Sharecare Consumer Health Data Privacy Policy

Terms|Sharecare Consumer Health Data Privacy Policy

Sharecare provides web and mobile delivery of traditional health, wellness, and other services designed to allow you to manage all of your health information in one place. Sharecare is a U.S. based corporation, organized under the laws of the State of Delaware, and is headquartered at 255 East Paces Ferry Road NE, Suite 700, Atlanta, Georgia, 30305.

Sharecare values your trust, and protecting your information is our highest priority. Sharecare is committed to your privacy. This Consumer Health Data Privacy Policy (“Privacy Policy”) explains how Sharecare and its affiliates (collectively, “Sharecare” or “We”) protect your information when you use our products and services (“Services”), including the following:

  • What information Sharecare and its affiliates collect;
  • How we collect the information;
  • How we use the information;
  • Legal grounds for the processing of your information;
  • With whom we may share the information;
  • Privacy rights, choices, and account termination;
  • Retention Periods and protection of your information;
  • Children’s privacy;
  • When this Privacy Policy applies;
  • Compliance and cooperation with regulatory authorities;
  • Privacy Policy updates; and
  • How you can contact us.

Please visit our Terms page for additional terms and conditions applicable to the Services.

Consumer Health Information We Collect

The information Sharecare collects is highly variable based on the type of Services you use and the manner in which you access them. For information on Protected Health Information governed by the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), please see our general privacy policy; this policy will not address such information.

Depending on your use of our consumer-oriented Services, health-related personal information we collect from such Services (“Consumer Health Information,” a subset of “Personal Information”) may include your health conditions, symptoms, measurements (e.g. height, weight), diagnoses, treatments, and other similar information as would be typical of one’s personal health history. We may also collect information related to health topics you are researching on our sites, which or may or may not be indicative of your own health-related information. We may also collect information identifying your attempts to seek healthcare services (including, in limited cases and only with your express consent via your device, specific location information) through your use of provider-search or similar tools.

We may also collect other information that, by itself, does not individually identify you, but when paired with identifiable information may be constitute Consumer Health Information; such other information includes browser type, operating system, technical data, and usage.

How We Collect Consumer Health Information

We collect consumer health information in the following ways:

  • Information You Give Us Upon Registration. Many of our Services require you to sign up for a Sharecare Account. When you do, we’ll ask for Personal Information like your name, date of birth, email address, telephone number or credit card.
  • Information We Get from Your Use of Services. We may collect information about the Services that you use and how you use them. This information includes:
    • Information You Provide. We may collect information provided by you while using our Services. Specifically, your completion of our surveys or questionairres, or the RealAge Test, results in our collection of the data you provide.
    • Computer, Tablet, or Mobile Telephone information. We may collect device-specific information such as your hardware model, operating system version, unique device identifiers, device sensors and mobile network information including phone number. Sharecare may associate your device identifiers or phone number with your Sharecare Account. We will comply with the usage/license restrictions and requirements applicable to the device from which the information comes.
    • Information from Wearables: When you connect your wearable fitness tracker, heart rate monitor, pedometer or other wearable technology (“Wearable”) with the Services, we may collect information about your steps, fitness activities, exercise frequency, sleep, and information about nutrition, such as calorie intake, nutritional statistics, blood pressure, and other biometric data. You may disable this integration through your device.
    • Log Information. When you use our Services or view content provided by Sharecare, we may automatically collect and store certain information in server logs. This may include:
      • details of how you used our service;
      • Internet protocol address;
      • device event information such as crashes, system activity, hardware settings; browser type, browser language, the date and time of your request and referral URL; and
      • cookies that may uniquely identify your browser or your Sharecare Account.
    • Location Information. The large majority of Sharecare services do not depend on your location; however, some Services are location-enabled. When you use a location-enabled Sharecare service, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.
    • Unique Application Numbers. Certain Services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Sharecare when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
    • Local Storage. We may collect and store information (including Personal Information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
    • Cookies and Anonymous Identifiers. We use various technologies to collect and store information when you visit a Sharecare service, and this may include sending one or more cookies or anonymous identifiers to your device, pursuant to our Cookie Policy. We also use cookies and anonymous identifiers when you interact with Services we offer to our partners, such as Sharecare features that may appear on other sites. See the section “Transparency, Your Privacy Rights, Choices, and Account Termination” below for information about your opt-out choices.

How We Use Consumer Health Information We Collect

To Provide Services To You. We use the information that we collect about you to provide, maintain, protect and improve the Services that Sharecare provides to you.

Analytics. We use analytics tools and other third-party technologies, such as Google Analytics, to collect information in the form of various usage and user metrics when you use our site. These tools and technologies collect and analyze certain types of information, including cookies, IP addresses, device and software identifiers, referring and exit URLs, onsite behavior and usage information, feature use metrics and statistics, usage and demographics, and other similar information. You can deactivate Google Analytics using a browser add-on if you do not wish the website analysis to take place. You can download the add-on here: tools.google.com/dlpage/gaoptout.

