Cue Health Privacy Policy
Updated: January 18, 2023
About Cue
Cue Health Inc. (“Cue,” our,” we,” us) is a US based healthcare technology company that puts diagnostic information at the center of care. You can contact us in the following ways:
- By email at legal@cue.me, to our Privacy Officer and Legal Department
- By U.S. postal mail at the following address: Cue Health Inc., 4980 Carroll Canyon Rd., Suite 100, San Diego, CA 92121,
- By telephone toll-free at 833.CUE.TEST or 833.283.8378.
What this Privacy Policy covers
This Privacy Policy (“Policy”) covers:
- https://cuehealth.com and other sites we own and operate (the “Website”),
- Cue COVID-19 Test for Home and Over the Counter Use,
- Cue COVID-19 Test for Professional Use,
- Cue Health Mobile Application (the “Cue Health App”),
- Cue Care™,
- Cue Health Monitoring System, used with the Cue Test Cartridge and Cue Sample Wand for collection of the test specimen (collectively called the “Cue Test”),
- At-Home Test Kits,
- Cue Virtual Care (Furnished by 98point6®),
- See 98point6’s Privacy Policy for their privacy practices
- Cue Supervised Test, and
- Other products, applications, services, and sites we operate (collectively, the “Services”).
About this Privacy Policy
This Policy shares information about how we collect and use information relating about you (“Personal Information”). This includes health information, such as test results (“Health Information”). When Cue performs Services on behalf of Covered Entities under HIPAA, this Health information is considered Protected Health Information (“PHI”). This Policy also covers a new category of Personal Information defined by new state specific privacy laws (“Sensitive Personal Information”) in the United States which includes:
- Government issued identification,
- Account information that would allow unauthorized access of an account (account ID in combination with a password),
- Health information,
- Personal Information from children,
- Precise geolocation (location specific enough to identify a person within a 1,750-foot circle radius)
- Racial/ethnic origin, immigration/citizenship status,
- Sex life/orientation, or
- As defined under applicable privacy laws.
Cue will not collect or use Sensitive Personal Information unless we have a lawful reason to do so. This includes your consent, providing clear notice with the option to opt-out, or other reason defined under applicable privacy laws.
Privacy regarding individual accounts in the Cue Health App
An individual can install the Cue Health App on a mobile device and register for an account (“Account Owner”). The Account Owner can set up multiple profiles in the account for patients (for laboratories/health care providers/health care professionals) and/or their children, family members, or others (for consumers). Cue test results can be saved under any of these profiles.
The Account Owner will have access to Personal Information and Health Information under each of these individual profiles.
The Account Owner should only create individual profiles where they have the legal authorization or valid consent of the individual.
Acting on behalf of another individual
If you create a profile for someone other than yourself (an “Authorizing Individual”), you represent that this person is aware of this Policy. You also represent that you are authorized to provide us their Personal Information.
External Links
The Website and Cue Health App may contain links to third-party sites. You should review the privacy policy of any third-parties since we do not own them. We do not share Personal Information or Health Information with those other sites or services unless specifically stated in this Policy.
Changes to this Policy
We will update this Policy if there are changes in our privacy practices or privacy laws. If this happens, we will list the date in the “Updated” section above. You should check this Policy regularly since we work to continuously improve and update the Cue Health App, Website, and Services.
Rights over your Personal Information
You have rights over your Personal Information. We will respond to you within 30 days. Some privacy laws allow for extensions. We will inform you if we use an extension. Email us at support@cuehealth.com to exercise your rights which include:
- To know what Personal Information we collect about you,
- To get a copy of the Personal Information we have about you,
- To correct inaccurate or incomplete Personal Information we have about you,
- To object to certain uses of your Personal Information,
- To erase Personal Information we have about you, subject to certain limitations,
- To directly file a complaint about us to a privacy authority (see the table below on how to exercise this right), and
- To not be discriminated against when exercising these rights.
| State or Privacy Law | Link to contact the privacy authority |
|---|---|
| California | https://oag.ca.gov/contact/consumer-complaint-against-business-or-company |
| Colorado | https://coag.gov/file-complaint/ |
| Connecticut | https://portal.ct.gov/AG/Common/Complaint-Form-Landing-page |
| Utah | https://consumerprotection.utah.gov/complaints.html |
| Virginia | https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint |
| HIPAA related complaints | https://www.hhs.gov/hipaa/filing-a-complaint/index.html |
Please email us at legal@cue.me to report any broken links.
You can also access and update Personal Information we have in your account (e.g., email, profile information, and preferences). To do this, sign into your account and go to “My Account” section of the Cue Health App.
Right to appeal denials to rights over your Personal Information
You have the right to appeal if we deny rights over your Personal Information. Email us at support@cuehealth.com. Please include any new information you feel should be considered for the appeal.
We will use a new reviewer who was not involved with the denial. We will use any new information you provide us. We respond within 30 days with our decision including explanation. If applicable privacy law allows for an extension, we will provide written notice. You may file a complaint directly with a privacy authority if you disagree with the outcome of the appeal.
