Privacy Policy
Updated: November 18th, 2024
Curb Health’s mission is to help as many people as possible overcome the most challenging moments of behaviour change. We wrote this policy to help you understand what information we collect through our websites, apps, devices, and other products and services, how we use it, and what choices you have about it.
Please note, this policy does not cover personal data we handle on behalf of other organisations. Those practices are covered by our agreements with those organisations, and their subsequent privacy documentation. Please see our company privacy notice for further details.
Table of Contents:
How we collect information
What we do with the information we collect
How and when we share your information
How long we keep your information
Your rights and choices
Research participation
Data Transfer
Individual Rights
Changes to this Policy
Contact Us
How we collect information:
The information we collect depends on how you interact with us, the services you use, and the choices you make. We collect information about you from different sources and in various ways when you use our services, including information you provide directly, information collected automatically, information from third-party data sources, and data we infer or generate from other data.
Information you provide: When you sign up for or use Curb Health, you share certain information, such as:
-
Common personal information and identifiers: We process name, username or alias, and contact details such as email address, postal address, and phone number.
-
Demographic data: In some cases, we request that you provide or you may offer age, gender, marital status, and similar demographic details.
-
Payment information: If you make a purchase or other financial transaction, we process credit card numbers, financial account information, and other payment details.
-
Contents and files: We process the photos, documents, or other files you upload to Curb Health; and if you send us email messages or communications, we process and retain those communications.
-
Account access information: We process information such as a username or account number in combination with a password, security or access code, or other credential that allows access to an account.
-
Contents of communications: We process the contents of messages you send in chats and message boards in our application (app).
-
Health data: We process and analyse information concerning your behaviours, including some health related data, such as weight, mental state, sleep, exercise habits, and food intake.
-
Special category data: We process information about racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data (where used for identification purposes), data concerning a person’s sex life, and data concerning a person’s sexual orientation. You may provide this information or we infer throughout the application in order to better support you.
Technical information collected automatically when you use Curb Health: When you use our website or mobile app, certain internet and electronic network activity information gets created and logged automatically. Here are some of the types of information we collect:
-
Log data: When you use Curb Health, our servers record information (log data), including information that your browser automatically sends whenever you visit a website, or that your mobile app automatically sends when you’re using it. This log data includes your IP address, browser type and settings, and the date and time you used Curb Health.
-
Geolocation data: Depending on your device and app settings, we collect geolocation data when you use our app or online services. For example, we may infer your general geographic location (such as city and country) based on your IP address.
-
Cookie data: We and our partners also use cookies, web beacons, mobile analytics and advertising device IDs, and similar technologies. We and our partners use these technologies in websites, apps, and online services to collect personal data (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our services, including personal data about your online activities over time and across different websites, apps, or online services.
-
Device information: In addition to log data, we collect information about the device you are using Curb Health on, including the type of device, operating system, settings, unique device identifiers, and crash data.
-
Usage data and customisation: When you are on Curb Health, we use your activity to customise your experience. We also automatically log your other activity on our websites, apps, and connected products, including the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website.
-
Information we create or generate: We infer new information from other data we collect, including using automated means to generate information about your likely preferences or other characteristics (“inferences”). For example, we may infer your BMI from your height and weight.
Information collected from third-party services: We also obtain the types of information described above from third parties. These third-party sources include, for example:
-
Third-party partners: Third-party applications and services, including social networks you choose to interact with to connect to our services. What we have access to is dependent on the privacy policies or settings for those accounts.
-
Information our advertisers share with us: We also get information about you and your activity from our advertising partners and other third parties we work with. For example, online advertisers or third parties share information with us to measure, report on, or improve the performance of ads for Curb Health.
-
Advertisers and third parties: We will not share your information with advertisers or sell your data to third parties.
-
Co-branding/marketing partners: Partners with which we offer co-branded services or engage in joint marketing activities.
-
Service providers: Third parties that collect or provide data in connection with work they do on our behalf. For example, companies that determine your device’s location based on its IP address.
