Connections to Other Services
Types of Data We Collect
How We Keep Your Data Secure
Protecting Your Privacy
Privacy and trust are at the core of everything we do at Carium. We protect the privacy of the information that we collect, receive, or store for you. We use this information to provide services to you and others who support your health journey. Learn More.
Communications & Opt-Out
We may send you communications about Carium’s services, offerings, or other topics. You can unsubscribe from these communications by following a link in the email or emailing us. Learn More.
Types of Data We Collect
Information About You
Carium collects information and data about you so that you and members of your care team can better understand your health and get to know you. We collect “personal” and “non-personal” information both through interactions with you and passively in the background through your use of or access to our services. Subject to our legal obligations, you may request that Carium remove your information from our servers at any time. Learn More.
Personal information is information about you that can be easily connected to you. It may include your name, address, email address, health records or history, birth date, and location. Your Personal information helps Carium to customize its services or may be used or shared through your use of the services. Learn More.
Non-personal information covers a wide array of information that is much harder to connect to you. A lot of non-personal information is made up of web browsing or device information or activities that are collected automatically as you use your phone. Learn More.
Connections to other Services
How We Keep Your Data Secure
Carium uses industry-standard or above security protections in place to protect your information. We evaluate technical security issues on an ongoing basis, and make adjustments when appropriate. Learn More.
Laws that Apply
Carium follows privacy and security laws and regulations that apply to its operations, including the HIPAA. Carium’s services are intended for use only in the United States, and Carium does not currently have policies in place to comply with European privacy protections. Learn More.
What Information Does Carium Collect and How are the Data Used?
Carium collects only the types of Personal and Non-Personal Information described below that are necessary for our legitimate business purposes, and we maintain appropriate safeguards to ensure the security, integrity, and privacy of this information.
Carium’s Mobile Apps may collect certain information automatically, including but not limited to: (i) the type of mobile device that you use, (ii) the unique device identification number of your mobile device, (iii) your mobile device’s IP address, (iv) the type of operating system running in your mobile device, (v) the type of internet browser that you utilize, and (vi) information about your usage of the Mobile Apps.
Carium will retain your Content, Personal Information, and Non-Personal Information for as long as you use the Services and until you ask for your Content to be deleted. While we will do our best to honor a request for deletion, we will also retain and use your Content as necessary to comply with legal, regulatory, and contractual obligations applicable to our operations, to resolve disputes, and to enforce our agreements. For example, regulations may require us to retain healthcare-related information for a specified period of time or if we are holding information on behalf of the healthcare organization where you receive services, then we may be required to comply with that organization’s information retention requirements. You acknowledge that your Content and/or Personal Information provided to third parties is outside of Carium’s control and will be subject to each applicable third party’s policies covering privacy and use.
Personal and Business Information
When you use the Services, we may collect what is generally called “personally identifiable information,” or “Personal Information,” which is information that specifically identifies you. Examples of Personal Information include name, email address, mailing address, phone number, date of birth, geographic area when any such information is linked to information that identifies a specific individual, gender, birthday, marital status, educational level, health history, and health records.
The Mobile Apps may utilize GPS technology, IP address, other sensors such as nearby devices, Wi-Fi access points or cell towers, or other similar geolocation technology in order to determine your current location, if enabled or necessary for use of the Services.
We may use the Content, Personal Information, and Non-Personal Information to (i) provide the Services to you, which includes providing the Content to your healthcare clinician or healthcare system or organization (ii) personalize your use of the Services, (iii) provide you with personalized analyses of your Content, (iv) communicate with you and respond to your requests, and related activities, (v) develop and deliver more impactful analyses by aggregating with other data, (vi) conduct research, and (vii) improve or enhance the Services. In engaging in any of the described uses, we may de-identify your Content, Personal Information or Non-Personal Information. You have the ability to opt-out of receiving promotional communications by following the unsubscribe instructions contained in a promotional communication.
