Last updated Aug. 21st 2021
Codex Health, Inc.
Codex Health provides Allie, a consumer facing mobile application, to help you manage your health and wellness by collecting health-related information from you and providing you with insights and support materials about your conditions. In addition, if you so choose, Codex Health can also share this data with your healthcare provider to facilitate their monitoring of your health and their management of your care plan. Our goal at Codex Health is to help consumers manage their health conditions through a continuum of care, starting outside the boundaries of traditional healthcare providers and linking seamlessly into the healthcare provider at the discretion of the consumer. Codex Health operates as the custodian of the consumer’s health data, and will facilitate portability of this data between healthcare providers based on the decision of the consumer.
What Information We Collect.
Sign Up Information. When you sign up to create an account with Codex Health, including through the App, we collect and retain certain information that can be used to identify you (“Personal Data”), including, in the case of account creation: your full name, date of birth, phone number, email address, height, weight, and gender.
Information You Voluntarily Provide. You may also provide certain information to us when you use the Services. For instance, you may choose to manually provide information about yourself, including, but not limited to your blood type, existing medical conditions, your health record information, information about health issues in your family, prescriptions you use, the name or names of your healthcare providers, and medical record numbers. Separately you may also choose to enable certain settings on your device that allows our App to receive data that your device collects about you, including, but not limited to, your location, heart rate, calories burned, sleep times and patterns, steps taken, body temperature, and other similar health metrics. Similarly if you already use a separate health or fitness tracking service (e.g. Apple Health), you may choose to enable that service or app to send to Codex information that you previously provided to them, including but not limited to, blood type, gender, date of birth, height, weight, and existing health conditions. You may also voluntarily provide information about yourself when you contact us for support or other inquiries, or provide feedback about the Services.
Location Information. When you use our Services, we may collect and store information about your location by converting your IP address into a rough geo-location or, when interacting with our mobile application, by accessing your mobile device’s GPS or location services, which may provide more precise geolocation information, if you enable location services on your device.
Information Sent by Your Device. We collect certain information that your mobile device, laptop, or other hardware device sends when you use our Services, including but not limited to IP Address, user agent information, network and connectivity information, device identifiers (where permitted by your operating system), language preferences, user settings, software and operating system names and versions, hardware models, as well as other information about your use of our Services.
Information from Third Parties. Codex operates, in certain capacities, as a business associate of entities - including but not limited to healthcare providers, pharmacies, and insurers - that are considered “covered entities” under the Health Insurance Portability and Accountability Act. In such cases those covered entities may provide patient information to Codex, in accordance with the applicable agreement between Codex and the covered entity. Such information - unless properly de-identified or aggregated - remains protected health information of the patient, controlled by the covered entity, and only held in a custodial capacity by Codex on behalf of the covered entity.
Information Collected Using Cookies and other Web Technologies. Like many website and app owners and operators, we (and our partners who assist us with analytics, User research, security, fraud prevention, and User support) may utilize automated data collection tools such as cookies to collect certain information from Users of our Services. These tools are used for a variety of purposes, including but not limited to User authentication, account security, analyzing site traffic and trends, and fraud prevention.
How We Use the Information. Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services (including your account, if you are an account holder), and to enable you to enjoy and easily navigate our Services. We will use your Personal Data for the following purposes:
Providing our Services, including helping you track and manage health and medical related issues, providing personalized health insights and relevant educational material, and facilitating your participation in remote patient monitoring programs offered by your healthcare provider.Communicating with Users and providing customer support in relation to the Services.Resolving disputes, responding to inquiries, collecting and processing payments fees (as applicable) and troubleshooting problems.Managing our everyday business needs, including, but not limited to the following activities: auditing, analytics, fraud prevention, and compliance with applicable laws or regulations.Customizing your experience and otherwise measuring and improving our Services.Sending you relevant emails and communications (including keeping you informed about our products, offerings, and any promotional offers) that might be of interest to you. (In the event that we use your personal information to market to you, you will be able to opt-out of such uses).Enforcing our agreements, terms, conditions, and policies, and sending you notices and alerts.We may also use your information for any other purpose disclosed to you at the time we collect or receive your information, or otherwise with your consent.
Information that We Share with Third Parties. We will not share any Personal Data that we have collected from or regarding you except as described below:
Services Providers and Business Partners. We may engage third-party service providers to help us administer, provide, and improve the Services, including but not limited to the following types of partners: web hosting providers, cloud hosting providers, fraud detection services, and customer support partners. These third-party services providers will have access to your Personal Data for the purpose of performing services on our behalf.
At Your Request. We may share information about you with third parties in the event that you request we do so, for example, with companies offering promotions or offers through our Site our Services, if you are interested in that offer and request that we share your information.
