Patient Privacy Policy

THIS PATIENT PRIVACY POLICY APPLIES TO PERSONAL INFORMATION COLLECTED BY SPIRE, INC., DOING BUSINESS AS SPIRE HEALTH (“Spire Health”, “We”, “Us” and/or “Our”) FROM USERS OF OUR APPLICATIONS (THE “APPLICATION”) OR OTHER SERVICES (COLLECTIVELY, THE “SERVICES”).  “PERSONAL INFORMATION” INCLUDES ANY INFORMATION THAT CAN BE USED ON ITS OWN OR WITH OTHER INFORMATION TO IDENTIFY OR CONTACT A SINGLE PERSON OR TO IDENTIFY IN CONTEXT. IF WE CAN LINK PARTICULAR INFORMATION (DIRECTLY OR INDIRECTLY) TO AN INDIVIDUAL, WE WILL CONSIDER THIS INFORMATION “PERSONAL INFORMATION,” AND WE WILL PROTECT IT.

We at Spire Health value keeping Your Personal Information confidential and using it solely in the context of Our mission to provide Our Services to gather information related to Your health, fitness and other activities (i) if you are a patient, in order to aid You and Your healthcare providers (“Providers”) in making informed decisions about Your care or (ii) if you are participating in a research study, to the research clinic at which You are participating in a research study based, in part, on the collection of Your Personal Information (“Research Clinic”).

BECAUSE THE PERSONAL INFORMATION WE COLLECT AND TRANSMIT MAY INCLUDE HEALTHCARE INFORMATION, INCLUDING MEDICAL INFORMATION, OUR PRIVACY PRACTICES ARE INTENDED TO COMPLY WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA”).  WE WILL MAINTAIN THE PRIVACY OF YOUR HEALTH INFORMATION AS REQUIRED BY HIPAA AND THE REGULATIONS PROMULGATED UNDER THAT ACT.

We believe that transparency about the use of Your Personal Information is important.  In this Privacy Policy, We provide You detailed information about Our collection, use, maintenance, and disclosure of Your Personal Information. The policy explains what kind of information We collect, when and how We might use that information, how We protect the information, and Your rights regarding Your Personal Information.

Please read the following carefully to understand Our views and practices regarding Your Personal Information and how We will treat it.  For the purposes of Applicable Data Protection Laws including the European Economic Area data protection law (the “Data Protection Law”), the Data Controllers are YOUR Provider and Spire, Inc., 2030 Harrison Street, San Francisco, CA 94110.

BY SUBMITTING YOUR PERSONAL INFORMATION THROUGH THIS APPLICATION, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS POLICY.  IF YOU DO NOT AGREE, PLEASE DO NOT LOG INTO OR ACCESS THE APPLICATION OR SERVICES AND DO NOT SUBMIT ANY INFORMATION TO US.

As a patient of one or more of Our participating Provider customers or a research subject for one or more of Our Research Clinic customers (a “Patient”), You have received an enrollment kit, which includes certain activity-monitoring devices, including the Spire Health Tag (“Devices”), a device pre-loaded with Our App, and Your registration code, from Your Provider or Research Clinic.  You would like to make information related to Your health, fitness and activities (“Health and Activity Data”) available to Your Providers or Research Clinic through the Service.

CAPITALIZED TERMS, IF NOT DEFINED IN THIS PRIVACY POLICY, ARE DEFINED IN THE TERMS OF SERVICE, WHICH IS ACCESSIBLE THROUGH THE APPLICATION.

What Information Do We Collect and Why?

Personal Data that You Provide through the Service: We collect Personal information such as certain demographic information from You when You voluntarily provide such information, such as when You create Your account on the Service, use the Devices in connection with the Service (including, without limitation, the software featured on the Devices and/or platforms made available by the third-party providers of the Devices (collectively, the “Integrated Services”)), contact us with inquiries, enter information into Our Site contact form, or use certain features of the Service. We use this information to create Your account and provide You with the Services.

In addition to demographic information, because You are a Patient, We may ask You to provide Your contact preferences, certain contact information, such as Your email address and mobile telephone number.  When using the Devices along with the App, Spire Health collects other Health and Activity Data to us in order to create Your account and provide You with the Services.  Such Health and Activity Data may include information including Your name, gender, height, weight, as well as data about Your use of Our Services and Devices, such as detailed information collected while monitoring Your movements and activity. This information may include data on Your posture and movements, Your activity level, calories You consumed, and other related biomechanical information such as Your respiration, heart rate, and sleep activity. We collect this information to provide You more customized Services and to communicate information to Your Provider or Research Clinic.

Wherever Spire Health collects Personal Information, We make an effort to provide a link to this Privacy Policy.