When you are asked to provide your information, you may decline or use browser/device controls to prevent certain types of data collection. In some cases, if you choose not to provide information that is necessary, some services or features may not be available or fully functional.
What we do with the information we collect:
We’re committed to providing a service that is relevant, interesting, and personalised. To do that, we use your information to provide and improve your experience. For example:
Purposes of Use
Categories of information
Product and service delivery: To provide and deliver products and services, including fulfilling your order, troubleshooting, and personalising our services.
Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences, special category data such as health data.
Business operations: To operate our business, such as billing, accounting, improving our internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations.
Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive Information: Account access information, special category data such as health data, contents of communications.
Product improvement, development, and research: To improve our products and services, develop new products and services, and conduct user research (analytics, surveys, interviews).
Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive Information: Account access information, special category data such as health data, contents of communications.
Personalisation: To understand you and your preferences to enhance your experience and enjoyment using our services.
Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive Information: Account access information, special category data such as health data, contents of communications.
Customer support: To provide customer support and respond to your questions.
Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive Information: Account access information, special category data such as health data, contents of communications.
Communications: To send you information, including confirmations, invoices, technical notices, updates, security alerts, reminders, support, and administrative messages.
Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive Information: Account access information, special category data such as health data, contents of communications.
Marketing: To communicate with you about new services, offers, promotions, rewards, contests, upcoming events, and other information about our services and those of our selected partners.
Contact information, demographic data, payment information, content and files, identifiers and device information, geolocation data, log data, usage data, sensor data, inferences. Sensitive Information: Account access information, special category data such as health data, contents of communications.
We combine data we collect from different sources for these purposes, and to give you a more seamless, consistent, and personalised experience. See ‘Your rights and choices’ below for information about how to update or change your preferences.
How and when we share your information:
We may share your information with, for example:
-
Other services: Other services, at your direction, when you decide to link your Curb Health account to those services. If you link your Curb Health account to any of those third parties, or allow us to share your information with them, that data is governed by their privacy policies.
-
Service providers: We provide your information to agents or parties working on our behalf for the purposes described in this policy. For example, companies we have engaged to provide customer service support or assist in protecting and securing our systems and services may need access to your information to provide those functions.
-
Financial services and payment processing: When you provide payment data, for example to make a purchase, we will disclose payment and transactional data to banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, analytics, or other related financial services.
-
Corporate transactions: We may disclose your information as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of our business or assets.
-
Legal and law enforcement: We will access, disclose, and preserve your information when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.
-
Safety, security, and protecting rights: We will also disclose your information if we believe it is necessary to:
- Protect the rights or property of ourselves or others: Including enforcing our agreements, terms, and policies.
- Operate and maintain the security of our services: Including to prevent or stop an attack on our computer systems or networks.
- Protect our customers and others: For example, to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone.
- Securing your data: We use secure coding practices that adhere to OWASP guidelines.
-
Advertising providers: Third party analytics and advertising companies also collect personal data through our website and apps, including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, log data, and inferences based on and associated with that data. These third-parties may combine this data across multiple sites to improve analytics for their own purposes and for others. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.
How long we keep your information:
We keep your information only so long as we need it to provide our services to you, fulfil the purposes described in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Actual retention periods can vary significantly based on your expectations and consent, the sensitivity of the data, the availability of automated controls, and our legal or contractual obligations.
Your rights and choices:
Our goal is to give you simple and meaningful choices regarding your information. If you have a Curb Health account, many of these controls are built directly into your settings. For example, you can:
-
Edit information in your profile at any time.
-
Link or unlink your Curb Health account from other services.
-
Choose whether Curb Health will be customised for you using your inputs.
-
Close your account at any time. When you close your account, we will deactivate it and delete your account data. (Please note that there may be legal reasons for us to keep your data, such as if there is a basis in UK law that requires the retention of personal data.)
