We have updated our Terms of Use and Privacy Notice. Please read each one carefully. Your continued use of Modern Health’s websites and app constitutes your consent to the updated Terms of Use and Privacy Notice.

Modern Health Privacy Notice

Effective Date:  June 22, 2021.

Modern Life Inc. and its affiliates (“Modern Health”, “we”, “our”) respect your privacy.  This Privacy Notice describes the types of information we collect about users (“you, your”) of our mental health and well-being products and services, including, without limitation, your use of www.modernhealth.com, any other Company websites and any mobile applications made available to you by the Company (“Modern Health Service” or “Service”), how we use the information, and with whom we share it.  We also describe the rights you may have and how you can contact us about our privacy practices.

This Privacy Notice does not describe medical and treatment information collected by Providers during coaching or therapy sessions.

The Service may provide links to third-party websites or services that we think may be of interest to you. Any information you provide to those third-party websites are controlled by those third parties and are subject to their privacy policies. We encourage you to read their privacy policies carefully before giving them your information.

By accessing or using the Service, you signify that you have read, understood and agree to our collection, storage, use and disclosure of your personal information as described in this Privacy Notice and our Terms of Use. Any capitalized terms that are not defined in this Privacy Notice are defined in the Terms of Use.

For further information on how we process your information, please use the links below to jump to the listed section:

1.
Information We Collect
Creating an account and onboarding. When you create a user account we collect information that enables you to register and onboard to use our products and services, such as your name, company, date of birth, contact information (phone number, email address), location, preferred password, and primary language.  To enable us to personalize your experience, provide recommended care options, and design new products and services, we also collect your answers to our well-being assessment as well as information about your preferred areas of focus.
Device Information. We may collect device information such as Internet Protocol (“IP”) addresses, log information, error messages, device type, and unique device identifiers. For example, we collect IP addresses from you when you log into the Service as part of our log-in and security features.
Cookies and Other Technologies:
Modern Health and our service providers may collect data about your use of the Service through the use of cookies, HTML Web Storage, web beacons, and similar technologies. A cookie is a small file placed on your hard drive by some of our web pages. HTML5 local stored objects may store larger amounts of information on your browser. When you access the Service, either through our mobile applications or website, certain information (including computer and connection information, mobile application use, browser type and version, operating system and platform details, and the time of accessing the Service) is automatically collected. We, or third parties we do business with, may use cookies to help us analyze our web page flow, customize the Service, content and advertising, measure promotional effectiveness, and promote trust and safety.  This information will be collected every time you access the Service and it will be used for the purposes outlined in this Privacy Notice. You can reduce the information cookies collected from your device by changing your browser settings to notify you when a cookie is being set or updated, or to block cookies altogether. Some browsers also allow you to control local stored objects through your browser settings. More information about how to do this may be found at www.allaboutcookies.org/manage-cookies or in the “Help” section of your browser. If you choose to block cookies (a) your use of the Service may be adversely affected (and possibly entirely prevented) and (b) your experience of this and other websites that use cookies to enhance or personalize your experience may be adversely affected. Web beacons may be used to track the traffic patterns of users from one page to another in order to maximize web traffic flow. If you would like more information about this and to know your choices about not having this information used by these companies, please visit: the Digital Advertising Alliance’s website, https://www.aboutads.info/, or the Network Advertising Initiative’s website, http://networkadvertising.org/consumer/opt_out.asp.
In addition to the purposes above, we also process information when we are required to do so by law, for example in order to maintain accounting records.

We may aggregate and/or de-identify the data we collect, so that we cannot use it to identify an individual. Subject to applicable law, we may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including business partners, customers, and others.

Within our organization, only those personnel for whom access is necessary due to their role, task or function will be granted access to your information.

If we plan to use information that you provide for other purposes than those described in this Privacy Notice, we will notify you of those purposes for which we will use the information, provide additional necessary context, and obtain your consent where legally required.
For a list of the above recipients, please refer to List of Modern Health’s Affiliates, Service Providers, and Overseas Recipients.

In addition, we may disclose information about you (i) if we are required or permitted to do so by law or legal process, for example due to a court order or a request from a law enforcement agency, (ii) when we believe disclosure is necessary or appropriate to prevent physical harm, financial loss or other material harm, (iii) in connection with an investigation of suspected or actual fraudulent or other illegal activity, and (iv) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation, or the negotiations or diligence regarding such transactions).  In connection with such disclosure, we will notify you or obtain your consent, as and when required by applicable law. 

We do not plan to share your information with your employer, except for the limited reasons enumerated above.
We may transfer the information that we collect about you to recipients in countries other than the country from which the information originally was collected.  Those countries may not have the same data protection laws as the country in which you initially provided the information.  When we transfer your information to recipients in other countries, we will comply with applicable legal requirements regarding providing appropriate safeguards for the transfer of personal information to recipients in countries for which the European Commission has not issued an adequacy decision.  These safeguards include the European Commission’s Standard Contractual Clauses, copies of which may be obtained by contacting us as indicated in the “How to Contact Us” section of this Privacy Notice.

