you should stop using our services and uninstall the beta version of the PILIPALA app from your device.

5.6 Facebook Lookalike Audience

If you have communicated to Facebook that you are using the PILIPALA app, Salubrious may use this information via a Facebook advertising service called “lookalike audiences” to identify potential new PILIPALA users based on the Facebook characteristics of certain existing PILIPALA users (e.g. what they liked on Facebook). We use this service in order to reach more people with similar attributes or behavior to our existing users. For this purpose, we may share your email address with Facebook, but only if you downloaded PILIPALA via a Facebook advertisement. In other words, if you didn’t tell Facebook you use PILIPALA, we will not share that information. Additionally, Salubrious does not in any way share data you are tracking in the app (e.g. what medication you take, what symptoms you experience) or any other personal information with Facebook.

5.7 EU-US Privacy Shield

The above-mentioned companies are either EU-based or compliant with the EU-US Privacy Shield Framework that ensures that European data privacy requirement are met. The privacy policy of these services can be found on their respective websites. Read more about the EU-US Privacy Shield Framework.

6. Cookies

Our website uses cookies – small text files that help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. You may, however, disable cookies on PILIPALA’s website. The most effective way to do this is to disable cookies using the functions presented by our website. We also suggest consulting the help section of your browser or visiting aboutcookies.org which offers guidance for your browser or device.

7. Communications and newsletter activities

Salubrious uses your personal information, such as your email address, to contact you with messages, emails, and newsletters. These may include push notifications and in-app messages, informational content about health delivered to you via email, as well as occasional promotional materials that may be of interest to you, also sent via email.

Such services are only provided to you if you have signed up for the newsletter service or given your consent for these notifications. You can withdraw your consent at any time from either or both of the two — you can unsubscribe from email messages and disable notifications sent by the PILIPALA app by clicking the unsubscribe link at the bottom of the message.

In order to provide these services, Salubrious may forward information such as your email address to third-party providers in order to carry out newsletter service or notification. These providers are the Rocket Science Group LLC (“MailChimp”), based in Atlanta, USA, which may process your email address, name and usage data to send you informational and occasional commercial content via email; and Intercom Inc. (“Intercom”) based in San Francisco, USA, which processes names and email addresses as well as the personal information that may be included in support emails and messages.

The privacy policy of these services can be found on their respective websites. Both companies are compliant with the EU-US Privacy Shield Framework that ensures that European data privacy requirements are met.

8. Child users

You can only use our services if you are over the relevant age at which you can provide explicit consent to the processing of your data under the laws of your country or if you have the consent of your parent or legal guardian.

If you are a parent and learn that your child is using PILIPALA without your permission or if you have specific questions about data privacy at Salubrious, do not hesitate to get in touch with us at help@salubrious.co

9. Changes to this Privacy Policy

Salubrious reserves the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and data use practices, the features of Salubrious’ services, or advances in technology. Please check this page periodically for changes. If we make a change to this Privacy Policy that, in our sole discretion, is material, we will notify you by posting notice of these changes in this Privacy Policy.

If any part of our Privacy Policy is unclear or if you have further questions, get in touch at help@salubrious.co.

Copyright 2018 Salubrious Ltd. All rights reserved.