SONAR PRIVACY POLICY
Last Updated: October 26, 2021
We know that you are trusting us with information that is important to you, which is why Sonar was built with your privacy in mind. We want to be transparent about what data we collect, how we use it, the controls we give you over your information, and the measures we take to keep it safe. Here we describe the privacy practices for our applications, software, websites, APIs, products, devices and services (the “Services”).
1. INFORMATION WE COLLECT
When you use our Services, we collect the following types of information.
INFORMATION YOU PROVIDE US
ACCOUNT INFORMATION
Some information is required to create an account on our Services, such as your name, email address, password, date of birth, and birth sex. This is the only information you have to provide to create an account with us. You may also choose to provide other types of information, such as a profile photo, height, weight, and phone number.
ADDITIONAL INFORMATION
To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information, such as access to your third-party devices and apps, or entering in logs for your health, activity, sleep, and nutrition.
You may also invite friends who have not yet joined by providing their email addresses, accessing social networking accounts, or using the contact list on your mobile device. We do not store your contact list and delete it after it is used for inviting contacts to Sonar.
If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and message.
PAYMENT AND CARD INFORMATION
If you purchase any paid Sonar services, including automatically renewing subscription services and one-time purchases, you provide your payment information, including your name, credit or debit card number, card expiration date, CVV code, and billing address. If you choose to save your payment information and billing address on Sonar, or to set up an automatically renewing subscription, we will store this information. Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms.
INFORMATION WE RECEIVE FROM YOUR USE OF OUR SERVICES
GEOLOCATION INFORMATION
We collect this type of data if you grant us access to your location. You can always remove our access using your device or browser settings. We may also derive your approximate location from your IP address.
USAGE INFORMATION
When you access or use our Services, we receive certain usage or network activity information. This includes information about your interaction with the Services, for example, when you view or search content, create or log into your account, or sync a third-party device or app to your account.
We also collect data about the devices and computers you use to access the Services, including IP addresses, browser type, language, operating system, device information, the referring web page, pages visited, location (depending on the permissions you have granted us), and cookie information.
INFORMATION FROM COOKIES AND SIMILAR ONLINE TOOLS
We and our service providers collect data through web server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies to offer you a more tailored experience.
- A web server log is a file where website activity is stored.
- An SDK is a set of tools and/or code that we embed in our Services to allow third parties to collect information about how users interact with our Services.
- A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: i) recognize your computer/device; ii) store your preferences and settings; iii) understand the parts of the Services you have visited and used; iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; v) perform searches and analytics; and vi) assist with security and administrative functions.
- Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email that are designed to: i) collect usage information like ad impressions or clicks and email open rates; ii) measure popularity of the Services and associated advertising; and iii) access user cookies.
- As we adopt additional technologies, we may also gather information through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer; Google Chrome; Mozilla Firefox; or Apple Safari). Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings of the Services.
INFORMATION WE RECEIVE FROM THIRD PARTIES
If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. For example, if you choose to sync a third-party device or app with our Services, data from that device or app will be transferred to our servers. You can stop sharing the information from the other service with us by removing our access to that other service.
We may partner with third parties, such as employers and insurance companies that offer Sonar Services to their employees and customers. In such cases, those companies may provide us with your name, email address, or similar information (like a telephone number or subscriber ID) so that we can invite you to participate or determine your eligibility for particular benefits, such as discounts or free services.
2. HOW WE USE INFORMATION
We use the information we collect for the following purposes.
PROVIDE AND MAINTAIN THE SERVICES
Using the information we collect, we are able to deliver the Services to you and honor our Terms of Service contract with you. For example, we need to use your information to provide you with functionality for tracking your health, activity, and other trends; to enable the community features of the Services; and to give you customer support.
IMPROVE, PERSONALIZE, AND DEVELOP THE SERVICES
We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services.
When you allow us to collect location information, we use that information to provide and improve features of the Services, such as accounting for the impact of location on various health and activity metrics.
We also use your information to make inferences and show you more relevant content. Here are some examples:
- Information like your height, weight, birth sex, and age allows us to improve the accuracy of your daily recommended targets and scores.
- Based on your sleep data, we may make inferences about your sleeping patterns and provide you with customized insights to help you improve your sleep.
