Sana Health Privacy Policy 

Last updated: February 4, 2022

This “Privacy Policy” describes the privacy practices of Sana Health, Inc. (“Sana Health”, “we”, “us”, or “our”) in connection with the https://www.sana.io/ website, the Sana Health mobile application (the “mobile application” or “App”), any other website or mobile application that we own or control and which posts or links to this Privacy Policy and the Sana Health device (collectively, the “Services”). This Privacy Policy also describes the rights and choices available to individuals with respect to their information.

We provide this Privacy Policy to explain what personal information we may collect through our Services, how we may use this information, and under what circumstances we may disclose this information to third parties or others.

Depending on your activities when visiting our website, you may be required to agree to additional terms and conditions. We may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect information. These supplemental privacy policies will govern how we may process the information in the context of the specific product or service.

Contents

Personal Information We Collect . . . . . . . . . . . . 1

How We Use Your Personal Information . . . . . . 4

How We Share Your Personal Information . . . . .7

Your Choices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Links to Other Sites and Services . . . . . . . . . . . 9

International Data Transfers . . . . . . . . . . . . . . . . 9

Age Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Privacy Policy Changes . . . . . . . . . . . . . . . . . . . . .9

How to Contact Us . . . . . . . . . . . . . . . . . . . . . . . .10

Personal Information We Collect

The type of information that we collect depends on the nature of your interactions on our Services. 

Information you provide to us.  Personal information you choose to provide to us through the Services or otherwise includes: 

  • Contact information, such as your first and last name, email, phone number, and mailing address. 

  • Profile information, such as your username and password that you may set to establish an online account with us. 

  • Diagnostic information, such as your self-reported average sleep quality, pain level, and mood. We will also record information you log voluntarily in your journal. The type and level of detail in this information is at your discretion. 

  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online. 

  • Demographic Information, such as your gender, race, city, state, country of residence, postal code, and birthdate. 

  • Precise geolocation information, such as when you authorize our mobile application to access your location. 

  • Transaction information, such as information about payments to and from you and other details of the products you have purchased from us. 

  • Usage information, such as information about how you use the website and App and interact with us, including information associated with any content you upload to the websites or otherwise submit to us, and information you provide when you use any interactive features of the Services. 

  • Marketing information, such as your preferences for receiving communications about our newsletters, events, and publications, and details about how you engage with our communications. 

  • Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection. 

Information we collect through the Sana Health Device. Personal information automatically collected through the Sana Health Device includes: 

  • Usage Information automatically collected when you use the Sana Health device.

  • Health-related data, such as heart rate data collected through the sensor located on the Sana Health device.

Information we obtain from social media platforms.  We may maintain pages for Sana Health on social media platforms, such as Facebook, Twitter, Instagram, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.

Information we obtain from other third parties.  We may receive personal information about you from third-party sources. We may obtain your personal information from other third parties, such as: publicly-available sources; and business partners. 

Third-Party Analytics. We use a third-party analytics service, Google Analytics for Firebase, to evaluate your use of the App, compile reports on activity, collect demographic data, analyze performance metrics, and collect and evaluate other information relating to the App usage. You consent to the processing and collection of data about you by Google Analytics for Firebase in the manner and for the purposes set out in this Privacy Policy and Google Analytics for Firebase Collection Summary & Resources found at https://support.google.com/firebase/answer/6318039?hl=en&ref_topic=6317497. 

The information that Google Analytics for Firebase collects regarding you and your use of the App and your interactions with us and information regarding your device used to access the App includes the data and information listed at the following link: https://support.google.com/firebase/answer/6318039?hl=en and the following (collectively, the “Information”): 

(i) From Your Activity. We and Google Analytics for Firebase may collect or receive information regarding:

(A) IP address, which may consist of a static or dynamic IP address and will sometimes point to a specific identifiable computer or mobile device; IP address is used to derive user location 

(B) date and time; and 

(C) details regarding your activity on the App, such as search queries and other performance and usage data. 

(ii) About Your Mobile Device. We and Google Analytics for Firebase may collect or receive information regarding:

(A) type of mobile device; 

(B) operating system and version (e.g., iOS, Android or Windows); 

(C) carrier; and 

(D) network type (Wi-Fi, 3G, 4G, 5G, LTE). 

Information we collect automatically. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Services. Like most website operators, Sana Health collects information of the sort that web browsers and servers typically make available, such as your browser type, operating system type and version number, manufacturer and model, device identifier (such as Google Advertising ID or Apple ID for advertising), screen resolution, IP address, language preference, referring site, information about your use of and actions on the Services, navigation paths between pages or screens, information about your activity on a page or screen, and the date and time of each visit to our website. Our service providers and business partners may automatically collect this information from you over time and across third-party websites and mobile applications. 

On our webpages, we may collect information automatically using cookies, browser web storage (also known as locally stored objects, or “LSOs”), Flash-based LSOs (also known as “Flash cookies”), web beacons, and similar technologies, and our emails may also contain web beacons. In our mobile application, we may collect this information directly or through our use of third-party software development kits (“SDKs”). SDKs may enable third parties to collect information directly from our app. 

