Privacy Policy

Updated February 2, 2024

At Phill.com, we prioritize your privacy. This Privacy Policy is applicable to Phill.com's website, app, and related APIs, sites, and services (referred to individually as "Site", or "Service" and collectively as the "Services"), which are managed by us.

This document outlines how we handle data collection, processing, and usage, and explains the options you have regarding the use, access, and correction of your personal data. If you disagree with our data practices as described in this Privacy Policy, you should refrain from using our Services.

This Privacy Policy addresses:
‍Information Collection We collect various types of information, including Personal Information, Usage and Device Information, in relation to your or your organization's use of our Services that are linked to this Privacy Policy.
‍Health InformationCertain Personal Information may fall under the Health Insurance Portability and Accountability Act of 1996("HIPAA"). Your healthcare provider will inform you about their privacy practices concerning your health information. We limit our collection and use of protected health information to what is necessary for providing the Services on our platform.
‍Usage of InformationWe strictly adhere to this Privacy Policy in using the collected information to deliver and improve our Services, respond to inquiries, process transactions, comply with laws, and for other permitted legal uses.
‍Sharing of InformationWe may share your information within our organization and with third-party service providers, business partners, and legally authorized representatives to enhance our Services. We ensure your information is not sold to third parties nor used for independent third-party marketing without your engagement.
‍Your RightsYou have rights to access, correct, and control your Personal Information, including opposition to processing, deletion, and restriction of use, as mandated by law.
‍Retention and SecurityWe retain your information as necessary for providing Services and for legal compliance. We strive to protect your data through technical, administrative, and physical safeguards.
‍Cookies and TechnologiesWe use cookies and similar technologies for service delivery and personalization. You can control these through your browser or device settings, though this may affect your ability to use certain Services.
‍Marketing and AnalyticsWe collaborate with partners for marketing and analytics to understand service interaction and communicate effectively, using cookies and technologies for data collection.
‍External LinksOur Services may link to external sites not governed by this Privacy Policy. We advise caution and encourage reviewing their privacy policies.
‍Children's PrivacyOur Services are intended for adults. Minors under legal contract age must have adult authorization to use our Services. We do not knowingly collect information from children under 16.
‍Updates to Privacy PolicyWe may periodically update this Privacy Policy. Significant changes will be communicated through our Services or via email.
‍Contact UsFor any questions or concerns about this policy or your information, please reach out to our customer service. This summary aims to uphold transparency and clarity regarding your privacy rights and our data practices.
‍TYPES OF INFORMATION WE GATHER FROM YOU During your interaction with our Services, we collect a variety of information types as described below.
PROVIDED INFORMATION BY YOU (“PERSONAL INFORMATION”)
REGISTRATION DETAILSTo register for our Services, you must provide certain details such as:

Your name
Email address
Password
Phone number
Physical address

This information is gathered directly from you when you fill out forms on our Services and submit them to us.
‍SUPPLEMENTARY INFORMATIONFor enhancing your experience or to activate specific features within the Services, you might opt to supply us with extra information, including:
‍
Identification details
Birthdate
Demographic details (like gender, height, weight, and location),
Results from tests conducted by third parties,
Additional health and medical records and diaries,
Username on community or social platforms, and
‍
Communications and multimedia content on forums or with your social circles through the Services.
‍
Should you reach out to us, take part in a survey, contest, or promotional event, we collect the details you provide such as your name, email, contact details, and any messages sent.
‍DATA FROM OTHER SERVICESBy linking your account on our Services with another platform, we may obtain information from that platform. For instance, connecting with Facebook or Google could share details like your name, profile picture, age category, language, email, and contacts list.
‍
You might also allow us access to your personal data from other platforms, like activity or health data. You can halt the sharing of data from these platforms with us by revoking our access. Nevertheless, we will retain the data previously collected unless you decide to opt-out.
‍INFORMATION FROM OTHER USERSIn the course of utilizing our Services, information about someone else may be provided by users, or an authorized user(like an account manager) might set up an account on your behalf and provide your information. We presume that the provider of this information has the consent and authority to do so and agrees on behalf of the individual to the collection and usage of their personal information as outlined in this Privacy Policy. If you are aware of someone providing us with personal information without proper authorization, please inform us immediately, and we will take actions in alignment with this Privacy Policy.
‍FINANCIAL AND PAYMENT DETAILSCertain Services of our Company facilitate payments and dealings with third parties. Your payment data is not stored by us. For handling payment card transactions, we employ a third-party service provider. This third-party payment processor might keep this information under their privacy policies and terms. This provider is restricted from storing, retaining, or utilizing the information provided, except strictly for conducting credit card transactions on our behalf. 
DATA RECEIVED THROUGH YOUR ENGAGEMENT WITH OUR SERVICES
USAGE AND TECHNICAL DATAAs you navigate and interact with our Services, we gather specific usage and technical details (“Usage and Device Information”). This encompasses data related to how you engage with the Services, such as viewing or searching for content, downloading, or launching apps or software, signing up for or accessing your account, importing data into your account, or linking a third-party service with your account.

