Protecting Your Privacy
Privacy and trust are at the core of everything we do at Carium. We protect the privacy of the information that we collect, receive, or store for you. We use this information to provide services to you and others who support your health journey. Learn More.
Communications & Opt-Out
We may send you communications about Carium’s services, offerings, or other topics. You can unsubscribe from these communications by following a link in the email or emailing us. Learn More.
Types of Data We Collect
Information About You
Carium collects information and data about you so that you and members of your care team can better understand your health and get to know you. We collect “personal” and “non-personal” information both through interactions with you and passively in the background through your use of or access to our services. Subject to our legal obligations, you may request that Carium remove your information from our servers at any time. Learn More.
Personal information is information about you that can be easily connected to you. It may include your name, address, email address, health records or history, birth date, and location. Your Personal information helps Carium to customize its services or may be used or shared through your use of the services. Learn More.
Non-personal information covers a wide array of information that is much harder to connect to you. A lot of non-personal information is made up of web browsing or device information or activities that are collected automatically as you use your phone. Learn More.
Connections to other Services
How We Keep Your Data Secure
Carium uses industry-standard or above security protections in place to protect your information. We evaluate technical security issues on an ongoing basis, and make adjustments when appropriate. Learn More.
Laws that Apply
Carium follows privacy and security laws and regulations that apply to its operations, including the HIPAA. Carium’s services are intended for use only in the United States, and Carium does not currently have policies in place to comply with European privacy protections. Learn More.
What Information Does Carium Collect and How are the Data Used?
Carium collects only the types of Personal and Non-Personal Information described below that are necessary for our legitimate business purposes, and we maintain appropriate safeguards to ensure the security, integrity, and privacy of this information.
Carium will retain your Content, Personal Information, and Non-Personal Information for as long as you use the Services and/or until you ask for your Content to be deleted. While we will do our best to honor a request for deletion, we may be required to retain and use your Content as necessary to comply with legal, regulatory, and contractual obligations applicable to our operations, to resolve disputes, and to enforce our agreements. For example, regulations may require us to retain healthcare related information for a specified period of time, or if we are holding information on behalf of your healthcare team’s organization that we contract with, then we may be required to comply with that organization’s retention requirements or the terms of our contract with the organization. You acknowledge that when your Content and/or Personal Information is provided to third parties it is outside of Carium’s control and will be subject to each applicable third party’s policies covering privacy and use.
Personal and Business Information
The Platform may utilize GPS technology, IP address, other sensors such as nearby devices, Wi-Fi access points or cell towers, or other similar geolocation technology in order to determine your current location, if enabled or necessary for use of the Services.
Carium’s Platform may collect certain information automatically, including but not limited to: (i) the type of mobile device that you use, (ii) the unique device identification number of your mobile device, (iii) your mobile device’s IP address, (iv) the type of operating system running in your mobile device, (v) the type of internet browser that you utilize, (vi) information about your usage of the Platform, and (vii) identifying information about other devices that you connect to the Platform.
We may use the Content, Personal Information, and/or Non-Personal Information to (i) provide the Services to you, which includes providing the Content, Personal Information, and/or Non-Personal Information to your healthcare team and its organization as applicable, (ii) personalize your use of the Services, (iii) provide you with personalized analyses of your Content, (iv) communicate with you and respond to your requests, and related activities, (v) develop and deliver more impactful analyses by aggregating with other data, (vi) conduct research, (vii) improve or enhance the Services, and (viii) fulfill our contractual obligations to your healthcare team’s organization. In engaging in any of the described uses, we may de-identify your Content, Personal Information, or Non-Personal Information. To the extent that we may send promotional communication, you can opt-out of receiving promotional communications by following the unsubscribe instructions contained in a promotional communication.
Certain Non-Personal Information about site visits is recorded by the standard operation of the Website, including but not limited to (i) IP address, (ii) domain server, (iii) type of device(s) used to access the Services, (iv) web browser(s) used to access the Services, (v) referring webpage or other source through which you accessed the Services, (vi) geolocation information, and (vii) other statistics and information associated with the interaction between your browser or device and the Services. Non-personally identifiable information may be used to improve the design and content of the Services or to personalize your experience.
Additional types of Non-Personal Information that we do or may collect are:
Social Media Cookies
These cookies are used when you use a social media sharing button or you link your account or engage with our content on or through a social networking site such as Facebook, Twitter, or LinkedIn. The social network will record that you have taken this action. This information may be linked to targeting and/or advertising activities.
“Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files embedded in a web page or email that may be used to collect anonymous information about your use of our Services, the websites of selected advertisers and the emails, newsletters, or special promotions that we send you. The information collected by Web Beacons allows us to analyze how many people are using the Services, opening our emails, and for what purpose, and also allows us to make enhancements.
We may use third-party website analytics services in connection with the Services, including, for example, to register mouse clicks, mouse movements, scrolling activity, and text that you type into the Site. These website analytics services generally do not collect Personal Information unless you voluntarily provide it and generally do not track your browsing habits across websites that do not use their services. We may use Google Analytics to provide such analytics services. To the extent that we use Google Analytics and you would like to opt out of tracking by Google Analytics, you can do that here.
Mobile Device Identifiers
Mobile device identifiers are data stored on your mobile device that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as media access control, address and location) and non-personally identifiable information. Mobile device identifiers help Carium learn more about our users’ demographics and internet behaviors.
Like many standard website servers, our web servers use log files. Log files include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp and number of clicks. Log files are used to analyze trends, administer the site, track aggregated users' movement and gather broad demographic information. The information collected through the log files is not linked to personally identifiable information.
We may collect your real-time geographic location in order to present relevant information from third parties with whom you may have authorized a connection. If your location is collected and used to push content, the location information will not specifically identify you.
Is Content Shared With Third Parties?
Carium shares your Content, Personal Information, and Non-Personal Information with your healthcare team and your healthcare team’s organization who sponsor your access to the Services (the “Sponsor”). Through the Services, your Sponsor can view, send, and/or receive your Content and interact with you by utilizing various components of the Service. You acknowledge that your Sponsor may integrate your Content, Personal Information, and/or Non-Personal Information into its records about you and any such integration will be subject to the Sponsor’s policies, including on privacy and use.
We may release your Content when we believe release is appropriate to (i) comply with applicable laws; (ii) enforce an agreement with Carium; or (iii) protect the rights, property, or safety of Carium, our users, or others. A potential use may include exchanging Content, Personal Information, and/or Non-Personal Information with other companies and organizations for fraud protection. Even though we will release your Content when required, we will evaluate each request and take reasonable steps to block a request that seeks sensitive information or could be used for purposes detrimental to you.
As we continue to develop our business, we might sell or buy assets or engage in other strategic transactions. In such transactions, your Content may be transferred to: (i) a parent or subsidiary; (ii) an acquirer of our assets or equity; or (iii) a successor by merger.
We implement industry standard security measures to help protect against the loss, misuse, and/or alteration of the data under our control. The security measures include system and network components, and application components. When the Website is accessed using a compatible internet browser, Secure Socket Layer (SSL) technology protects information using both server authentication and data encryption to help ensure that the data are safe, secure, and available only to you.
Communications from Carium
Users who have provided contact information may occasionally receive email updates or information from Carium. In order to respect our customers’ privacy, we present the option to decline these types of communications.
If you provide your cellphone number, you also consent to receive text messages from Carium, which may include messages sent on behalf of your healthcare team or your healthcare team’s organization. You may choose not to receive text messages even if you previously provided your cellphone number because it is not necessary to accept text messages to use the Services. Text and data rates from your mobile carrier may apply when you agree to receive text messages and you should check your mobile plan or with your carrier to confirm the rates if you have any questions. If necessary, we might share your cellphone number with a third party service provider solely to enable the sending of the text message. We will not share your cellphone number with a third party for marketing purposes without getting your consent first.
Users who no longer wish to receive e-mail communications or other information from Carium may opt-out of receiving these communications by emailing us at firstname.lastname@example.org using "unsubscribe" in the subject line or following the “unsubscribe” link in an email. Users who longer wish to receive text messages can text STOP in response to any text message or email us at email@example.com with a request to no longer receive text messages.
Removal or Modification
The Service is hosted in the United States and intended for use solely by individuals in the United States. Carium does not currently direct its service outside of the United States and is not monitoring where you might be located. If you choose to use the Service from the European Union or other regions of the world with laws governing data collection and use that may differ from United States law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing. Unless specifically stated, Carium does not direct the Services into any country outside of the United States.
Links to Third Party Websites
201 1st Street
Petaluma, CA 94952
Attn: Privacy Officer
Effective Date: June 27, 2018
Updated: October 15, 2018
Updated: January 11, 2019
Updated: June 1, 2019
Updated: July 26, 2019
Updated: June 30, 2020
Updated: July 25, 2022