Updated: December 15, 2021
Please read this policy carefully before using our Website, the Cue Health App, and the Cue Test.
How Do We Collect and Use Your Information?
The use of Personal Information we collect about you depends on how and why you interact with us. These uses may include security purposes to protect the Services and other specific purposes, which we will indicate to you at the time your information is collected.
- Your account information. When you provide information through the Cue Health App, such as when you create an account or set up a profile in your account for yourself or others, we collect your email address, name, birth date, state, and zip code. We may also collect your geolocation information if you choose to provide it. If you are a health care provider, we may also collect a medical record number or other patient identifiers. We use this information to provide you with the Cue Test, to improve and enhance our Services, including developing new products, features, and functionality, to communicate to you regarding updates to the Cue Health App, to verify your email account, and additional communications related to your use of the Cue Health App and Services, and to comply with our legal obligations.
- Your Cue test results. When you use the Cue Test, we collect your test results. If you have an account, your test results may be stored under any profile you have created under your account. We also collect run time data, like cartridge reader serial number, and cartridge reader status data, such as battery level, cartridge serial number, and the date and time you took the Cue Test. We collect this information to provide your test results, improve and enhance our Services, and to comply with our legal obligations.
- Camera, Audio, Images & Video: With your consent, the Cue Health App may access your mobile device’s camera and audio for additional limited purposes. You may have the option to these mobile device features to: 1) scan a QR code located on the Cue Health Monitoring system to match it to your profile in the Cue Health App; 2) scan a barcode, badge, or other code to confirm your identification, if your user account is associated with other services provided by Cue; 3) take and attach a photo to the user profile in the Cue Health App; 4) record and transmit audio and video using the microphone and camera for identity verification when using Supervised Testing and Virtual Care (in limited circumstances) with your consent; and 5) any other purpose as specified and with your consent.
- Bluetooth: The mobile application must access your mobile device’s Bluetooth to connect and communicate with the Cue Health Reader in order to communicate your test results and test status to you in the Cue Health App.
- SSID: The mobile application uses SSID and WiFi to connect to the internet and for additional location capabilities described in this policy.
- Files in media/ shared directories: The mobile application uses the media on your mobile device and shared directories in order to add profile photos and save pdf results at your request.
- Mobile device and technical information. When you use the Cue Health App, we collect technical information such as the type of mobile device you use, your device-operating characteristics, a unique device identifier, location information, and other information about your session on the Cue Health App. We use this information to provide you with the Cue Health App and to improve and enhance our Services. We also use technologies, such crash logs, that provide mobile identifiers and details about your mobile device manufacturer and operating system, to collect technical information about your use of our Services that resulted in a crash or error. We use these tools to improve the quality of our service, including for storing user preferences, tracking user trends, and providing relevant advertising to you.
- Customer service requests. When you contact us, such as when you contact us through the Services to inquire about our products or obtain support for our products, we collect your name and email address. We use this information that you provide to us to respond to your inquiries and to tell you new opportunities, products or services.
- Device and geolocation information. When you use our Website, we may collect information about how you use the Website and the device you use to access it. This includes information like your device IP address, device ID, type of browser/operating system, and information about the pages you viewed. We use this information to ensure our Website can be used on your device, to personalize and tailor your experience on the Website, and to improve the functionality of the Website by understanding general usage traffic and trends.
We may also de-identify your Personal Information in accordance with the requirements of the Health Insurance Portability and Accountability Act (“HIPAA”) and use such De-Identified Information created by us without restriction, including to create aggregate data for research, product development or enhancement, or statistical analysis.
How Do We Share Your Personal Information?
We will not sell your Personal Information or Health Information to third parties.
We may share your Personal Information in limited circumstances, including in our capacity as a “Business Associate” under HIPAA for Services provided to Covered Entities, or as a “health care provider” under the California Confidentiality of Medical Information Act (“CMIA”), and as follows:
- With subcontractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations (including Business Associate Agreements when applicable) to keep Personal Information and Health Information confidential and use it only for the purposes for which we disclose to them;
- With your health care provider, health care professional, health plan, employer, employer’s clinical team, health care benefits consultant, or benefits manager clinical team if your use of the Services is made available and paid for by such group or if we have the requisite authorization to do so;
- As required by state or federal law, which can include providing information as required by statute, regulation, subpoena, court order, legal process, government request, or as otherwise required by law;
- To report, either directly or indirectly, to the federal Food and Drug Administration adverse events related to medical device problems;
- To report to the Centers for Disease Control and Prevention or other federal agency and/or state government agencies as required for public health surveillance and related purposes; and
- For a merger, sale, or other asset transfers in connection with a corporate transaction, in which we are acquired by or merge with another company.