- We may personalize health and activity goals for you based on the goals you previously set and your historical health or activity data.
COMMUNICATE WITH YOU
We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences in account settings or via the “Unsubscribe” link in an email.
PROMOTE SAFETY AND SECURITY
We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
We use cookies and similar technologies for the purposes described above.
3. HOW INFORMATION IS SHARED
We never sell the personal information of our users. We do not share your personal information except in the limited circumstances described below.
WHEN YOU AGREE OR DIRECT US TO SHARE
You may direct us to disclose your information to others, such as when you give a third-party application access to your account, or give your employer access to information when you choose to participate in an employee wellness program. Remember that their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with third-party applications or employee wellness programs using your account settings.
FOR EXTERNAL PROCESSING
We transfer information to our corporate affiliates, service providers, and other partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research, and surveys.
FOR LEGAL REASONS TO PREVENT HARM
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about health and activity, to partners under agreement with us, or as part of the community benchmarking information we provide.
If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to a new entity.
4. YOUR RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL DATA
We give you account settings and tools to access and control your personal data, as described below, regardless of where you live. If you live in certain jurisdictions, you may have legal rights with respect to your information, which your account settings and tools allow you to exercise, as outlined below.
Accessing Data. By logging into your account, you can access much of your personal information, including your dashboard with your daily health and activity statistics.
Editing and Deleting Data. By logging into your account and using your account settings, you can change and delete your personal information. For instance, you can edit or delete the profile data you provide, or request deletion of your account.
If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information, such as data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the How Information Is Shared section.
Objecting to Data Use. We give you account settings and tools to control our data use. For example, you can revoke our access to third-party devices or applications that you previously connected to your account.
5. DATA RETENTION
We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature. For instance, when you provide your contact list for inviting friends to Sonar, we delete the list after it is used. We keep other information, like your health, activity and sleep data, until you use your account settings or tools to delete the data or your account because we use this data to provide you with your personal statistics and other aspects of the Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Information and How Information Is Shared sections.
6. ANALYTICS AND ADVERTISING SERVICES PROVIDED BY OTHERS
We work with partners who provide us with analytics and advertising services. This includes helping us understand how users interact with the Services, serving advertisements on our behalf across the internet, and measuring the performance of those advertisements. These companies may use cookies and similar technologies to collect information about your interactions with the Services and other websites and applications.
7. OUR POLICIES FOR CHILDREN
We appreciate the importance of taking additional measures to protect children’s privacy. Sonar allows parents to add children and other family members to their account, but persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create their own accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at support@sonarhealth.co.
8. INFORMATION SECURITY
We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. This includes using Transport Layer Security (“TLS”) to encrypt many of our Services. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact us at support@sonarhealth.co.
9. OUR INTERNATIONAL OPERATIONS AND DATA TRANSFERS
Our Services are available internationally, and transfer information to the United States and other countries for the purposes described in this policy.
We rely on multiple legal bases to lawfully transfer personal data around the world. These include your consent and EU Commission approved model contractual clauses, which require certain privacy and security protections.
Please note that the countries where we operate may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. You agree to this risk when you create a Sonar account, irrespective of which country you live in. For a list of the locations where we have offices, please see our website or contact us. If you later wish to withdraw your consent, you can delete your Sonar account as described in the Your Rights To Access and Control Your Personal Data section.
While not relied upon for international data transfers, Sonar Health, Inc. complies with the EU-US and Swiss-US Privacy Shield principles regarding the collection, use, sharing and retention of personal information as described in our Privacy Shield certifications. Sonar Health, Inc. is subject to the oversight of the US Federal Trade Commission and remains responsible for personal information that we transfer to others who process it on our behalf as described in the How Information Is Shared section. If you have a complaint about our Privacy Shield compliance, please contact us. You can also refer a complaint to our chosen independent dispute resolution body JAMS, and in certain circumstances, invoke the Privacy Shield arbitration process.
10. EUROPEAN PRIVACY DISCLOSURES
If you live in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, please review these additional privacy disclosures under the European Union’s General Data Protection Regulation (“GDPR”).
YOUR DATA CONTROLLER
Sonar Health Inc., a United States corporation, is your data controller and provides the Services if you live in the EEA, UK, or Switzerland. For our contact information, please see the Who We Are and How To Contact Us section.
