Introduction

Tenure Health, Inc. (“Tenure Health,” “we,” or “us”) owns and operates the Tenure Health website located at www.tenurehealth.com (“Website”). Your access and use of the Website, any part thereof, or anything associated therewith, including its content (“Content”), any products or services provided through the Website, and any affiliated website, software, or application owned or operated by Tenure Health (collectively, including the Website and the Content, the “Service”) are governed by this Tenure Health Website Privacy Policy (“Privacy Policy”).

We are committed to respecting the privacy of users of the Service. We created this Privacy Policy to tell you how Tenure Health collects, uses, and discloses information to provide you with the Service, and to explain certain rights you have in connection with and over your personal information. As with our Terms of Use for the Service (“Terms of Use”), if we make any changes to our Privacy Policy, we will post the revised Privacy Policy and update the “Last Revised” date of the Privacy Policy.

By accessing or using the Service, you acknowledge the practices and policies outlined in this Privacy Policy. If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual’s behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.

Protected Health Information

Tenure Health is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”); however, our affiliated medical group, Tenure Health of California (“Medical Group”) may be a “covered entity” and, solely in its role providing administrative services to the Medical Group, Tenure Health may be a “business associate” of the Medical Group. Therefore, the Medical Group and, solely in its role as a business associate, Tenure Health, may be subject to certain provisions of HIPAA with respect to “protected health information,” as defined under HIPAA, that you provide to the Medical Group. PHI does not include information that has been de-identified in accordance with HIPAA (“De-Identified Health Information”), and does not include information that you submit to Tenure Health for purposes other than supporting and facilitating your relationship with the Medical Group or your other healthcare providers.

Under HIPAA, a “covered entity” is required to provide their patients a Notice of Privacy Practices that describes how the covered entity uses and discloses “protected health information” (“PHI”). As a result, the Medical Group has adopted and, if you become a patient of the Medical Group, has separately provided or will provide to you a HIPAA Notice of Privacy Practices that describes how the Medical Group may use or disclose your PHI (“Medical Group Notice of Privacy Practices”).

HIPAA also requires a covered entity to obtain a patient authorization that satisfies certain requirements for the covered entity or its business associates to use or disclose PHI in certain ways. To ensure that the Medical Group and Tenure Health are able to effectively provide their respective services to you and that you are able to utilize the full functionality of the Service, the Medical Group and/or Tenure Health may need to use or disclose your PHI in ways that would require the Medical Group to obtain an authorization under HIPAA. As a result, the Medical Group, if you become a patient of the Medical Group, has obtained or will obtain from you a patient authorization (“Patient Authorization”) that authorizes the Medical Group and Tenure Health to use and disclose your PHI in certain ways that may not be described in this Privacy Policy or the Medical Group Notice of Privacy Practices.

If Tenure Health is a “business associate” of the Medical Group and is collecting, sharing, or using your information as a business associate of the Medical Group, Tenure Health’s use, and disclosure of your PHI will comply with HIPAA and any Patient Authorization. Any information that does not constitute PHI may be used or disclosed in any manner permitted under this Privacy Policy.

Collection and Use of Information

We collect any information you provide when you use the Service, including, but not limited to personally-identifying information (“PII”). Such collected data may include the following categories of data:

  • Communicated Data: Data included in any communication you send to us, whether from the contact form(s) located on the Website, through email, text, social media messaging or posting, or any other communication you send us through any medium. We keep and process this communication data for the purposes of (i) communicating with you, (ii) record keeping, (iii) the establishment, pursuit, and/or defense of legal claims, and (iv) other lawful purposes.
  • Customer and Registration Data: Data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address, email address, phone number, contact, purchase, and credit card details. We process and store this data to manage your account, supply the goods and/or services you have purchased, and keep records of such transactions.
  • Marketing Data: Data about your preferences in receiving marketing from us and your communication preferences. We process this data to deliver relevant website content to you and to measure or understand its effectiveness.
  • Technical Data: Data about your use of the Service such as your IP address, your login data, details about the device you use, details about your browser, length of visit to pages on the Website, page views, and navigation paths, details about the number of times you use the Website, time zone settings, and other technology on the devices you use to access the Website. The source of this data is our analytics tracking system. We process this data to analyze your use of the Website and other online services, to administer and protect our business and website, to deliver relevant content and advertisements to you, and to understand the effectiveness of our advertising.
  • User Data: Data about how you use the Service together with any data that you post for publication on the Website or through other online services. We process this data to operate the Website and ensure relevant Content is provided to you, to ensure the security of the Website, to maintain back-ups of the Website and/or databases, and to enable publication and administration of the Website, and other online services, and business.
  • Medical Group Data: In addition to the information, we collect directly from you, we may also collect certain information from the Medical Group and/or your other healthcare providers who provide treatment or other services to you in connection with our Service. This information may include, but is not limited to, diagnoses, treatment plans (including prescription details), and notes, and is accessible and visible through certain components of the Service.
  • Third-Party Data:
    • We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care, or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.
    • We may also receive information about your online and offline actions and purchases from third-party data providers who have the right to provide us with your information.
  • Device Data: Data from the device through which you access the Service. This information includes, but is not limited to, your language preferences, your phone number or other unique device identifiers (the International Mobile Equipment Identity or the Mobile Equipment ID number), the IP address of your device, the manufacturer, model, and operating system of your device, the name, and version of our Service you are using, information regarding your browser and information that allows us to personalize our Service. We or our service providers may also collect information about how you interact with our Service and any of our websites to which our Service links, such as how many times you use a specific part of our Service, the amount of time you spend using our Service, how often you use our Service, actions you take in our Service and how you engage with our Service.
  • Location Data: Data regarding your location or the location of your device through which you access our Service. Information regarding your location may be obtained directly from you when you provide us with information as part of the registration process.
  • Wearable Device Data: Data collected by wearable devices, lifestyle, and health applications such as Garmin, Apple iWatch, Fitbit, Withings, Oura, Omron, Apple Health, Strava, and Fitnespal that you link to our Service will be collected, copied, and stored in our infrastructure. Over time, additional wearable and lifestyle, and health app options will be added. This information collected may be analyzed for the purpose of enhancing our Services and providing you with personalized recommendations.
  • Non-Identifiable Data: When you interact with us through the Service, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. We may store such information itself or such information may be included in databases owned and maintained by Tenure Health affiliates, agents or service providers. The Service may use such information and pool it with other information to track, for example, the total number of visitors to the Website, the number of visitors to each page of the Website, and the domain names of our visitors’ Internet service providers. It is important to note that no PII is available or used in this process.
  • Cookies: We may store cookies (e.g., locally stored objects) in your device when you use the Service. These cookies are used to help us speed up your future activities or to improve your experience by remembering the information that you have already provided to us. Some of our service providers may also use cookies to provide us with anonymous data and information regarding your use of the Service. At your option, you may block or delete devices from your hard drive. However, by disabling such tracking devices, you may not have access to all features of the Service. For more about cookies, including links to web browser instructions for disabling and managing such tracking devices, visit https://www.usa.gov/optout-instructions.
  • Third-Party Tools: In addition, we may use third-party tools, which will also use your data to enable us to provide or improve the Service. Such tools may include the following:
    • Google Analytics. Google Analytics is a web analytics tool that helps operators (like Tenure Health) understand how users (like you) engage with their applications. Google Analytics uses cookies to track your interactions with our Service and to collect information about how you use the Service. We then use the information to compile reports that help us improve the Service. Google Analytics collects, processes, and creates reports about website trends without identifying individual users. For more information regarding Google Analytics visit “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners/.
    • Google Firebase. Google Firebase is a release and monitoring tool we use with our mobile app in order to provide you with the best user experience on mobile. We are not letting Google use your data for marketing. For more information regarding Google Firebase visit “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners/
  • Amplitude. Amplitude is a product-analytics platform that helps us personalize your experience with our service by better understanding how you use our services. Data that is being collected by Amplitude is subject to the Amplitude privacy policy located at https://amplitude.com/amplitude-security-and-privacy
  • Aircall. Aircall is a voice platform that we use to manage inbound and outbound phone calls and texts and integrate them into our services. The information collected by Aircall is subject to Aircall Privacy policy located at https://aircall.io/privacy/.
  • Sakari. Sakari is a business text messaging service that we use to communicate with you more efficiently and with more relevance. Data that is collected by Sakari.io is subject to the Sakari privacy policy located at https://sakari.io/privacy-policy/
  • Segment. Segment is a data management platform that helps us personalize your experience by better understanding how you use our website and mobile app. Data that is collected by Segment is subject to the Segment privacy policy located at https://www.twilio.com/legal/privacy
  • Terra. Terra is a service that makes it easier for us to connect to your wearable data. Data that is collected by Terra is subject to Terra privacy policy located at https://tryterra.co/privacy.
  • June. June is a product-analytics platform that helps us personalize your experience by better understanding how you interact with our web and mobile products. Data that is being collected by June is subject to June privacy policy located here.
  • Intercom. We use the Intercom chat product to enable you to contact us through the website and mobile app. You should not share your PII through the Tenure Health chat functionality, and should instead use the chat feature within the Forward app. Data you provide through the website chat functionality is subject to Intercom’s privacy policy located here.
  • Meta. We use Meta to serve our ads and let us know, through the use of tags called UTM parameters, if you clicked an ad on Meta to get to the Website. We do not receive PII from Facebook, and your data on Meta is subject to its privacy policy located here. You can learn more about our use of cookies with such Meta Business Tools here.