Certain Non-Personal Information about site visits is recorded by the standard operation of the Website, including but not limited to (i) IP address, (ii) domain server, (iii) type of device(s) used to access the Services, (iv) web browser(s) used to access the Services, (v) referring webpage or other source through which you accessed the Services, (vi) geolocation information, and (vii) other statistics and information associated with the interaction between your browser or device and the Services. Non-personally identifiable information may be used to improve the design and content of the Services or to personalize your experience.
We may also collection the additional Non-Personal Information:
Social Media Cookies
These cookies are used when you use a social media sharing button or you link your account or engage with our content on or through a social networking site such as Facebook, Twitter, or LinkedIn. The social network will record that you have done this. This information may be linked to targeting and/or advertising activities.
“Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files imbedded in a web page or email that may be used to collect anonymous information about your use of our Services, the websites of selected advertisers and the emails, special promotions or newsletters that we send you. The information collected by Web Beacons allows us to analyze how many people are using the Services, using the selected advertisers’ websites or opening our emails, and for what purpose, and also allows us to enhance our interest-based advertising.
We may use third-party website analytics services in connection with the Services, including, for example, to register mouse clicks, mouse movements, scrolling activity and text that you type into the Site. These website analytics services generally do not collect Personal Information unless you voluntarily provide it and generally do not track your browsing habits across websites that do not use their services.
Mobile Device Identifiers
Mobile device identifiers are data stored on your mobile device that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as media access control, address and location) and non-personally identifiable information. Mobile device identifiers help Carium learn more about our users’ demographics and internet behaviors.
Like many standard website servers, our web servers use log files. Log files include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp and number of clicks. Log files are used to analyze trends, administer the site, track aggregated users' movement and gather broad demographic information. IP addresses, etc. are not linked to personally identifiable information.
We may collect your real-time geographic location in order to present relevant information from third parties with whom you may have authorized a connection. If your location is collected and used to push content, the location information will not specifically identify you.
Is Content or Personal Information Shared With Third Parties?
As we continue to develop our business, we might sell or buy assets or engage in other strategic transactions. In such transactions, your Content may be transferred to: (i) a parent or subsidiary; (ii) an acquirer of assets or equity; or (iii) a successor by merger.
Carium shares all of your Content, Personal Information, and Non-Personal Information with your healthcare clinician, healthcare system, or other organization sponsoring your access to the Services (the “Sponsor”). Through the Services, your Sponsor can view, send, and/or receive your Content and messages relating to or about you. You acknowledge that your Sponsor may integrate your Content, Personal Information, and/or Non-Personal Information into its records about you and any such integration will be subject to Sponsor’s policies on privacy and use. Carium may also be required to maintain your Content and/or Personal Information for any period of time identified by your Sponsor.
We may release your Content when we believe release is appropriate to (i) comply with applicable laws; (ii) enforce an agreement with Carium; or (iii) protect the rights, property, or safety of Carium, our users, or others. A potential use may include exchanging Content, Personal Information, and/or Non-Personal Information with other companies and organizations for fraud protection.
We have industry reasonable security measures in place to help protect against the loss, misuse, and/or alteration of the data under our control. The security measures include system and network components, and application components. When the website is accessed using a compatible internet browser, Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that the data are safe, secure, and available only to you.
Communications from Carium
Users who have provided contact information may occasionally receive email updates or information from Carium. In order to respect our customers’ privacy, we present the option to decline these types of communications.
Users who no longer wish to receive e-mail communications or other information from Carium may opt-out of receiving these communications by emailing us at using "unsubscribe" in the subject line or following the “unsubscribe” link in an email.
Removal or Modification
To the extent Carium and any of the Services are subject to any requirements of the Health Insurance Portability and Accountability Act and its implementing regulations, as all may be amended from time to time (“HIPAA”), we comply with those HIPAA requirements. We comply with HIPAA to the extent required, which is not every circumstance or use relating to the Services or our operations.
The Service is hosted in the United States and intended for use solely by individuals in the United States. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing.
Links to Third-Party Websites
Changes to this Privacy Statement
201 1st Street
Petaluma, CA 94952
Effective Date: June 27, 2018
Updated: October 15, 2018
Updated: January 11, 2019
Updated: June 1, 2019
Updated: July 26, 2019
Updated: June 30, 2020