We may also share De-Identified Information created by us without restriction, including to create aggregate data for research, product development or enhancement, or statistical analysis.
You also provide us information in other ways, such as via your browser’s cookies or through similar technologies when you use or view our Website. Cookies are text files placed on your computer to allow us to facilitate an ongoing internet interaction. We collect information such as your Internet Protocol address, browser software used, requests submitted to our web-servers, date and time the Website was accessed, and statistical information about which Website pages you visited. We use this information to improve the quality of our Website including for storing user preferences and tracking user trends.
We use Google Analytics to collect and process Website data. We do not share Personal Information with Google Analytics. You may access “How Google uses data when you use our partners' sites or apps”, (located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time) to find out about how Google Analytics uses your data or how to opt out of Google Analytics.
Cue does not track its visitors over time and does not track across third party websites to provide targeted advertising, and therefore does not respond to Do Not Track (“DNT”) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, most web browsers will allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.
How Can You Access and Update Your Information and Preferences?
You can access and update certain information we have relating to your account (e.g., email, profile information, and preferences) by signing into your account and going to the “My Account” section of the Cue Health App.
You may also opt out of our marketing communications at any time, by clicking the “Unsubscribe” link at the bottom of the email.
Your California Rights
California residents are entitled to the following privacy rights:
- The right to know and access the following information about our data collection practices in the last 12 months: (i) the categories of Personal Information we have collected about you; (ii) the categories of sources from which we have obtained your Personal Information; (iii) our business purposes for collecting your Personal Information; (iv) the categories of any third parties with whom we have shared your Personal Information; and (v) the specific pieces of Personal Information we have collected about you.
- Within the preceding 12 months, Cue has collected the categories of Personal Information detailed in “How Do We Collect and Use Your Personal Information?” above.
- Within the preceding 12 months, Cue has disclosed for a business purpose the categories of Personal Information detailed in “How Do We Collect and Use Your Personal Information?” above.
- The right to request deletion of your Personal Information.
You may exercise any of these rights by contacting us at email@example.com. If you choose to exercise any of these rights, Cue will not discriminate against you in any way. If you do exercise certain rights, understand that you may be unable to use or access certain features of the Website.
How Is Your Information Protected?
We use industry standard physical, technical and administrative security measures and safeguards in compliance with HIPAA to protect the confidentiality and security of Personal Health Information. We also have safeguards in place to protect the confidentiality and security of Personal Information. However, even with these safeguards, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. Therefore, we urge you to keep your Personal Information in a safe place and to use caution when sending sensitive personal information to us. You can report any security violations or breaches to us by contacting us at firstname.lastname@example.org or by calling us at 833.CUE.TEST (833.283.8378).
How Long Will We Keep Your Information?
We retain collected information for as long as necessary to provide you with your requested service. In certain circumstances, we also maintain Personal Information in order to comply with our legal and regulatory obligations, and to defend potential claims against Cue.
Note to International Users
We are committed to protecting the privacy of children. The operation of our Cue Health App is intended for adult users over the age of 18. In the event that we learn that we have inadvertently collected personal information from a child under the age of 18 (or such older age of majority) without the consent of their parent or legal guardian, we will use reasonable efforts to quickly delete that information. Cue does not require disclosure of more information than is reasonably necessary to use the Cue Health App and Services.
A parent or legal guardian may add profiles to their account including their children aged 17 or under. However, there is no experience for children in our app and we do not offer children an account or any content. We collect the following information from parents or legal guardians about their children to enable them to manage their child’s profile, review test results, and use other Services:
- First, middle, and last name, which may be a unique identifier or pseudonym provided at the discretion of the parent or legal guardian
- Relationship to the authorized account user
- Date of Birth
- State of Residence
- Zip Code
- Test results and other information generated through the use of the Services through the Cue Health App
Parents are verified and provide consent for Cue to collect and process their child’s personal information. We use trusted third party PRIVO to manage the parent verification and consent. PRIVO, is an FTC approved COPPA Safe Harbor. All information collected for verification is stored securely and not used for any other purpose. For more information on PRIVO please see here: https://www.privo.com/platform-privacy-policy.
Who will see my Child’s personal information? Please see the section titled “How Do We Share Your Personal Information?” for details on how and why we may disclose your child’s personal information.
We may share your child’s personal information with the following third parties identified at this link, which is updated as necessary with the name of the third-party, the type of data shared with that third-party, and the purpose for sharing that data with the third-party.
For any inquiries about any of these third-parties, you may contact us at:
Parents may review and request deletion of their child’s profile and associated personal information and can deny further collection of your child’s information by contacting us at email@example.com.
How Will You Know if This Policy Changes?