Interest-Based or “Personalized” Advertising

In public areas of our Service, our third-party vendors may use device identifiers and other automated technologies (including cookie identifiers on the Website), along with other collected information, to deliver content or tailor ads when you are on other devices, apps or websites. These ads may be based, for instance, on the types of websites that you visit over time, the types of apps you have on your device, or de-identified information about you and your likely interests, based on your activities off of our Service. Sometimes, our service providers may use the information collected—for instance, IP addresses and unique mobile device identifiers—to locate or try to locate the same unique users across multiple browsers or devices (such as smartphones, tablets, or computers), or work with providers that do this, to help identify visitors to the publicly-accessible areas of our Service and serve advertising. If you wish to opt out of cross-device tracking for purposes of interest-based advertising, you may do so through your device settings. Partners that we or others work with to do the above may track your activities over time (including across different apps or websites) by collecting information through automated means, and they may use this information, and other information they receive from us or other sources, to deliver advertisements to you.

You can learn more about interest-based advertising on the web, or opt out of receiving those ads, by visiting (i) the Network Advertising Initiative’s Consumer Opt-Out here http://www.networkadvertising.org/choices or (ii) the Digital Advertising Alliance’s Consumer Opt-Out here http://www.aboutads.info/choices/ to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, you can visit the Google Ads Settings page here https://www.google.com/settings/ads. As to cross-app advertising, each operating system (e.g., iOS for Apple phones, Android for Android devices, and Windows for Microsoft devices) provides its own instructions on how to prevent the delivery of tailored in-application advertisements. You should view your device or system “Settings” to determine how you can opt out of the use of your device identifier for “cross-app” personalized advertising.

Please note that to the extent advertising technology is integrated into the public area of our Service, you may still receive advertisements even if you opt out. In that case, the advertising will not be tailored to your interests. Also, we do not control any of the above opt-out links or whether any particular company chooses to participate in these opt-out programs.

Additional Use of Information

In connection with providing the Service, we and our affiliates and service providers may use your information, subject to the limitations addressed in the Protected Health Information Section above, for a number of purposes, including, but not limited to: (a) verifying your identity and administering your user account (“Account”), including processing your payments and fulfilling your orders; (b) communicating with you about the Service or your use of the Service, and sending you communications on behalf of the Medical Group; (c) providing you customer support and responding to your requests or concerns; (d) facilitating the provision of services to you by the Medical Group; (e) making certain information in your medical records accessible and available to you; (f) sending you push notifications (notifications may be enabled or disabled through your device or app settings depending on your device type); (g) processing payments; (h) detecting, preventing, investigating and responding to fraud, intellectual property infringement, violations of our Terms of Use, or other misuse of our Service or the Medical Group’s services; (i) reviewing, monitoring, expanding or improving the Service; (j) reviewing and analyzing the efficacy of some or all of the Service; (k) identifying and creating new Content, software or tools offered through the Service; (l) developing, testing and offering other products and services, whether or not through the Service; (m) providing certain marketing communications or promotional materials relating to the Service that may be of interest to you; and (n) any other use permitted by applicable law.

Disclosure of Information

Tenure Health is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. We will use your PII solely to provide the Service and otherwise as described in this Privacy Policy, and we will protect such information against disclosures that may be made of such information without your authorization. There are, however, certain circumstances in which we may share your PII with certain third parties without further notice to you, as set forth below.

  • The Service: We may disclose your information to third parties in connection with the provision of our Service or your physician’s provision of services or as otherwise permitted or required by law. For example, we may disclose your information to: (a) our third-party service providers that provide services such as the hosting of the Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, auditing, payment processing, and other similar services; (b) the Medical Group to schedule and fulfill appointments and provide healthcare services; (c) the Medical Group to whom you send messages through our Service; (d) the Medical Group for treatment, payment or healthcare operations purposes; (e) third parties as we believe necessary or appropriate to enforce our policies and/or contracts; protect us, you, or others; or to comply with applicable laws.
  • Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, PII may be part of the transferred assets. We may also share your PII with our subsidiaries and affiliates for purposes consistent with this Privacy Policy.
  • Agents, Consultants, and Related Third Parties: Tenure Health, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, providing business and market intelligence, maintaining databases, and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
  • Legal Requirements: Tenure Health may disclose your PII if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Tenure Health, (iii) act in urgent circumstances to protect the personal safety of users of the Service or the public, or (iv) protect against legal liability.