Modern Health complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, Switzerland, and the United Kingdom to the United States. You can find our Privacy Shield Notice here.  We recognize that the Court of Justice of the European Union ruled in July 2020 that a certification under the EU-U.S. Privacy Shield Framework no longer can serve as the basis by which entities subject to the GDPR may export personal data to jurisdictions outside the European Economic Area. Modern Health will continue to honor its obligation to comply with the Privacy Shield Principles with respect to data that was transferred pursuant to the EU Privacy Shield Framework. For such data or any transferred under the Swiss-U.S. Privacy Shield Framework, Modern Health has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Modern Health maintains technical, physical and organizational safeguards to ensure an appropriate level of security and confidentiality for your information, in accordance with our policies and applicable laws. However, no service or online platform is 100% secure. In addition, any unencrypted communications you send to us cannot be protected completely against unauthorized access, nor is Modern Health responsible for unauthorized access to your information when sent to your personal email address.  You are responsible for maintaining the security of your devices and online accounts, including by not sharing your password or credentials for the Service with others.
Information that we collect will be retained in a personally identifiable form for as long as necessary for the purposes described above, after which it will be deleted or maintained in a non-personally identifiable form. We may retain information in order to comply with our legal obligations (such as tax, accounting or health privacy purposes).
How to control your communications preferences. You can stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in such communications. You can also control some of the mobile notifications you receive from us through the settings on your mobile device and in our mobile application. We make every effort to promptly process all unsubscribe requests. You may not opt out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Service, technical and security notices).

Modifying or deleting your information. Subject to applicable law, you may have the right to access, modify or delete your information, or revoking your consent to our collection, use, and sharing of your information. If you have any requests or questions about accessing, reviewing, modifying, or deleting your information, you can contact us directly at legal@modernhealth.com. We may not be able to modify or delete your information in all circumstances.

Do Not Track. Your browser settings may allow you to automatically transmit a Do Not Track signal to websites and other online services you visit. We do not alter our practices when we receive a Do Not Track signal from a visitor’s browser.  To find out more about Do Not Track, please visit https://www.allaboutdnt.com.
The Service is not intended to be accessed by minors under the age of eighteen (18) except as authorized by their parents or legal guardian, and we do not knowingly collect any personal information directly from such minors and children without such authorization. If we discover that an individual under 18 has provided us with personal information, we will delete the personal information to the extent required by the Children’s Online Privacy Protection Act or other applicable law.
Under the European Union General Data Protection Regulation and/or the United Kingdom Data Protection Act 2018, we are required to provide you certain additional information about our “processing” of “personal data,” as those terms are defined under applicable laws.  Modern Life Inc. is considered the “data controller” of the personal data collected from you in accordance with this Privacy Notice, which means that we are responsible for how we collect, use, and disclose information collected by and through the Service. We are also required to tell you about the legal grounds we rely on to use or disclose your “personal data.”  To the extent those laws apply, our legal grounds are as follows:
We also may process certain categories of sensitive personal information related to your health to provide, develop and improve the Service, and to facilitate the provision of services by our Providers.  For example, we may use certain information we collect to provide you with care recommendations, facilitate provision of coaching and therapy visits to you, including matching you to an appropriate Provider, manage referral requests, schedule sessions, conduct research, and undertake session invoicing with our Providers.

Individuals in the EEA and the United Kingdom have certain legal rights to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them (including, in some cases, in portable form), and to obtain its correction, update, amendment or deletion in appropriate circumstances. They may also object to our uses or disclosures of personal data, request a restriction on its processing, or withdraw any consent, though such actions typically will not have retroactive effect. They also will not affect our ability to continue processing data in lawful ways (for example, if you opt out of the use of your telephone number for direct marketing, we might still contact you by phone regarding potential fraudulent use of your account). If you wish to exercise these rights, please contact us at the contact information provided below.
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

Categories of personal information we collect. Throughout this Privacy Notice, we discuss in detail the specific pieces of personal information we collect from and about users.  Under the CCPA, we are also required to provide you with the “categories” of personal information we collect.  The categories we collect and share for business purposes are:

Identifiers (such as name, address, and email address); commercial information (such as session data or participation in group events); financial data (such as information necessary to process payments); internet or other network or device activity (such as app usage); geolocation information; professional or employment related data,; legally protected classifications (such as gender and marital status); insurance (including health insurance) information, medical information, and other information that identifies or can reasonably associated with you.