There may be occasions, when these controls and choices may be enforceable as individual rights under applicable UK privacy law:
-
Access and portability of your information: We can usually share this with you in a portable format within 30 days of you asking us. To request data export, please contact us at team@curb.health using the email address tied to your Curb Health account.
-
Correction and deletion of your information: You can log into your profile to update your information, or delete your data at any time by closing your account. Please note that there may be legal reasons for us to keep your data, such as if there is a legal basis within UK law requesting us to retain personal data. To request account deletion, please contact us at team@curb.health using the email address tied to your Curb Health account.
-
Object to us processing your information: You can ask us to stop using your information for certain purposes, including when we use your information to send you marketing emails or SMS messages. If you opt-out of receiving marketing messages from us, we may still send you updates about your account, such as when you request reminders from us to log in.
-
Data sharing: We will only share information with third parties listed in our company privacy notice. Any data sharing in relation to marketing, can be opted-out of, by altering the settings within your account. This is a fundamental individual right under UK GDPR.
-
Browser or device controls: To learn how to use browser and device controls to express your privacy choices please visit our Cookie Notice. If you have any questions relating to data privacy, please do not hesitate to contact us.
Research participation:
We are committed to validating our approach to lifelong behaviour change using science. We publish using only aggregated, de-identified data e.g. Name, Email, Phone Number. Data may be stored for longer periods insofar as the data will be processed solely for scientific or historical research purposes or statistical purposes in accordance with UK GDPR Article 89(1) subject to implementation of the appropriate technical and organisational measures required by the UK GDPR, in order to safeguard the rights and freedoms of the data subject.
Data Transfer:
The information we collect may be stored and processed in your country or region, or in any other country where we or our affiliates, subsidiaries, or service providers process data. Currently, we primarily use data centres in the United Kingdom. These locations were chosen to operate efficiently and improve our performance.
We take steps to protect your information as described in this policy wherever the data is located, some of which have not been determined by the UK or EU to have an adequate level of data protection. When we do so, we use legal mechanisms, including contracts and appropriate safeguards, to help ensure your rights and protections.
Individual Rights:
The UK GDPR offers individuals (data subjects) the following rights regarding their personal data:
-
Right to be informed: Individuals have the right to know why we are collecting and processing personal data, this right is met by the provision of this application privacy policy and any subsequent privacy documentation;
-
Right of access: You have the right to know what personal data we have on record and request a copy at any time;
-
Right of rectification: You have the right to correct personal data that we hold about you that is inaccurate or incomplete;
-
Right to be forgotten: In certain circumstances you can ask for the personal data we hold about you to be erased from our records;
-
Right to restriction of processing: Where certain conditions apply you have a right to ask us to only process your personal data for certain processing activities;
-
Right of portability: You have the right to have the personal data we hold about you transferred to another Data Controller;
-
Right to object: You have the right to object to certain types of data processing such as marketing; and
-
Right to object to automated processing, including profiling: You also have the right to object to the legal effects of automated processing or profiling.
Please feel free to contact us at any time with any privacy related questions via team@curb.health and we will respond to all requests within 30 days from the date of receipt.
Should our Data Protection Officer (DPO) not be able to satisfactorily respond to your request, you have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns. The supervisory authority in the UK is the Information Commissioner’s Office (ICO), who may be contacted by telephone on 0303 123 1113 or by visiting www.ico.org.uk. Please contact the relevant supervisory authority if outside of the UK.
We rely on different lawful bases, outlined in UK GDPR Article 6, for the collecting and processing of your personal information. You can read more about this in our company privacy notice.
Changes to this policy:
We may change this privacy policy from time to time and if we do, we will update this page, and send you a communication to advise you of this change. If you continue to use Curb Health after those changes are in effect, you agree to the new policy. If the changes are significant, we may provide more prominent notice or obtain your consent to the changes.
Contact us:
The best way to get in touch with us is by emailing team@curb.health.
241811_Privacy Policy_Curb Health