Effective: October 28, 2020

StepForward Inc., which operates as StepForward Metrics, Inc. in California and its related companies (“We”, “Us”, “Company”, “StepForward Inc., which operates as StepForward Metrics, Inc. in California ) take your privacy seriously, and we want you to know how we collect, use, share, and protect your information. This policy (the “Privacy Policy”) tells you what information we collect from related services provided or operated by StepForward Inc., which operates as StepForward Metrics, Inc. in California (the “Services”) including our mobile application (the “App”), how we use that information, how we may share that information, how we protect your information, and your choices regarding your Personal Information (defined below).

PLEASE READ THIS POLICY CAREFULLY TO UNDERSTAND OUR POLICIES AND PRACTICES REGARDING YOUR INFORMATION AND HOW WE WILL TREAT IT. IF YOU DO NOT AGREE TO THE PRIVACY POLICY, INCLUDING ANY CHANGES THERETO, THEN YOU MUST NOT ACCESS AND USE THE SERVICES.

To utilize the Services, you are required to submit certain information to establish an account. We collect certain information during the account registration process for identity verification purposes. We collect and utilize additional information as set forth below.

Information We Collect From You

When you register with the Services, we collect certain personally identifiable information about you (“Personal Information”), including your name, address, telephone number, contact information and password. Once you have registered, we may collect the following information about you, including:

• Your birthdate and certain personal health information (PHI), e.g., your health insurance information, upcoming appointments and health-related tasks.
• Information you provide to us, or grant us access to, when you access or use the Services.
• Information you provide in public forums through the Services, including using our review, comment, post or similar functionality.
• In the event you pay for the Services directly, payment information is provided directly to our payment processing partner.

We will process Personal Information collected through the Services in accordance with applicable law and with the agreements we have with your health care provider, health plan, pharmacy benefit manager or employer, and as described in the Terms of Service and this Privacy Policy. If you do not want to provide us this information, please do not utilize the Services.

Information We Collect Automatically

You or your health care provider, health plan, pharmacy benefit manager or employer will provide us with information so that we can provide our services to you. Additionally, we may collect certain information when you use the Services, including the following:

• Use of the App. When you use the App, we may collect certain information about such use, including the location of your mobile device, your mobile device ID, type of device and operating system you use to access our App; your activities within the App; and the length of time that you are logged in through the mobile app.
• Unique Identifiers. We may collect certain information through unique identifiers such as IP address when you are using the Services.
• Cookies. We may use “cookies” and other technologies to collect data that enable us to better understand and improve the usability, performance and effectiveness of our Services. For instance, we may use session cookies (which expire once you close your browser) or persistent cookies (which stay on your mobile device until you delete them) to provide you with a more personal and interactive experience on our App.
• Third-Party Analytics. We use third parties’ analytic and tracking tools to better understand who is using the Services, how people are using the Services and how to improve the effectiveness of the Services and its content, and to help those parties serve more targeted advertising to you across the Internet or help us serve more targeted advertising to you. Those third party companies may use cookies, pixel tags or other technologies to collect and store anonymous information such as time of visit, pages visited, time spent using the Services, device identifiers, type of operating system used and other website(s) you may have visited. They might combine information they collect from your interaction with the Services with Personal Information they collect from other sources. We do not have access to, nor control over, third parties’ use of cookies or other tracking technologies.
• DNT. Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. StepForward Inc., which operates as StepForward Metrics, Inc. in California and the Services do not recognize DNT.

What We Do with Your Information.

StepForward Inc., which operates as StepForward Metrics, Inc. in California respects your privacy and will not sell your Personal Information to third parties. We may use your Personal Information to provide Services to you, respond to your inquiries, provide information on products and services you request or have a representative contact you regarding our products or services. Unless you have otherwise opted out of receiving email communication from us, you agree by using the Services, to allow us to use your email for communication and provision of Services consistent with this Privacy Policy.

We may also use your Personal Information to update you on special offers related to our products or services, improve our products and services, provide product announcements or information regarding health topics, deliver other information we believe you will find most relevant, and useful and in any other way we may describe when you provide the information or to which you consent. We may occasionally contact you to gather customer service information to help us determine how we can improve our services and products to better meet your needs. We may also de-identify and/or aggregate your data for various business purposes including product, service and program development and improvement. De-identified data, in individual or aggregated form, may also be used for research purposes both internally by StepForward Inc., which operates as StepForward Metrics, Inc. in California or with research partners and other third parties for the advancement of clinical and scientific knowledge.

We may combine or cross-reference your Personal Information with general information or other information we may have acquired about you or may acquire about you through other sources, including offline sources of information to help further customize the information, products or services we provide to you.

We use the general information we collect from you to help us understand and analyze users of our Services, including generating aggregate statistics about Services use. This data can then be used to tailor the Services’ content, deliver a better experience for our users. We may also collect, aggregate and maintain anonymous information about the visitors to our Services. We may further share such aggregate, non-identifiable information with business partners, sponsors and other third parties.

Sharing of Personal Information with Third Parties.