No Use by Minors

Our Service is intended for use by individuals who are at least 18 years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Service. We do not knowingly collect information from individuals under the age of 18. If we learn that we have received any information from an individual under the age of 18 instead of from such individual’s parent or legal guardian, we will only use that information to respond directly to that child (or a parent a parent or legal guardian) to inform him or her that he or she cannot use the Service, and subsequently we will delete such information from our own servers.

Jurisdictional Issues

The Service may only be used as set forth in the Terms of Use. This Privacy Policy, and our collection, use, and disclosure of your information, is governed by U.S. and California law.

Third Parties

This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information or other practices of any third parties, including, without limitation, the Medical Group, the manufacturer of your mobile device, and any other third party mobile application or website to which our Service may contain a link. These third parties may at times gather information from or about you. We do not control and are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of each website and application you visit and use. To the extent you are or wish to become a patient of the Medical Group, we also encourage you to review its Notice of Privacy Practices.

Your Choices

You can visit the Website without providing any PII. If you choose not to provide any PII (or only provide certain requested PII), you may not be able to use certain services.

Users of the Service are required to inform us about any change concerning their data, in particular about changes of place of residence, changes of surname, and changes of email address. We are not liable for the consequences resulting from providing mistaken data.

California residents have the following additional choices:

  • Data Information: You may, up to two times during any twelve-month period, request details of personal information which we hold about you. If you would like a copy of the information we keep on our systems about you, please contact us as provided below. If you believe that any information we are holding is incorrect or incomplete, please contact us (through the means provided below) as soon as possible. We will promptly correct any information found to be incorrect. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. We will take action to verify the requestor’s identity and/or California residence.
  • Removal of Your PII: You can ask us at any time to delete the information we hold on you by contacting us through the means provided below. If we are not able to delete such information because we have a need to keep it (for example, to comply with a medical records law or other law requiring us to hold such information), we will not use the information for any purpose other than that specific need. We may need to collect information from you so that we can verify your identity before taking any such requested action. We will respond to your request within 45 days. Such cancellation will be subject to the policies and procedures outlined in our Terms of Use. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. We will take action to verify the requestor’s identity and/or California residence.
  • Your California Privacy Rights: We may disclose your personal information to our affiliates or other related third parties for their use in marketing to you. Pursuant to California’s “Shine the Light Act,” California residents are permitted to request information about the manner in which we share certain categories of information with third parties for their marketing use. Please send an email to the address provided below to request a copy of our disclosure pursuant to California law. Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to the email address provided below with the subject heading “California Privacy Rights.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.
  • “Do Not Track” Browser Settings: We do not use technology that recognizes a “do-not-track” signal from your web browser.

Security

We strive to use reasonable physical, technical and administrative measures to protect information under our control. However, you must keep your Account password secure and your Account confidential, and you are responsible for any and all use of your Account. If you have reason to believe that the security of your Account has been compromised, please notify us immediately in accordance with the “Contacting Us” section below.

To help protect the privacy of data you transmit through the Service, where personally identifiable information is requested, we also use technology designed to encrypt the information that you input before it is sent to us using Secure Sockets Layer (SSL) technology or similar encryption technology. In addition, Tenure Health takes steps to protect the User data we collect against unauthorized access. However, you should keep in mind that the Service and our services are run on software, hardware, and networks, any component of which may, from time to time, require maintenance or experience problems or breaches of security beyond our control. In addition, persons with access to your computer, phone, or other mobile or other devices may be able to access the Service and information about you contained in the Service.

By using the Website or providing PII to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Website. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Website or sending an e-mail to you. You may have a legal right to receive this notice in writing.

Additional Choices

When using the Service, you may choose not to provide us with certain information, but this may limit the features you are able to use or may prevent you from using the Service altogether. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt-out, we may still send you Service-related communications. We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy

Contacting Us

If you have any questions about this Privacy Policy, or wish to exercise any of the rights identified in it, please contact us using the following methods as appropriate for the actions as provided in this statement:

Email: member@tenurehealth.com

Physical Mail:

2061 San Elijo Av.
Cardiff, CA 92009
USA

Telephone: +1 (415) 881-8861

Last Revised: July 25, 2023

Get Started