We also collect information about the devices and computers you use to access our Services. This information includes IP addresses, types of browsers, languages, operating systems, mobile device details (like device and app IDs), the webpage that led you to our Services, the pages you visit, your location (based on the permissions you've given us),and cookie data.
‍SENSITIVE AND HEALTH-RELATED DATAWhen we collect health data or other sensitive personal data from you directly or through your connected Electronic Health Record (EHR), we seek your explicit consent to process this sensitive personal information. We ask for your consent separately at the point of actions that result in us obtaining the data, for example, when you input health survey data or allow us access to your health or activity data from another platform. You have the ability to withdraw your consent at any time through your account settings or by contacting us to request data deletion or account closure.

In instances where we function as a Data Processor (processing your personal data on behalf of a third party that collected the data from you), and the third party (Data Controller) is responsible for determining the processing purposes and methods of your personal data, it is the Data Controller's responsibility to secure your explicit consent for processing your sensitive personal data, including health information. In such cases, we are not accountable for obtaining this consent. The Data Controller may have distinct policies for the handling and disclosure of your personal information, including any sensitive personal data you provide to them. Our Privacy Policy does not cover, nor can we influence, the Data Controller's practices; our Policy only pertains to the processing of your personal data that we perform as a Data Processor at the request of the Data Controller. We recommend reviewing the Data Controller's privacy policy or contacting them directly for information on their privacy practices related to the use and disclosure of your personal information, including any sensitive personal data.
‍UTILIZATION OF YOUR INFORMATIONWe employ the information gathered for multiple purposes as outlined below:
‍DELIVERING AND UPKEEPING OUR SERVICESThe collected information is crucial for the provision and maintenance of our Services, ensuring adherence to our Terms of Service or any business agreement with you. This includes:

• administering, operating, safeguarding, and maintaining our Services;
• monitoring and analyzing trends, activities, and usage related to our Services;
• calculating metrics within the Application for various purposes;
• managing accounting, recordkeeping, backup, and administrative tasks;
• tailoring and enhancing the content of our communications, websites, and social media platforms;
• offering customer support and handling service requests, including feedback, surveys, and testimonials about the Service;
• communicating with you to address your queries, comments, and requests about our Services;
• processing transactions, sending related information such as service alerts, confirmation of purchases, and invoices;
• training our workforce in data protection and customer service excellence
• complying with legal requirements, cooperating with law enforcement, judicial orders, and regulatory inquiries;
• enforcing our rights, terms, conditions, and ensuring the safety and security of our Services and users.

ENHANCING, PERSONALIZING, AND DEVELOPING NEW SERVICESWe leverage the information to refine, personalize our Services, and to innovate new offerings. For instance, we utilize the data to troubleshoot, protect against errors, perform analytics, testing, research, survey conductance, and develop new features and services.