Other Third Parties. We may share de-identified or aggregated data we collect from the use of the Services, including but not limited to de-identified or aggregated health information, de-identified or aggregated location information, aggregate information about the computers or devices from which users access the Services, market trends, and other analysis that we create based on the information we receive from you and other Users.
Our Subsidiaries and Affiliates. We share information with our corporate subsidiaries and affiliates to help us provide our Services.
With your Healthcare Provider(s). We may share your personal data with your healthcare provider(s) in the event that you consent or request that we do so. This will enable them to stay connected with you, develop a more complete understanding of your medical conditions and their impact on your quality of life, and potentially improve and personalize their therapies for you. Any information you consent to be shared with your healthcare provider will come under the control of your provider and will become part of your medical record.
With Your Consent. There may be other circumstances where we will notify you of information that we seek to share with a third party not listed here, and will do so with your consent.
Information Shared with Web Analytics Services Providers. We use Google Analytics and Firebase, a service provided by Google, Inc. (“Google”), to gather information about how Users engage with our Site and Services. For more information about Google Analytics, please visit this site. You can learn how to opt out of Google’s collection and processing of data generated by your use of the Services here.
Information Disclosed in Connection with Business Transactions. If we are acquired by a third party as a result of a transaction such as a merger, acquisition, or asset sale, or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your Personal Data, may be disclosed or transferred to a third party acquirer in connection with the transaction.
Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We may disclose information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to respond to claims, legal process (including subpoenas); (ii) to protect our property, rights and safety and the property, rights and safety of a third party or the public in general; and (iii) to stop any activity that we consider illegal, unethical or legally actionable activity.
Your Choices. We offer you choices regarding the collection, use and sharing of your Personal Data and we’ll respect the choices you make. Please note that if you decide not to provide us with the Personal Data that we request, you may not be able to access all of the features of the Services.
Device Permissions. There are various device permissions that our app may request, including for instance, location, notifications, bluetooth permissions, OS identity verification services (such as Face ID or Touch ID), and (for iOS) access to Apple Health data. You are free to allow, disallow, or revoke any of these permission requests at any time, however some features of the Services may not function properly without the permission being granted.
Opt-Out of our Mailings. We may periodically send you free newsletters and emails that directly promote our Services. When you receive such promotional communications from us, you will have the opportunity to “opt-out” (by following the unsubscribe instructions provided in the email you receive). We do need to send you certain communications regarding the Services and you will not be able to opt out of those communications – e.g., communications regarding your account or updates to our Terms of Service.
Modifying Your Information. You can access and modify the Personal Data associated with your account by sending an email to firstname.lastname@example.org. If you want us to delete your Personal Data or your account, please contact us at email@example.com with your request. We’ll take steps to delete your information as soon as we can, but some information may remain in archived/backup copies for our records or as otherwise required by law.
Non-Affiliate Marketing. We do not currently share Personal Data with third parties seeking to market their own products or services to our Users. However, in the event that the company would begin sharing such information for such purpose, Users will be allowed to opt out of such sharing.
Responding to Do Not Track Signals. Our Site does not have the capability to respond to “Do Not Track” signals received from various web browsers.
The Security of Your Information. We take reasonable administrative, physical, and electronic measures designed to protect the information that we collect from or about you (including your Personal Data) from unauthorized access, use or disclosure. When you enter sensitive information on our forms, we encrypt this data using SSL or similar technologies. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information.
Data Retention. We need to retain the information that users provide us in order to provide our Services, and we retain such information for as long as you maintain your account, at a minimum. We may retain certain information where we are required to do so, in connection with regulatory, tax, insurance, legal, administrative, and other requirements. You may request deletion of your account at any time as provided above. In certain circumstances, we may be unable to delete your account immediately, such as if there is an unresolved dispute, ongoing investigation (e.g. for fraud or misuse), or we believe that we may be required to retain your account for legal reasons. Upon resolution of the issue preventing deletion, we will delete your account as described above. We may also retain certain information if necessary for our legitimate business interests, such as fraud prevention and enhancing Users' safety and security. If your healthcare provider has given data about you to Codex Health, in Codex’s contractual capacity as a business associate of that provider, such data is controlled by your healthcare provider, even if it is held by Codex, and that data will not be subject to any deletion request you send to Codex.
International Transfer. Your Personal Data may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you’re located outside the United States and choose to provide your Personal Data to us, we may transfer your Personal Data to the United States and process it there.
Our Policy Toward Children. Our Services are not directed to children under 13, and we do not knowingly collect Personal Data from children under 13. If we learn that we have collected Personal Data of a child under 13, we will take steps to delete such information from our files as soon as possible.