Your California Rights (updated January 18, 2023)
In addition to rights explained to you in this Privacy Policy, California residents also have the following rights:
- To know what Personal Information we have collected about you over the last 12 months,
- To know what Business Purposes we use your Personal Information for,
- To limit the use or disclosure of Sensitive Personal Information if Cue uses it for reasons other than explained in this Policy
You may exercise your rights by emailing us at support@cuehealth.com or calling us at 833.CUE.TEST or 833.283.8378.
Any questions or concerns about California Rights may be directed to legal@cue.me
Does Cue sell my Personal Information or Sensitive Personal Information?
No. Cue does not sell your Personal Information or Sensitive Personal Information.
Targeted Advertising and opting out
Cue displays advertisements (“Targeted Advertising”) based on the collection of your Personal Information based on activities on our Websites. You can opt-out of Targeted Advertising associated with our Website and Services by:
- Changing the Cookies settings on our Websites, or
- Contacting us at support@cuehealth.com, or
- Clicking the “Unsubscribe” link at the bottom of emails you receive from us.
Where we get your Personal Information and what do we do with it?
This table provides information on what Personal Information we collect, where we get it from, and what purposes we use it for (“Business Purposes”).
| Personal Information collected | Where we get it from | Business Purpose |
|---|---|---|
| Health Information or Protected Health Information (“PHI”) which includes any medical record number or other identifier, any PHI legally provided to us in our capacity as a Business Associate and limited to uses under a Business Associate Agreement (“BAA”). | From your healthcare provider (“Covered Entity”), the organization or company you work for that has hired Cue to provide Services to you, from labs or other healthcare entities involved with your treatment and care associated with the Cue Health App or our Services. | To provide Services as defined by written agreements we have with Covered Entities, other Business Associates, or as you direct us to or as specified in this Privacy Policy or any HIPAA Authorization you completed with a Covered Entity. |
| Customer service requests which includes your name, contact information. | From you when you contact us for support from us regarding our Services or when making inquiries. | To respond to your inquiries and to tell you new opportunities, products, or services. |
| Your account information which includes email address, name, birth date, state, and zip code, medical record number or another patient identifier. | From you when you provide information through the Cue Health App. | To provide you with the Cue Test, to improve and enhance our Services, including developing new products, features, and functionality, to communicate to you regarding updates to the Cue Health App, to verify your email account, and additional communications related to your use of the Cue Health App and Services, and to comply with our legal obligations. |
| Camera, Audio, Images & Video from your mobile device’s camera and microphone. | From you from the Cue Health App with your consent from your mobile device. | To match your profile in the Cue Health App, to scan bar codes, QR codes, or other code to verify your identity, for photos you choose to associate with a user profile in the Cue Health App, to identify and verify when using Supervised Testing and Virtual Care (in limited circumstances with your consent). |
| Your Cue test results which include the outcome of your test, run time data, cartridge reader serial number, and cartridge reader status data, such as battery level, cartridge serial number, and the date and time you took the Cue Test | From the Services we provide that result from information we collect from you. | To provide your test results, improve and enhance our Services, for Sexually Transmitted Infections (“STIs”) to report to state or federal health agencies as legally required to ensure public safety and prevent further spread or infection, and to comply with our legal obligations. |
| Bluetooth data which includes short-range radio waves created and received by your mobile device. | While Bluetooth data itself does not usually contain data, the Cue Health App will use your mobile device’s Bluetooth to transmit information. | To communicate your test results and test status in the Cue Health App. |
| Service set identifiers (“SSID”) which is a unique identifier and provides the name of the network you are using. | From the wireless network you use in connection with our Cue Health App. | To connect to the internet and for general location capabilities (not any more specific than the zip-code level). |
| Files in media/ shared directories which includes photographs, audio or video files or portable document files (“PDFs”). | From you with your consent from the files and directories in your mobile device. | For you to voluntarily submit profile photos or to safe results (in PDF) upon your request. |
| Mobile device and technical information which includes the type of mobile device you use, your device-operating characteristics, a unique device identifier, location information, crash logs, and other information about your session on the Cue Health App. | From your mobile device through the use of our Cue Health App. | To provide you with the Cue Health App and to improve and enhance our Services, to address crashes or errors associated with the use of our Services, user preferences, user trends and relevant advertising as permitted by applicable law. |
| Device information which includes how you use our Website, the device you use to access it, device ID, type of browser/operating system, and information about the pages you viewed | From you through your mobile device’s operating system. | To ensure our Website can be used on your device, to personalize and tailor your experience on the Website, and to improve the functionality of the Website by understanding general usage traffic and trends. |
We may also de-identify your Personal Information in accordance with the requirements of HIPAA or other privacy laws (“De-identified Information”). Privacy laws do not cover De-Identified Information. Cue may use De-identified Information to create aggregate data for research, product development or enhancement, statistical analysis, or other uses as permitted by applicable privacy laws.