If You choose to create a User Account, We may also use Your Personal Information to (1) communicate with You about and manage Your User Account; (2) store data; (3) comply with the law; (4) respond to requests from public and government authorities; (5) to enforce Our terms and conditions; (6) manage and improve Our operations and applications; (7) provide additional functionality; (8) protect Our rights, privacy, safety or property, and/or that of Yours or others; and (9) allow us to pursue available remedies or limit the damages We may sustain.

Support Information:

IP Addresses; Device ID Information: Because You are accessing the Service on a mobile device, We may also collect Your device identification number and request access to settings and location information to analyze and report upon usage of the Service; to diagnose and prevent service or technology problems affecting the Service; and to monitor and prevent fraud and abuse.

Non-Identifiable Data Related to Operation of the Service: When You interact with Spire Health through the Service, We receive and store certain personally non-identifiable information. Such information, which We collect passively using various technologies, cannot presently be used to specifically identify You. We may store such information Ourselves or such information may be included in databases owned and maintained by Spire Health affiliates, agents or service providers. The Service may use such information and pool it with other information to track, for example, the total number of users of the Service, the number of visitors to each page of Our Site, and the domain names of Our visitors' Internet service providers. It is important to note that Spire Health does not use Personal Information for this process.

Aggregated Personal Data: In an ongoing effort to better understand and serve Our Customers, other users of the Service, Spire Health may conduct research on its user demographics and behavior based on the Personal Information We collect from You and the other information provided to us. This research may be compiled and analyzed on an aggregate basis, and Spire Health may share this research and related information in aggregated, de-identified and/or anonymized format with its affiliates, agents and other entities in the healthcare research and services entities, including without limitation insurance and pharmaceutical companies. For the avoidance of doubt, this aggregate information does not identify You personally. Spire Health may also disclose aggregated, de-identified and/or anonymized information in order to describe Our business and the Service to current and prospective business partners and Customers, and to other third parties for other lawful purposes.

Where Is Your Personal Information Stored And/Or Processed?

Information Spire Health collects through Our Application will be stored on secure U.S.-based servers.  The application is native to Your device, meaning information You enter into Our Application is also stored directly on the device You use to access and enter information into the Application.

Will Spire Health Share Personal Information With Anyone Else?

We consider Your information to be a vital part of Our relationship with You. There are, however, certain circumstances in which We may share Your Personal Information with certain third parties without further notice to You, as set forth below:

With Our Customers: If You are a Patient, We will share Your Personal Information and Health and Activity Data with Our Provider customer(s) that provide healthcare services to You or the Research Clinic in which You are participating in a research study. This will enable Your Provider or Research Clinic to track Your Health and Activity Data and combine such Health and Activity Data with other information about You that Your Provider obtains in providing healthcare services to You.

With Patient-Authorized Persons: If You are a Patient, You may have the option of identifying family and/or friends in the Spire Health application to view certain of Your information and receive alerts regarding Your health and/or activities (“Permissions”). If You designate permissions, We may make available certain of Your Personal Information and Health and Activity Data, and alerts related thereto, to such authorized user.

In the Event of a Business Transfer: Spire Health might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Information may be part of the transferred assets.

With Our Agents, Consultants and Related Third Parties: Spire Health, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information and maintaining databases.  When We employ another entity to perform a function of this nature, We only provide the entity with the information that it needs to perform its specific function.

To Meet Our Legal Requirements: Spire Health may disclose Your Personal Information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Spire Health, (iii) act in urgent circumstances to protect the personal safety of You, us, other users of the Service or the public, or (iv) protect against legal liability.

How Long Will Spire Health Retain The Information?

We store Your Personal Information for as long as You maintain an account and up to five (5) years after the account is closed. At the end of this five-year period, We will remove Your Personal Information from Our databases and will request that Our business partners remove Your Personal Information from their databases.  However, once We disclose Your Personal Information to third parties, We may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom We have made those disclosures.  Written requests for deletion of Personal Information other than as described should be directed to hello@spire.io.  We retain anonymized data indefinitely.

Does Spire Health Utilize Cookies in the Services?

Spire Health does not utilize cookies to collect information about you through the Services.

How Does Spire Health Protect My Personal Information?

Spire Health is committed to protecting the security and confidentiality of Your Personal Information. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of Your Personal Information, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in Our possession or control that could result in substantial harm or inconvenience to You. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, We cannot ensure the security of information You transmit to us. By using the Application, You are assuming this risk.

Safeguards

The information Spire Health collects and stores on secure servers, is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If Spire Health learns of a security concern, We may attempt to notify You and provide information on protective steps, if available, through the e­mail address that You have provided to us or by an in­app notification. Depending on where You live, You may have a legal right to receive such notices in writing.

