Health Hero Updated Privacy Policy This updated Privacy Policy reflects Health Hero’ commitments and obligations under the EU’s new General Data Protection Regulation (GDPR). Your privacy is important to us, so the goal of this policy is to be transparent about what information Health Hero collects, uses, and shares. This policy explains your rights with regards to that information. It also explains how to access and update your information, and how you can object to its use. When we refer to “Health Hero”, “we”, or “us”, we mean the Health Hero entity that acts as the controller or processor of your information. This policy covers: 1. What information we collect and how we use it 2. How we share information 3. How we store, secure, and transfer information 4. Your data rights and choices 5. Contacting Health Hero When we make changes to our Privacy Policy, we will revise the date at the top of this page. We may also notify you via in-app messages or by email. General Privacy Terms and Conditions Please address questions related to our privacy practices to [email protected] What information we collect and how we use it Health Hero collects the following information about you when you provide it to us and use our services: Account and Profile Information When you sign up, create a profile, set your preferences, or pay for your subscription, Health Hero collects your name, username, password, email, address, company information, and any profile pictures or avatars you choose to upload. We use this information to correctly identify you, communicate with you, and provide you with customer support. We also use this contact information for accounting and administrative purposes, for transactional emails including app and billing notifications, and to notify you about new features, releases, blog posts, and discounts. User Created Content As you work on your projects, Health Hero stores the content you create, send, receive, and share. This includes any assets you upload to Health Hero, such as images, icons, or logos. It also includes comments posted to your projects by you, your team members, and your collaborators. We use this information to securely store your work, and provide access to your team members and the collaborators you designate. Device Information and Log Data We collect information about the type of device you use to access Health Hero, as well as your device settings, operating system, browser information, connection type, IP address, and the URLs of referring pages. Additionally, we log the date and time you access our services, as well as any error or crash data. We use device and location information to help us optimize your Health Hero’ display and performance, provide accurate billing information, understand user demographics, and improve the overall user experience. Your log data helps us troubleshoot errors, analyze performance, resolve reliability issues, perform security audits, and investigate potential service fraud or abuse. Payment Information Customers that purchase a paid Health Hero subscription provide us, or our payment processors, with billing details such as credit or debit card information, banking information, and billing addresses. When you purchase a subscription through one of our payment processors, we receive only partial information about your card, and Health Hero doesn’t store cardholder information on our servers. We use your payment information in order to fulfill, track, and manage your subscription. Service Metadata This data is generated automatically when you visit Health Hero. It provides us with information about how you browse our website and use our app. That includes the links you click, the search terms you use, and the features you access. We use this metadata to help us understand how our users work, and what they find most valuable at Health Hero. We also use this information to measure the efficiency of our product, enhance our services and guide our future development. Support Information When you reach out to Health Hero, you may contact our team through the service of a third-party support platform. The information you provide to our team, including any troubleshooting documentation or screenshots, are saved as part of your support history. We use this information to resolve any issues you are having, relay feedback to our team, respond to your comments and requests, and confirm your purchases and refunds. We also use this data to provide you with security alerts and technical notices. Cookie Information Health Hero and our third-party advertising and analytics partners use cookies and similar technologies for tracking across different devices, websites, and online services. We use this information both for secure authentication and for the maintenance of your active sessions. Our third-party partners use cookies for the purposes of marketing, ad targeting, and performance analytics. Integrations and Linked Services Health Hero offers integrations with a number of third-party services. For instance, you can sign up and log into Health Hero by using Google, Slack, and other third-party authentication providers. You can also connect your Health Hero account to Google Drive and Dropbox in order to be able to export and save your projects there. We also offer add-ons to Atlassian’s Jira and Confluence platforms. Whenever you or your account owner links to one of these third-party services, Health Hero is authorized to connect and transfer the information as specified by our agreement with that linked service. We use this information to authenticate, connect, or link your third-party accounts to Health Hero. However, we do not receive or store passwords for any of these third-party services. To understand what data may be shared with Health Hero when you enable these integrations, please check the settings, permissions and privacy policies of these third-party services. Information Provided by Other Users Other Health Hero users may provide contact information about you when they share content, or when they invite you to collaborate on a project. We use this information to facilitate collaboration and to help you communicate with your team members and stakeholders. How we share information **We Do Not Sell Your Information** Health Hero users create and share sensitive and proprietary data on our platform. Since we appreciate our users’ need for privacy, we adhere to a straightforward business model based on the offer of both paid subscriptions and free plans. This means that, no matter what Health Hero plan you choose, we will never sell information about you, your profile, your projects, nor your data and metadata, to advertising companies or other third parties. Other Health Hero Users Health Hero is a collaborative platform that’s designed to let you share and disseminate your work. This means you are free to invite your peers to view, comment, download, or edit collaboratively in real time, depending on the settings that you select. You can also choose to make your work publically available. In addition, you may also grant your team members project access rights that are equivalent to yours, including the ability to transfer your project ownership to a different account. Some of these collaborative features display your publicly accessible profile information to the other users you’ve invited to collaborate. Community and Forums Health Hero offers publicly accessible blogs and community forums. Any comments you contribute to these platforms may be read, collected or used by any member of the public who chooses to access them. Your