How we use and share these categories of personal information. We and our service providers may use and share the categories of personal information we collect from and about you consistent with the various business purposes we discuss throughout this Notice.  Please see the relevant section(s) above for more information.

Sale of Personal Information. The California Consumer Privacy Act (CCPA) sets forth certain obligations for businesses that “sell” personal information. Based on the definition of “sell” under the CCPA and under current regulatory guidance, we do not believe we engage in such activity and have not engaged in such activity in the past twelve months. We do share certain information as set forth in How We Share the Information We Collect. and allow third parties to collect certain information about your activity, for example through cookies, as explained in Cookies and Other Technologies. If you are a California resident, you may have certain rights. California law may permit you to request that we:
You may have the right to receive information about the financial incentives that we offer to you (if any). You also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights. Certain information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide the Service to you and for compliance with applicable law. If you ask us to delete certain information, you may no longer be able to access or use the Service.

California customers may request, once per year, that we disclose the identity of any third parties with whom we have shared personal information for the third parties’ direct marketing purposes within the previous calendar year, along with the type of personal information disclosed.

If you would like to exercise any of these rights, please contact us using the information provided below. You will be required to verify your identity before we fulfill your request. To do so, you will need to provide first name, last name, company and work email address. You can also designate an authorized agent to make a request on your behalf. To do so, you must provide us with written authorization or a power of attorney, signed by you, for the agent to act on your behalf. You will still need to verify your identity directly with us.
We may transfer the information that we collect about you to recipients located overseas.  Those countries may not have the same data protection laws as the country in which you initially provided the information.  When we transfer your information to recipients in other countries, we will comply with applicable legal requirements, such as obtaining consents from you as and when necessary. For a list of data recipients that are located overseas, please refer to List of Modern Health’s Affiliates, Service Providers, and Overseas Recipients.
This Privacy Notice may be updated periodically to reflect changes in our information practices.  If we make any significant changes to our Privacy Notice, we will provide you notice via the Modern Health Service, or by other communication channels such as posting a notice on our website or sending you an email.  You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice. Please review any changes carefully.
If you have questions about how Modern Health handles your information or would like to exercise your rights, please reach out by emailing or writing to us at:

Modern Life Inc. (Legal Department)
450 Sansome Street, Fl. 12, San Francisco, CA 94111
Email:  legal@modernhealth.com

List of Modern Health’s Affiliates, Service Providers, and Overseas Recipients

Name
Address
Modern Life Inc. dba Modern Health
450 Sansome Street, Fl. 12, San Francisco, CA 94111
Entrusted Company
Recipient
Purpose
Items to be transferred
Country
Transfer Date and Method
Period of Retention and Use
Box
Box
secure file storage
eligibility files
US
Box Web portal
According to data classification policy
CleverTap
CleverTap
push notifications, emails
some member personal data
US
API via application
According to data classification policy
DataDog
DataDog
monitoring and alerting
limited member personal data for diagnostic purposes
US
API via application, logs and metrics collected via agent running in infrastructure
< 30 days
G Suite
G Suite
email, documents, business tools
some PII and PHI in documents
US
Web Portal and tooling apps
According to data classification policy
Lionbridge
Lionbridge
content translation
translations may contain PII/PHI
US
Web portal
According to data classification policy
Looker
Looker
data and business analytics
limited PII
US
Web portal and ETL processes
According to data classification policy
Mailchimp / Mandrill
Mailchimp / Mandrill
email
some PII
US
Web portal, APIs, and integrations
According to data classification policy
Michal Kwiatek
Michal Kwiatek
engineering contractor
limited PII and PHI
Poland
Engineering activities
According to data classification policy
Mismo
Mismo
engineering contractors
limited PII and PHI
Costa Rica
Engineering activities
According to data classification policy
Prisma Cloud
Prisma Cloud
infrastructure monitoring
limited PII
US
Web Portal, APIs and integrations
According to data classification policy
Quickbase
Quickbase
provider database
limited PII
US
Web Portal
According to data classification policy
Sentry
Sentry
front-end application monitoring
limited PII and PHI
US
Web Portal, APIs and integrations
According to data classification policy
Stella Connect
Stella Connect
CSAT provider
limited PII and PHI
US
Web portal
According to data classification policy
SurveyGizmo
SurveyGizmo
survey tool
limited PII and PHI
US
Web portal
According to data classification policy
The Software House
The Software House
Engineering contractors
limited PII and PHI
Poland
Engineering Activities
According to data classification policy
TokBox
TokBox
Video chat
limited PII and PHI
US
APIs and Integrations
According to data classification policy
ZenDesk
ZenDesk
helpdesk
PII and PHI, interactions with members for support
US
Email, web portal, APIs and integrations
According to data classification policy
Zoom
Zoom
video chat
limited PII and PHI
US
Web Portal, APIs and integrations
According to data classification policy