You are solely responsible for protecting information entered or generated via the Application that is stored on Your device and/or removable device storage. Spire Health has no access to or control over Your device’s security settings, and it is up to You to implement any device level security features and protections You feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that You take any and all appropriate steps to secure any device that You use to access Our Application.

NOTWITHSTANDING ANY OF THE STEPS TAKEN BY US, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR INFORMATION WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY INFORMATION YOU TRANSMIT TO US AND YOU TRANSMIT SUCH INFORMATION AT YOUR OWN RISK.

How should you protect your personal information?

In addition to securing Your Device, as discussed above, We will NEVER send You an e­mail requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and You should NEVER respond to any e­mail requesting such information. If You receive such an e­mail purportedly from Spire Health, DO NOT RESPOND to the e­mail and DO NOT click on any links and/or open any attachments in the e­mail, and notify Spire Health support at hello@spire.io.

You are responsible for taking reasonable precautions to protect Your user ID, password, and other user account information from disclosure to third parties, and You are not permitted to circumvent the use of required encryption technologies. You should immediately notify Spire Health at hello@spire.io if You know of or suspect any unauthorized use or disclosure of Your user ID, password, and/or other user account information, or any other security concern.

EU Citizen Rights

You have the right under certain circumstances:

  • to receive communications related to the processing of Your personal data that are concise, transparent, intelligible and easily accessible;
  • to be provided with a copy of Your personal data held by us or Your healthcare provider;
  • to request the rectification or erasure of Your personal data held by us or Your healthcare provider without undue delay;
  • to request that We or Your healthcare provider restrict the processing of Your personal data (while We verify or investigate Your concerns with this information, for example);
  • to object to the further processing of Your personal data by us or Your healthcare provider, including the right to object to marketing;
  • to request that Your personal data be moved to a third party;
  • to receive Your personal data in a structured, commonly used and machine-readable format
  • to lodge a complaint with a supervisory authority

Where the processing of Your personal information by us is based on consent, You have the right to withdraw that consent without detriment at any time by going here. You can also exercise the rights listed above at any time by contacting us at hello@spire.io.

How Can You Update, Correct Or Delete Your Personal Information?

You can change Your e­mail address and other contact information by editing Your profile in the Application. If You need to make changes or corrections to other information, You may e­mail hello@spire.io. Please note that in order to comply with certain requests to limit use of Your Personal Information We may need to terminate Your account with us and Your ability to access and use the Services, and You agree that We will not be liable to You for such termination or for any refunds of prepaid fees paid by You.  Although We will use reasonable efforts to do so, You understand that it may not be technologically possible to remove from Our systems every record of Your Personal Information. The need to back up Our systems to protect information from inadvertent loss means a copy of Your Personal Information may exist in a non­erasable form that will be difficult or impossible for us to locate or remove. Backups of that data will remain associated with Your account and in Our archive servers. You can deactivate Your account by emailing hello@spire.io.

Can You “Opt­Out” Of Receiving Communications From Spire Health?

We pledge not to market third party services to You. We only send e­mails to You regarding Your Spire Health account and services. You can choose to filter these e­mails using Your e­mail client settings, but We do not provide an option for You to opt out of these e­mails. You can opt out of daily emails by emailing hello@spire.io.

Does This Privacy Policy Apply To All Information You Provide?

This Privacy Policy does not apply to any unsolicited information You provide to Spire Health through the Service or through any other means. This includes, but is not limited to, any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Feedback”). All Feedback shall be deemed to be non-confidential and Spire Health shall be free to reproduce, use, disclose, and distribute such Feedback to others without limitation or attribution.

How Spire Health Makes Changes To This Policy

We occasionally update this Privacy Policy. It is Your responsibility to stay up to date with any amended versions. If We modify this Privacy Policy, We will notify You of the changes through either a notice in the App, an email notification, or other reasonable means. You can store this policy and/or any amended version(s) digitally, print it, or save it in any other way.  Any changes to this Privacy Policy will be effective immediately upon providing notice, and shall apply to all information We maintain, use and disclose. If You continue to use the App following such notice, You are agreeing to those changes.

Information Submitted by Minors

Spire Health does not knowingly collect Personal Information or other information from children under the age of 13. If You are under the age of 13, please do not submit any Personal Information or other information through the Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce Our Privacy Policy by instructing their children never to provide Personal Information on the Service without their permission. If You have reason to believe that a child under the age of 13 has provided Personal Information to Spire Health through the Service, please contact us, and We will endeavor to delete that information from Our databases.

How Can I Contact Spire Health?

Please feel free to contact us if You have any questions about this Privacy Policy or the information practices of the Service. You may contact us by email at the following address: hello@spire.io

Effective: June 12, 2019

To learn how Spire RPM can benefit your practice

Contact Us