HEALTH AND OTHER SPECIAL CATEGORIES OF PERSONAL DATA
To the extent that information we collect is health data or another special category of personal data subject to the GDPR, we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you grant us access to your health or activity data from a third-party device or app. You can use your account settings and tools to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, or deleting your data or your account.
OUR LEGAL BASES FOR PROCESSING PERSONAL DATA
For personal data subject to the GDPR, we rely on several legal bases to process the data, including:
- When you have given your consent, which you may withdraw at any time using your account settings and other tools;
- When the processing is necessary to perform a contract with you, like the Terms of Service; and
- Our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described in the How We Use Information section.
HOW TO EXERCISE YOUR LEGAL RIGHTS
Please review the Your Rights To Access and Control Your Personal Data section for how your account settings and tools allow you to exercise your rights under the GDPR to access and control your personal data.
In addition to the various controls that we offer, in certain circumstances, you can seek to restrict our processing of your data, or object to our processing of your data based on our legitimate interests, including as described in the How We Use Information section. Under the GDPR, you have a general right to object to the use of your information for direct marketing purposes. Please see your notification settings to control our marketing communications to you about Sonar products. Please note that you can always delete your account at any time.
If you need further assistance regarding your rights, please contact us at support@sonarhealth.co, and we will consider your request in accordance with applicable laws. You also have a right to lodge a complaint with your local data protection authority.
11. CALIFORNIA PRIVACY DISCLOSURES
If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act ("CCPA").
HOW TO EXERCISE YOUR LEGAL RIGHTS
You have the right to understand how we collect, use, and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights using your account settings and tools as described in the Your Rights To Access and Control Your Personal Data section, for example:
- By logging into your account and using your account settings, you may exercise your right to access your personal information and to understand how we collect, use, and disclose it.
- Your account settings also let you exercise your right to delete personal information.
If you need further assistance regarding your rights, please contact us at support@sonarhealth.co, and we will consider your request in accordance with applicable laws.
CATEGORIES OF INFORMATION WE COLLECT, USE, AND DISCLOSE FOR BUSINESS PURPOSES
As described in the Information We Collect section, we collect the categories of personal information listed below. We receive this information from you, your use of the Services, third parties (like the other services you have connected to your Sonar account, or your employer or insurance company if they offer you Sonar Services as an employee or customer), and as otherwise described in this policy. We use and disclose these categories of information for the business purposes described in the How We Use Information and How Information Is Shared sections, respectively. The categories are:
- Identifiers, like your name or username, email address, mailing address, phone number, IP address, account ID, device ID, cookie ID, and other similar identifiers.
- Demographic information, such as your birth sex, age, health information, and physical characteristics or description, which may be protected by law.
- Commercial information, including your payment information and records of the Services or devices you purchased, obtained, or considered (for example, if you added them to your shopping cart on the Sonar online store but did not purchase them).
- Biometric information, such as your health, activity, sleep, or nutrition data, and any similar information to which you grant us access from another service.
- Internet or other electronic network activity information,such as the usage data we receive when you access or use our Services. This includes information about your interactions with the Services and about the devices and computers you use to access the Services.
- Location data, if you have granted us access to this information.
- Electronic, visual, or similar information, such as your profile photo or other photos.
- Professional or employment related information, including any information (like your name, email address, or similar information) that your employer provides to us so that we can invite you to participate in or determine your eligibility for Sonar Services that they offer to their employees.
- Other information that you provide, such as logs for health, activity, sleep, and nutrition; and information recorded by your device which may vary depending on the device you use.
- Inferences drawn from any of the above, including personalized health and activity goals.
We never sell the personal information of our users. We do work with partners who provide us with advertising services as described in the Analytics and Advertising Services Provided By Others section.
12. CHANGES TO THIS POLICY
Sonar may change, modify, add or remove portions of this policy, at any time. You should periodically check this policy for changes. Your continued use of Sonar Services following the posting of any changes to this policy will mean that you accept and agree to such changes.
13. WHO WE ARE AND HOW TO CONTACT US
If you have questions about this policy, or need help exercising your privacy rights, please contact us at support@sonarhealth.co