For Advertising Relevant Products to You. We may also personalize your experience on our sites and mobile Services by showing you advertisements from Sharecare or our advertising partners that are tailored to your interests. Use our privacy webform and cookie consent tools to opt out of advertising to the extent it is applicable to you.

To Improve Our Services. We use de-identified, anonymous information that we collect about you for statistical and analysis purposes to improve our products and services, and to provide population statistical analysis and well-being trend information.

Legal Grounds for Processing Your Consumer Health Information

We rely on the following legal grounds to process your Personal Information:

Consent. We may use your Personal Information as described in this Privacy Policy subject to your consent.  To withdraw your consent for any uses of Personal Information described above, please review the section titled “Privacy Rights, Choices, and Account Termination” or contact us at privacy@sharecare.com.

Performance of Services. We may need to collect and use your Personal Information to enter into and perform under an agreement with you or an organization of which you are a part.

Legitimate Interests. We may use your Personal Information for our legitimate interests, including but not limited to marketing, to provide our Services and to improve our Services and the content on our sites.

What Consumer Health Information We Share

We take your privacy seriously. We do not sell anyone’s Consumer Health Information to data miners or data brokers. We do not share Consumer Health Information with companies, organizations and individuals outside of Sharecare except in the following circumstances:

  • With Your Consent. We may share your Personal Information with companies, organizations or individuals outside of Sharecare when we have your consent to do so, including the following:
    • Information shared via cookies, pixels, and similar trackers, which we only share with your affirmative consent by way of our cookie banner. The categories of data shared through such trackers (if consented to) does not include your self-provided health information (e.g. RealAge Test answers, survey answers) but does include your browsing activity which may be indicative of your health information; third parties receiving such data would include ad exchanges, and, on our doctor search pages, our partner, Healthgrades.
    • Information shared as part of our lead generation programs which are only applicable to you if you specifically direct us to share your data with an outside party for purposes of taking advantage of a promotion, e.g. obtaining free samples; the categories of third parties receiving such data include the parties offering the promotion and their vendors.
  • To Processors. We may, from time to time, outsource some or all of the operations of our business to third-party service providers. In such cases, it may be necessary for us to disclose your information to those service providers. In some cases, the service providers may collect information directly from you on our behalf. We restrict how such service providers may access, use and disclose your information. We employ other companies and individuals to perform functions on our behalf. Examples include processing compensation, providing employee benefits, and performing legal and other professional services. These agents may have access to your information as needed to perform their functions, but they are not permitted to use it for other purposes. 
  • For Legal Reasons. We may disclose any information about you when, in our opinion, such disclosure is necessary to prevent fraud or to comply with any statute, law, rule or regulation of any governmental authority or any order of any court of competent jurisdiction. We will share Personal Information with companies, organizations or individuals outside of Sharecare if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to: enforce applicable Terms of Use, including investigation of potential violations; detect, prevent, or otherwise address fraud, security or technical issues; and protect against harm to the rights, property or safety of Sharecare, our users or the public as required or permitted by law.
  • In a Transaction. As we continue to develop our business, we might sell, buy or merge with companies, subsidiaries, or business units. In such transactions, data generally is one of the transferred business assets but remains subject to the promises made in any pre-existing privacy statement (unless, of course, the person consents otherwise). Also, in the unlikely event that Sharecare or all of its assets is acquired, your information may be one of the transferred assets.
  • After Being Fully Deidentified, Incapable of Reidentification. We may share aggregated, de-identified information publicly and with our partners to evaluate the effectiveness, value, and analytic trends of the Services.

How We Protect Your Information

We work hard to protect Sharecare and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. Sharecare is committed to using industry-leading security practices such as ISO27001 and HITRUST. In particular:

  • We encrypt many of our Services using SSL.
  • We review our information collection and storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • We restrict access to Personal Information to Sharecare employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

We keep Personal Information housed on servers in the United States. If you are located outside of the United States, information we collect (including cookies) are processed and stored in the United States. By using the Services and providing information to us, you consent to the transfer to and processing of the information in the United States, which currently lacks an adequacy decision with the European Commission.

Transparency, Privacy Rights and Choices, and Account Termination

Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used.

Subject to your specific use of the Services, your privacy rights include:

  • Transparency and the right to information. Through this policy we explain how we use and share your information. However, if you have questions or need additional information you can contact us any time at privacy@sharecare.com. You always have the right to confirm whether we are collecting, sharing, or selling your health data.
  • Right of access, restriction of processing, erasure. You may contact us to request information about the Personal Information we have collected from you, or to request that your Personal Information be deleted.  We will do our best to honor your requests, subject to any legal, ethical and contractual obligations. To make a request or to ask us a question about our data practices, please use our privacy webform, contact us via email at privacy@sharecare.com, or make use of the self-service tools in the “Settings” menu of your mobile app, if applicable. When requesting access to your Personal Information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the Personal Information that we hold about you. You may designate an authorized agent to request information on your behalf, provided that the authorized agent complies with our verification procedures to ensure your permission has been obtained.
    • Your right to access or delete the Personal Information we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refrain from taking certain actions with respect to some or all of the Personal Information that we hold about you. In addition, some or all of the Personal Information may have been destroyed, erased or made anonymous. In the event we cannot provide you with access to your Personal Information, or we are unable to delete it, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
  • Right to correct your information. We endeavor to ensure that Personal Information in our possession is accurate, current and complete. If an individual believes that the Personal Information about him or her is incorrect, incomplete or outdated, he or she may request the revision or correction of that information. We reserve the right not to change any Personal Information we consider accurate.  If it is determined that Personal Information is inaccurate, incomplete or outdated, we will use reasonable efforts to revise it and, if necessary, use reasonable efforts to inform agents, service providers or other third parties, which were provided with inaccurate information, so records in their possession may be corrected or updated.
  • Right to withdraw your consent at any time. When we process your Personal Information based on your consent, you have the right to withdraw that consent at any time.  This email/text/other communication consents, or any other consent that you have provided to Sharecare. You may withdraw your consent by contacting us at privacy@sharecare.com, or, for certain consents, through your Sharecare account settings. Withdrawing consents may significantly limit your ability to use the Services.
  • Right to object or opt out at any time. You have the right to object at any time to receiving marketing or promotional materials from us by either following the opt-out instructions in commercial e-mails or by contacting us, as well as the right to object to any processing of your Personal Information or to participating in any program. We will consider any request you make to us, and provide a reply in a timely manner, according to our legal, ethical and contractual obligations.  Some non-marketing communications are not subject to a general right to opt out, such as communications about transactions and disclosures to comply with legal or ethical requirements. 
  • Right to data portability. You have the right to data portability of your own personal data by contacting us; there are also options within the Sharecare account settings to request such data. There are instances where applicable law or regulatory requirements allow or require us to refrain from transmitting your Personal Information to certain recipients or may require additional documentation before transmitting your information. In addition, some or all of the Personal Information may have been destroyed, erased or made anonymous. In the event we cannot fulfill your data portability request or require additional information to do so, we will contact you.
  • Right not to be subject to an automated decision, including profiling. We do not make automated decisions using your Personal Information that may negatively impact you.
  • Right to lodge a complaint with the competent regulatory authority, such as your state’s attorney general, if you believe that the processing of your Personal Information does not comply with the applicable legal requirements.
  • Right to manage your email notifications.
  • Right to control who you share information with through your device’s privacy settings.
  • Right to take information out of many of our Services by contacting Sharecare Customer Support or privacy@sharecare.com.

Terminating Your Account.  You may terminate your account with us at any time through the account settings in your Sharecare account, by contacting our Customer Service, or emailing privacy@sharecare.com. Terminating your account will revoke any applicable consents or opt-ins but will be subject to any data retention requirements as described below.

Retention of Collected Information.  Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your Personal Information only for as long as we believe it is necessary to fulfill the purposes for which the Personal Information was collected (including for the purpose of meeting any legal, accounting or other reporting requirements or obligations). Where there is no legal, fiscal, administrative, or contractual requirement to retain information for a longer or shorter period, information will be destroyed within five (5) years of its collection. You may request that we delete the Personal Information about you that we hold, as described above.

Affiliates. Depending on your use of the Services, we may share your information between different wholly-owned subsidiaries of Sharecare. For example, if you participate in one of the programs offered by our affiliate, MindSciences, Inc. (Eat Right Now, Craving to Quit, Unwinding Anxiety), your information may be shared with personnel employed by Sharecare. Similarly, if you engage with our CareLinx home care products which may be offered through our affiliates CareLinx, Inc. and/or Sharecare-CL, LLC, your information may be shared with Sharecare personnel.

Cookies. We use a cookie banner to obtain your consent to the use of cookies. In addition to refusing to provide your consent, you may also set your browser or device to block all cookies, including cookies associated with our Services, or to indicate when a cookie is being set by us. However, many of our Services may not function properly if your cookies are disabled. For example, we may not remember your location preferences. See our Cookie Policy for more information.

Information Shared By You. Many of our Services let you share information with others. Remember that when you share information publicly, it may be indexable by search engines. Our Services provide you with different options on sharing and removing your content.

Information of Children. The Services are not directed to or intended for use by minors. In compliance with laws, we will not intentionally collect any Personal Information from children under the age of 18. If you think that we have collected Personal Information from a minor child, please contact us.

When This Privacy Policy Applies

This Privacy Policy applies specifically to consumer (i.e. non-HIPAA-governed) health-related data we collect and process. For more general information on our privacy practices, please see our general privacy policy.

Compliance and Cooperation with Regulatory Authorities

We regularly review our compliance with our Privacy Policy. When we receive a formal written complaint, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Information that we cannot resolve with our users directly.

Changes to this Privacy Policy

Our Privacy Policy may change from time to time. This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party. If we change this Privacy Policy, we will post any privacy policy changes on this page and, if the changes are material, we will provide a more prominent notice by sending you an email and/or posting a notice in the Services. Sharecare reserves the right to modify this Privacy Policy at any time, so please review it frequently.

Last modified: June 1, 2024