A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Browser web storage, or LSOs, are used for similar purposes as cookies. Browser web storage enables the storage of a larger amount of data than cookies. A “web beacon,” also known as a pixel tag or clear GIF, is typically used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of our websites. A SDK is third-party computer code that we may incorporate into our mobile applications that may be used for a variety of purposes, including to provide us with analytics regarding the use of our mobile applications, to integrate with social media, add features or functionality to our app, or to facilitate online advertising 

Web browsers may offer users of our websites or mobile apps the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly.  

How We Use Your Personal Information 

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time we collect it: 

To provide, operate and maintain the Services. We may use your personal information to: 

  • provide, operate and improve the Services; 

  • provide information about our products and services; 

  • establish and maintain your user profile on the Services; 

  • communicate with you about the Services, including by sending you shipping alerts, updates, security alerts, support and administrative messages, and information related to your account; 

  • understand your needs and interests, product usage, and personalize your experience with the Services and our communications; 

  • provide support and maintenance for the Services; 

  • respond to your requests, questions and feedback; and 

  • understand how you use our websites and mobile application. 

For research and development. We may use your personal information for research and development purposes, including to analyze and improve the Services and our business. 

To send you marketing and promotional communications. We may send you Sana Health-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing communications section below. 

To display advertisements. We may use your personal information to advertise our product and Services to you on our websites and mobile application. Please review “Information we collect automatically" to learn more about how we may use cookies and other tracking technologies to display advertisements. 

To comply with law. We may use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities. 

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. 

To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business. From time to time, we may release anonymous, aggregated or de-identified information by, for instance, publishing a report on the usage trends of our Services. 

To engage with 3rd party vendors. You authorize us and Google Analytics for Firebase to use the Information to provide and improve our App as follows: 

We engage third-party companies and individuals to perform functions on our behalf. Examples may include providing technical assistance, customer service, marketing assistance, and administration of promotional programs. These other companies will have access to the Information only as necessary to perform their functions and to the extent permitted by law. 

In an ongoing effort to better understand our users, the App, and our products and services, we may analyze certain Information in anonymized and aggregate form to operate, maintain, manage, and improve the App and/or such products and services. This aggregate information does not identify you personally. We may share and/or license this aggregate data to our affiliates, agents, business and promotional partners, and other third parties. We may also disclose aggregated user statistics to describe the App and these products and services to current and prospective business partners and investors and to other third parties for other lawful purposes. 

In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Information may be part of the transferred assets. 

To the extent permitted by law, we may also disclose the Information: 

(i) when required by law, court order, or other government or law enforcement authority or regulatory agency; or 

(ii) whenever we believe that disclosing such Information is necessary or advisable, for example, to protect the rights, property, or safety of us or others, including you.

Retention. We generally retain personal information to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing.

How We Share Your Personal Information

We do not share your personal information with third parties without your consent, except in the following circumstances or as described in this Privacy Policy: 

  • Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Services (such as payment processors, logistics companies, hosting, analytics, email delivery, customer support, information technology, marketing, and database management services). 

  • Business partners. We may share your personal information with partners or enable partners to collect information directly via our Services. For example, we may share data with insurance companies. 

  • Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us. 

  • For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above. 

  • Business transferees. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

We make commercially reasonable efforts to verify that the parties with whom our App shares personal information provide a level of protection of personal information consistent with the practices described in this Privacy Policy, except that all such parties described above other than service providers may, to the extent permitted by law, use personal information as described in their own privacy policies.

Your Choices

In this section, we describe the rights and choices available to all users.

Access or Updated Your Information. If you have registered for an account with us, you may review and update specific personal information in your account profile by logging into the account. Sana does not store personal health information in your account. If you wish to review and limit certain health-related data that you may have provided, you should contact Sana Customer Service, who will assist you with that review and / or deletion at your request.

Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us at privacy@sana.io. You may continue to receive service-related and other non-marketing emails.

Cookies & Browser Web Storage. We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity over time and across the Services and third-party websites. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Sites may not work properly. Similarly, your browser settings may allow you to clear your browser web storage.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit www.allaboutdnt.com.

Delete your content or close your account. You can choose to delete certain content through your account. If you wish to request to close your account, please contact us.

Security

The security of your personal information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we employ a number of organizational, technical and physical means designed to protect your personal information and comply with all the appropriate laws including HIPAA, we cannot guarantee its security.

Links to Other Sites and Services

Our Services may contain links to external sites and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. If you click on a third-party link, you will be directed to that third-party site. We strongly advise you to review the privacy policy and terms and conditions of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites, products or services.

International Data Transfers

We are headquartered in the United States and may use service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, province, or country.   

Age Restrictions

Our Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us. We will delete such information from our files as soon as reasonably practicable. We encourage parents with concerns to contact us.

Privacy Policy Changes

Sana Health reserves the right to change its Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Services. If required by law, we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail or another manner through the Services. Sana Health encourages visitors to check frequently this page for any changes to its Privacy Policy. In all cases, your continued use of the Services after any change in this Privacy Policy will indicates your acceptance of the modified Privacy Policy. 

How to Contact Us

Please direct any questions or comments about this Policy or privacy practices to privacy@sana.io. You may also write to us via postal mail at:

Sana Health, Inc.
Attn: Legal – Privacy
2051 Dogwood St, STE 220
Louisville, CO 80027