Third-parties we share your information with and why
This table shares what third-parties we share your Personal Information with and what they do with it.
| Third-party | Business Purposes |
|---|---|
| Subcontractors, service providers, and other third parties under contract with Cue | To help support us in providing our Services. |
| Center for Disease Control and Prevention, state, or other federal health agency | To the extent required by law, for public health surveillance and to prevent further spread of infectious disease, such as STIs. |
| Health care provider, health care professional, health plan, employer, employer’s clinical team, health care benefits consultant, or benefits manager clinical team | To provide Services as part of care you are receiving from your healthcare team, or where the company you work for provides and pays for our Services to you. |
| Regulatory authority, court, or other legally authorized recipient directed by statute, regulation, subpoena, court order, legal process, government request, or as otherwise required by law. | In limited and specified purposes as legally required by law by the third-party (court, government order, law enforcement). |
| Food and Drug Administration and other health authorities | To report adverse events related to medical device problems. |
| Any companies in connection with a corporate transaction | If we are acquired by or merge with another company. |
Cookies
Cookies are created when your internet browser loads a website. This website sends a small text file to your browser. Your browser sends this text file to the website server the next time your visit. This allows you to pick up where you left off at the website. Cookies serve as bookmarks for a website, and they can also operate across several websites.
Cookies can also be used for Targeted Advertising. Cue conducts Targeted Advertising only for our Websites and you have the legal right to opt-out at any time. Please see our Cookie Policy for more information on our Cookie practices.
Use of Google Analytics
We use Google Analytics to collect and process Website data. We do not share Personal Information with Google Analytics. You may access “How Google uses data when you use our partners’ sites or apps”, (located at https://policies.google.com/technologies/partner-sites , or any other URL Google may provide from time to time) to find out about how Google Analytics uses your data or how to opt out of Google Analytics.
Protecting your Personal Information
Cue has a written information security and privacy program. We use appropriate administrative, physical, and technical safeguards. We include safeguards specifically required under the HIPAA Security Rule. We assess our safeguards to see how we can adapt to new threats to the confidentiality, integrity, and availability of Personal Information.
Even with the safeguards we use, we cannot completely guarantee the security of any Personal Information you provide us. You should always keep your Personal Information in a safe place. You can report any suspected security violations or incidents involving Personal Information by contacting us at legal@cue.me or by calling us at 833.CUE.TEST (833-283-8378).
How long we keep your Personal Information
We keep Personal Information only as long for as needed to provide the Services you requested. We will only keep your Personal Information under certain circumstances. This includes complying with legal or regulatory requirements, defend potential legal claims against us, or as required or allowed under applicable laws.
International Users
Our Services are mainly for use within the North America (United States and Canada). Our Website and Cue Health App use cloud-based servers located within the United States.
We recognize that International Users may have more protections than what US or Canadian laws provide (example is the European Union General Data Protection Regulation or “EU GPDR”). We will protect your Personal Information as described in this Policy. Any questions or concerns may be forwarded to legal@cue.me.
Children’s Privacy Policy
To protect the privacy of children’s Personal Information, we follow requirements from the Children’s Online Privacy Protection Act (“COPPA”). This Children’s Privacy Policy provides important information about our privacy practices regarding children.
The Cue Health App is mainly intended for adult users (18 years or older). There are some Services for children. However, children are not able to create accounts for themselves without involving a parent or legal guardian.
We will use reasonable efforts to quickly delete any Personal Information we accidentally collect from a child that does not have parent or legal guardian consent.
Parents and legal guardians can add profiles to their account including their children aged 17 or under. We collect the following Personal Information from parents or legal guardians about their children. This Personal Information allows them to manage their child’s profile, review test results, and use other Services:
- First, middle, and last name, which may be a unique identifier or pseudonym provided at the discretion of the parent or legal guardian,
- Relationship to the authorized account user,
- Date of Birth,
- State of Residence,
- Zip Code,
- Test results, and
- New Personal Information created by the use of the Services through the Cue Health App.
Any Personal Information collected will not be used for any other purpose than what is communicated in this section and our Policy.
There are specific third-parties that handle the Personal Information of parents, legal guardians, and children. Click this link to learn about these third-parties. Updates will be made when there are changes.
Cue uses a trusted third party, PRIVO, to help ensure our privacy practices follow the COPPA rule. PRIVO is a Federal Trade Commission (“FTC”) approved COPPA Safe Harbor Program. PRIVO verifies and manages consent provided by parents and legal guardians for children.
Visit https://www.privo.com/platform-privacy-policy to learn about PRIVO’s privacy practices.
Parents and legal guardians can:
- Refuse to participate in the Cue Health App or Services;
- Request deletion of their child’s profile and their own Personal Information,
- Deny further collection of the Personal Data of their children, and
- Request information through us about all third-parties that handle Personal Information on our behalf related to your child’s data
We can be contacted in any of the following ways:
- By email at legal@cue.me, to our Privacy Officer and Legal Department,
- By U.S. postal mail at the following address: Cue Health Inc., 4980 Carroll Canyon Rd., Suite 100, San Diego, CA 92121, or
- By telephone toll-free at 833.CUE.TEST or 833.283.8378.