ByHeart, Inc.
Consumer Health Data Privacy Policy

Last Updated: September 5, 2024
Effective Date: September 5, 2024

This Consumer Health Data Privacy Policy (this “Policy”) supplements ByHeart Inc.’s (“ByHeart”) Privacy Notice at https://byheart.com/pages/privacy-notice and applies to “consumer health data” subject to the Washington My Health My Data Act (“MHMDA”) collected through our website at https://byheart.com. This Policy does not apply to information or practices that are not subject to the MHMDA, such as publicly available information, personal information governed by the Fair Credit Reporting Act, or job applicant and employee information. 

1. The Categories of Consumer Health Data We Collect

The data we collect depends on the context of your interactions with ByHeart. Due to the broad definition of “consumer health data” under MHMDA, many of the categories of data we collect could also be considered consumer health data. We may collect the following categories of “consumer health data”:

  • Bodily functions or measurements of the information described in this Section 1;
  • Reproductive health information;
  • Data that identifies a consumer seeking “health care services”; and
  • Information processed to associate or identify a consumer with the data described above that is derived or extrapolated from non-health information.

2. Purposes of Collection and How ByHeart Uses Consumer Health Data

We may collect, use, and disclose consumer health data as reasonably necessary to provide you with the product(s) and/or service(s) you have requested. With your consent (as may be required under MHMDA), we may also collect, use, and disclose your consumer health data for the purposes set forth below:

  • To provide support in connection with the use of our products and services;
  • To establish and manage your account and/or subscription;
  • To ensure the appropriate use of our products and services;
  • To improve our products and services and to develop new products and services;
  • For quality and safety assurance;
  • For internal research and development to evaluate the effectiveness of our products and services; and
  • For purposes of marketing, advertising, and product promotion, including to contact you regarding our programs, products, and services, surveys, and topics that may be of interest or useful to you.

3. The Categories of Sources from Which We Collect Consumer Health Data

In general, we may collect consumer health data from the following categories of sources:

  • Directly from you; and
  • Your devices.

4. The Categories of Consumer Health Data That We Share

We may share the following categories of consumer health data with third parties and affiliates:

  • Bodily functions or measurements of the information described in this Section 4;
  • Reproductive health information;
  • Data that identifies a consumer seeking “health care services”; and
  • Information processed to associate or identify a consumer with the data described above that is derived or extrapolated from non-health information.

5. The Categories of Third Parties and Specific Affiliates with Whom We Share Consumer Health Data

ByHeart may share the categories of consumer health data included in Section 4 with the following categories of third parties and specific affiliates:

  • Operating systems and platforms; and
  • Regulators, when required.

6. Your Privacy Rights

MHMDA provides consumers with the following rights:

  • Know/Access: The right to confirm whether ByHeart collects, shares, or sells your consumer health data and the right to access such consumer health data;
  • Withdraw consent: The right to withdraw consent from ByHeart’s collection and sharing of your consumer health data; and
  • Deletion: The right to have your consumer health data deleted.

Exercising Your Privacy Rights

Requests to Know/Access and Delete

To make a request to know/access or delete your consumer health data, please email us at hello@byheart.com. Before completing your request, we may need to verify your identity or your authority to make a request on behalf of another person. We may send you a link to verify your email address and may request additional documentation or information solely for the purpose of verifying your identity, depending on the type of your request.

Requests to Withdraw Consent

If your request to exercise a right under the MHMDA is denied, we will provide instructions for how you can appeal our decision. If your appeal is unsuccessful, you can file a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.