From time to time, we may use third parties to provide products, services or otherwise support our business or collaborate with third parties with respect to development, promotion or other business activities related to a particular product or service. These third parties may include service providers of a sponsoring employer or employer-provided health plan. As a result, we may disclose Personal Information that we collect or you provide to contractors, Business Associates (as defined under HIPAA), service providers and other third parties for solely for purposes of providing the services as outlined above; provided such third parties have agreed to comply with this Privacy Policy or substantially equivalent terms. We may also we disclose Personal Information to our subsidiaries and affiliates; to a third party in connection with a merger, divestiture, restructuring, reorganization, dissolution, sale or transfer of some or all of our assets or other similar corporate transactions or in connection with a bankruptcy, liquidation or similar proceeding.

We may also release your Personal Information to third parties as required by law, when we believe disclosure is necessary to comply with a legal or regulatory requirements, judicial proceeding, court order or legal process served on us, to protect the safety, rights or property of patients, customers, the public or the Company or defend the Company and its officers, directors, employees, attorneys, agents, contractors and partners, in connection with any legal action, claim, or dispute.

Except as set forth in this Privacy Policy or as specifically agreed to by you, we will not sell or rent your Personal Information to third parties or disclose any Personal Information we gather from you on our Services to third parties.

How We Keep Your Information Secure. We seek to safeguard the security of your Personal Information and have implemented reasonable security measures consistent with accepted practices in the healthcare industry to protect the confidentiality of your Personal Information and limit access to it. We have a designated Chief Security Officer and have put in place a variety of information security measures to protect your Personal Information, including encryption technology, such as Secure Sockets Layer (SSL), to protect your Personal Information during data transport and at rest. However, despite our efforts to protect your Personal Information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your Personal Information over the Internet will be intercepted. Unfortunately, we cannot guarantee the absolute security of your Personal Information, nor can we guarantee that information that you provide will not be intercepted while being transmitted to us over the Internet. Therefore, we urge you to also take every precaution to protect your Personal Information when you are on the Internet or using the Services.

How to Opt Out. To opt out, please do not provide your Personal Information to us, or after providing your Personal Information to us, please send written notification to us that you no longer wish to receive information and communications from us or otherwise share your Personal Information. With respect to the collection and use of general information, you have the ability to disable or manage the use of cookies on your computer using controls in your browser. However, you are not able to opt out of the uses of general information otherwise collected as set forth in this policy. Please note that certain features of the Services may not be available when cookies are disabled. To learn more about how to manage cookies, visit http://www.allaboutcookies.org.

International Transfers. Personal Information collected from you may be stored and processed in the United States or any other country in which StepForward Inc., which operates as StepForward Metrics, Inc. in California or its affiliates, subsidiaries, agents or contractors maintain facilities. If you are accessing Personal Information from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your data to the United States and processing globally. By providing your Information you consent to any transfer and processing in accordance with this Privacy Policy.

Children’s Privacy. We are committed to protecting the privacy of children. This Services is not designed or intended for children and we do not intentionally collect information about children under 13 years old. If a parent or guardian becomes aware that a child under 13 years old has provided Personal Information to us without their consent, please contact us at ameya@stepforwardmetrics.com.

Third Party Websites. Please be aware that our website or Services may have links to third-party websites that may collect Personal Information about you. When you click on one of these third-party links, you are entering another website for which we have no responsibility. This Privacy Policy does not cover the information practices or policies of such third-party websites. We encourage you to read the privacy policies of all such websites since their privacy policies may be materially different than our Privacy Policy.

In addition, we may rely on third-party advertisers, ad networks and ad servers to promote our Services. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about our users. This may include information about users’ behavior on this and other apps to serve them interested-based (behavioral) advertising. No information you share within our Services or shared through Apple’s Health App will be shared with third-party advertisers. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement, you should contact the responsible advertiser directly.

Changes. We reserve the right to modify the terms of this Privacy Policy at any time and in our sole discretion, without notice. When the Privacy Policy is changed, modified, and/or amended, the revised Privacy Policy will be posted on our Services. Modifications will be effective immediately. You should visit this web page periodically to review the Privacy Policy. You accept any such modifications to this Privacy Policy by continued use of our Services after such modifications are made.

Contact Us. If you would like to update your Personal Information, delete your account, change your preferences or have any questions or concerns about your privacy, you may contact us at ameya@stepforwardmetrics.com. Please note that some information may remain in our records after deletion of your account, including any information or records we are legally obligated to retain.

CCPA Addendum for California Residents

Effective: October 28, 2020

This CCPA Addendum for California Residents supplements the information contained in the StepForward privacy policies and applies solely to all visitors, users, and others who reside in the State of California. We adopt this Notice to comply with the California Consumer Privacy Act (CCPA) and any terms defined in the CCPA have the same meaning when used in this Addendum.