The information about you and your usage of the Services may be used to deliver generalized health and wellness notifications and information that could interest you.
‍COMMUNICATIONYour information is utilized to communicate necessary service notifications and to respond to your inquiries. We also use your data to promote features or products we believe you would find beneficial, and to solicit feedback, conduct user surveys, and gather testimonials. Control over marketing communications and many service notifications can be managed through your notification preferences in account settings or by opting out through links provided in emails or by contacting customer support.
‍LINKING YOU WITH THIRD-PARTY PRODUCTSAND SERVICESWe use the information to offer targeted, personalized advertising and promotional information about third-party offers, services, or products that might interest you, without sharing your personal information with third parties for these purposes. However, you may opt to share your information with third parties by engaging with their websites or advertisements directly. If you request, we may share your information with third-party providers to facilitate your interaction with their products or services, such as ordering lab tests or connecting with organizations through our Services.
‍ENSURING SAFETY AND SECURITYThe information helps us ensure the safety and security of our Services, users, and other parties by:

• authenticating user identities;
• facilitating secure payment processes.
• responding to legal requests or claims, conducting audits, and enforcing our terms and policies;
• investigating and guarding against fraud, unauthorized access, and illegal activities;
• demonstrating compliance with our internal policies and applicable privacy and data security laws, including HIPAA and GDPR.

‍UTILIZATION AND SHARING OF DE-IDENTIFIED INFORMATIONWe may use or disclose de-identified information, which has been processed to remove or obscure personal identifiers, for various purposes including internal quality control, research, and development, and as permitted by law. This includes general research, communications, and potential collaborations with third parties for analyzing aggregated data, contributing to studies, or commercial partnerships for research and development purposes.

We employ cookies and similar technologies to support the purposes described, adhering to legal bases under GDPR for processing personal data, including consent (which can be withdrawn at anytime), contract performance, and legitimate business interests in improving, personalizing, and safeguarding our Services.
‍SHARING YOUR INFORMATION: OUR PRACTICESWe are committed to safeguarding your personal information and only share it under specific circumstances as detailed below.
‍CONSENTED OR DIRECTED SHARINGYou have the ability to instruct us to share your information with others, for instance. You can modify your privacy settings in your account to manage visibility to other users. Additionally, you may give us permission to share your information with third-party applications, your employer, or other organizations, with each governed by their own privacy policies and terms. Consent given to share with third-party applications or wellness programs by your employer can be revoked through your account settings.
‍SHARING FOR PROCESSINGWe may pass your information to our affiliates, service providers, and other partners for processing in line with this policy, under strict confidentiality and security measures. These partners globally assist us with various services, including customer support, IT, payments, sales, marketing, data analysis, research, and surveys.
‍SHARING FOR LEGAL COMPLIANCE AND HARM PREVENTIONYour information may be preserved or disclosed to comply with laws, respond to legal processes or governmental requests, assert legal rights, defend against claims, or prevent, detect, or investigate illegal activities, fraud, terms violations, or threats to the Services' security or physical harm to any individual.

We aim to notify you about legal demands for your information unless prohibited by law or in emergency situations involving potential harm.
‍NON-PERSONAL INFORMATION SHARINGAggregated or de-identified information that cannot reasonably identify an individual may be shared publicly and with third parties, such as in public reports or with partners under agreements, or as part of community benchmarking provided to subscription service users.
‍SHARING IN BUSINESS TRANSFERSIn cases of equity or asset sales, mergers, reorganizations, or similar transactions, we may share your personal information with the prospective buyer or successor. We commit to maintaining confidentiality and providing notice before transferring any personal information to a new entity.
‍NO SALE OF PERSONAL INFORMATIONWe do not sell your personal information to third parties as defined in the California Consumer Privacy Act of 2018 and will seek your express consent if this policy changes in the future.
‍YOUR RIGHTS OVER YOUR PERSONALINFORMATIONRegardless of your location, you can manage your personal information via account settings and our provided tools.
‍REQUESTS TO KNOW AND DELETEUnder the California Consumer Privacy Act of 2018, you have the right to request details about the personal information we collect, use, disclose, and sell (Request to Know) and to request the deletion of your personal information (Request to Delete). These requests can be made through customer support.

We verify these requests by asking you to log into your account and re-authenticate yourself. For verified deletion requests, deletion will occur within 14 days, although complete removal from backup systems may take up to 90 days. Certain data may be retained for legal reasons or to prevent harm as outlined in the "How We Share Your Information" section.

Authorized agents can make requests on your behalf, provided that verifiable proof of authorization is submitted. We may still require you to verify your identity unless power of attorney is provided.

For additional inquiries about our privacy practices, please contact our Chief Privacy Officer at privacy@phill.com.