information may remain posted on these sites, even if your account is deleted at your request. Testimonials and Case Studies We might contact you with a request to provide information that would appear, as a testimonial or case study, on our blog and website. In this case, we would seek explicit, written consent to use this information. Social Media Links and Third-Party Widgets Some Health Hero services include social media links and widgets. In order to function properly, these features may set a cookie that records the Health Hero page from which you engaged them, as well as your IP address. These features may also link to other websites or services whose privacy policies differ from ours. As a result, any information you provide to them will be governed by their policies and not this one. Third-Party App Integrations Health Hero users are free to allow third-party apps and integrations to connect to their Health Hero account. Once enabled, Health Hero may share information with those services. Health Hero does not control the way in which these services collect, share, or use information. Because of this, Health Hero users should review the privacy policies of all third-party services before connecting to, or use their applications. Legal Compliance and Fraud Prevention In exceptional circumstances, we may disclose information about you to a third party if we receive a request and believe that the disclosure is in accordance with or required by any applicable law, rule or regulation, legal process, or enforceable governmental request. We may also do so to enforce our Terms of Service, investigate potential violations, prevent and detect fraud, track and solve security or technical issues, and protect against any harm to the rights, property or safety of Health Hero, its users, or the public as required or permitted by law. Changes in Business If Health Hero engages in a merger, acquisition, reorganization, bankruptcy, dissolution, sale of company assets, financing, public offering of securities, or due diligence and other steps in contemplation and negotiation of such activities, we may share or transfer information that we collect under this privacy policy, subject to standard confidentiality agreements. How we store, secure, and transfer information Third Party Service Providers Health Hero contracts with third party service providers. These services may require access to your information in order to help us operate, market, and support our services. For example, Health Hero uses third party services to provide hosting, maintenance, backup, virtual computing, storage, payment processing, customer support, data analytics, advertising, marketing, and other services. Our contracts with these services provide for the maintenance, confidentiality, security, and integrity of the information we share with them. Data Security Health Hero takes data security very seriously and implements the industry’s best practices and policies. We take all reasonable measures to protect your information and to prevent any kind of unauthorized access, misuse, loss, or disclosure. The third-party service providers that we use for infrastructure and payment processing are ISO certified and PCI compliant, and they adhere to the same privacy and security principles as we do. We conduct regular, manual and automated security audits. We also participate in voluntary penetration tests performed by third parties; these tests are followed by concrete, internal security policy updates and actionable engineering items for our development team. When possible, your data is also stored in anonymized form. While no system is infallible, we strive to keep our systems secure and constantly updated. Data Retention Health Hero stores your information for as long as your account is active, and for a reasonable period thereafter, in case you decide to use our services again. Health Hero may also retain certain information for as long as necessary in order to support business operations, or as required by law. International Data Transfers Health Hero collects information internationally and uses hosting and cloud computing infrastructure located primarily in the United States to transfer process and store information. In order to provide you with our service, we may also transfer your data to third-party services. Please refer to the "List of data sub-processors" for more information about why we use those third-party services, and where they are located. Your data rights and choices The following is a summary of choices you can make to exercise your data rights: Opt Out of Promotional Communications You have the right to opt out of receiving any promotional communication. To unsubscribe from our newsletter, or other promotional emails, use the link at the bottom of the message. You can also contact us directly to have your information removed from our promotional contact list. Please note that, even if you unsubscribe, you will continue to receive non-promotional, transactional messages regarding your account and other essential services. Access and Update Personal Information You have the right to access and edit your profile and billing information at any time. You also have the right to rectification in case your personal data is incomplete or inaccurate. To update your information, log in to your account and use the editing tools in your Health Hero Dashboard. If you require assistance, please contact our Support team. Right to be Forgotten You have the right to be forgotten which means that, at any time, you can request that Health Hero permanently delete all applicable data records, including your profile information, both personal and financial, along with any user-created content. In some cases, we may need to retain partial information to fulfill our legal responsibilities, or to complete ongoing financial transactions. Data Portability You have the right, at any time, to request and receive the information that you have provided to Health Hero. We will provide you with your information, in a machine-readable format, so that you can make use of it in other contexts, or with other service providers. Access Under 16 Years of Age Health Hero’s services are not directed at children. Furthermore, we do not knowingly collect personal information from individuals under 16 years of age, unless consent is given or authorized by the holder of parental responsibility for the child. If we become aware that someone under 16 has provided us with personal details, we will take steps to delete such information. If you become aware that a child has unlawfully or unwittingly provided us with personal data, please contact our Support team. Request That We Stop Using Your Information Even if you have previously consented to our Terms of Service and Privacy Policy, you have the right, at any time, to change your mind and object to the collection, use, and processing of your personal information. Additionally, you are under no contractual obligation to continue to provide any information to Health Hero. However, we require certain information in order to provide you with our services. Therefore, if you disagree with the terms of this Privacy Policy or our Terms of Service, you should stop using Health Hero, and contact us so that we may delete your information. Contacting Health Hero If you have any questions about Health Hero's Privacy Policy or want to make a request with regard to your information, please contact our Data Protection Officer at [email protected] Health Hero, Inc 548 Market St, Suite 15351 San Francisco, CA, USA [email protected]