• Information We Collect
  When you use our products, we collect information that identifies, relates to, describes, references, associates, links, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, our Websites have collected the following categories of personal information from consumers within the last twelve (12) months. Additionally, we have disclosed the following categories of information for a business purpose in the past twelve (12) months:

Category	Collected	Disclosed for a business purpose
A. Identifiers.	Yes	Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).	Yes	Yes
C. Protected classification characteristics under California or federal law.	Yes	Yes
D. Commercial information.	Yes	Yes
E. Biometric information.	Yes	Yes
F. Internet or other similar network activity.	Yes	Yes
G. Geolocation data.	Yes	Yes
H. Sensory data.	Yes	Yes
I. Professional or employment-related information.	Yes	Yes
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	No	No
K. Inferences drawn from other personal information.	Yes	Yes

 

• Personal information does not include:

1. 1. • Publicly available information from government records.
      • Deidentified or aggregated consumer information.
      • Information excluded from the CCPA’s scope, like:
        • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
        • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

• StepForward Inc., which operates as StepForward Metrics, Inc. in California obtains the categories of personal information listed above from the following sources:

1. 1. • Directly from you. For example, from information you submit when you sign up for our Services.
      • Indirectly from you. For example, from observing your actions on our Products.
      • From third-party business partners such as social media sites, ad networks, and analytics providers.

• Use of Personal Information
  StepForward Inc., which operates as StepForward Metrics, Inc. in California does not sell Personal Information.
  We may use or disclose the Personal Information we collect for one or more of the following business or marketing purposes:

1. 1. • To create your account for our services and let you log into your account and use the Products.
      • To manage your account, provide you with customer support, and ensure you are receiving quality service.
      • To contact you or provide you with information, alerts and suggestions that are related to the service.
      • For billing.
      • To contact you, either ourselves or using the appropriate authorities, if either we or a provider have a good reason to believe that you or any other person may be in danger or may be either the cause or the victim of a criminal act.
      • To match you with a provider.
      • To enable and facilitate the delivery of our health services.
      • To supervise, administer and monitor the service.
      • To measure and improve the quality, the effectiveness and the delivery of our service.
      • Market our product and services to you.
      • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
      • To provide, support, personalize, and develop our products and services.
      • To personalize your experience and deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our websites, third-party sites, and via email or text message (with your consent, where required by law).

• StepForward, Inc. will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
• Disclosure of Personal Information
  StepForward, Inc. may disclose your Personal Information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient both to keep that personal information confidential and not to use it for any purpose except performing the contract.
  We share the minimum necessary personal information with the following categories of third parties:

1. 1. • Service providers that provide audit, legal, operational, technical or other services for us, such as:
        • Customer service
        • Technical maintenance
        • Monitoring website activity
        • Email management and communication
        • Database management
        • Billing and payment processing
        • Reporting and analytics
        • Marketing and advertising
      • Providers who provide our services

• Your Rights and Choices
  The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
  Right to Request Access to Information
  You have the right to request that StepForward, Inc. notify you of the Personal Information about you that we have collected and used. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

1. 1. • The categories of Personal Information we collected about you.
      • The categories of sources for the Personal Information we collected about you.
      • Our business or commercial purpose for collecting that Personal Information.
      • The categories of third parties with which we shared that Personal Information.
      • The specific pieces of Personal Information we collected about you.

• If we disclosed your Personal Information for a business purpose, and identifying the Personal Information categories that each category of recipient obtained.

1. 1. • If we disclosed your Personal Information for a business purpose, we will provide the Personal Information categories that each category of recipient obtained.

• Right to Request Deletion of Information
  You have the right to request that StepForward, Inc. delete any of your Personal Information that we collected about you and retained. Once we receive your request and verify who you are, we will delete (and direct our service providers to delete) your Personal Information from our records, unless an exception applies.
  We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

1. 1. • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
      • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
      • Debug products to identify and repair errors that impair existing intended functionality.
      • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
      • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
      • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
      • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
      • Comply with a legal obligation.
      • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

• Exercising Your Rights
  To exercise the rights listed above, please submit a request to ameya@stepforwardmetrics.com Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a request related to your Personal Information. You may also make a request on behalf of your minor child.
  You may only make a request for access twice within a 12-month period. Your request must:

1. 1. • Provide sufficient information that allows us to verify within reason that you are the person about whom we collected Personal Information or an authorized representative.
      • Describe your request with sufficient detail that allows us to understand, evaluate, and respond to it.

• We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm that the Personal Information relates to you. Making a request does not require you to create an account with us. We will only use Personal Information provided in a request to verify your identity or authority to make the request.
  Response Timing and Format
  We will try to respond to a request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
  For Requests to Access, our response will only cover the 12-month period preceding the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We will select a format to provide your Personal Information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
  We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

• Non-Discrimination
  We will not discriminate against you for exercising any of your CCPA rights. We will not:
  • • Deny you goods or services.
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
    • Provide you a different level or quality of goods or services.
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

• Changes to Our Privacy Notice
  We reserve the right to amend this Addendum at our discretion and at any time. When we make changes to this Addendum, we will post the updated Addendum on stepforwardmetrics.com and update the Addendum’s effective date. Regardless of changes to our Privacy Policy, we will never use the information you submit under our current privacy notice in a new way without first notifying you and giving you the option to opt out. Your continued use of our services following the posting of changes constitutes your acceptance of such changes.

• Contact Information
  If you have any questions or comments about this Notice, the ways in which StepForward, Inc. collects and uses your information described above, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
  ameya@stepforwardmetrics.com