Cylinder Health, Inc. (“Cylinder Health,” “we,” “us,” or “our”) values our relationship with you and takes your privacy seriously. The purpose of this Privacy Policy is to identify how we may process, collect, store, share, and use the data that we collect from you in connection with your access to and use of our proprietary mobile application and web-based platform at https://app.cylinderhealth.com (collectively, the “Digital Platform”) as well as our marketing website, https://cylinderhealth.com (the “Marketing Site”). This Privacy Policy also describes your rights with respect to your Personal Information (defined below), all as described in more detail below. “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
We may update this Privacy Policy at any time, by posting the amended version to the Digital Platform or Marketing Site. We will announce any material changes to this Privacy Policy via email.
Please note that some of the information you provide is Protected Health Information (“PHI”) governed by the Health Insurance Portability and Accountability Act (“HIPAA”). Please see our HIPAA Notice of Privacy Practices to learn more about our collection, use, and disclosure of your PHI. To the extent there are inconsistencies between the HIPAA Notice of Privacy Practices that you receive and this Privacy Policy, the HIPAA Notice of Privacy Practices will govern.
How to contact us
You can update your preferences with respect to your information by updating your contact information through the Digital Platform or Marketing Site or by contacting us at the email address or phone number below. Additionally, if you have any questions or concerns about this Privacy Policy or our use of your Personal Information, please do not hesitate to contact us through any of the methods listed below.
Mail:
Cylinder Health, Inc
2045 W Grand Ave Ste B, PMB 37767
Chicago, IL 60612-1577
We collect information from you manually when you provide it to us and automatically when you access or use the Digital Platform or Marketing Site. We may also collect information about you—usually within the context of the Digital Platform—from your employer, health plan, and care team, which may consist of physicians, other health care professionals, and support personnel. This may include members of our own care team with whom you may communicate on or through the Digital Platform.
We may collect the following categories of information (which include Personal Information and PHI) from you, depending on your interactions with the Digital Platform or Marketing Site and the choices you make:
Categories of information
Description of category and sources of collection
How we use this information
Business contact information
When you visit the Marketing Site, we collect certain electronic information automatically, including your IP address, unique identifiers, the type of browser you use, and other information. This information is collected via cookies and trackers, which are described further below. This information is not collected on the Digital Platform.
We may also collect from third parties contact information for representatives of prospective clients.
To provide company representatives with more relevant advertisements pertaining to the Marketing Site.
To inform company representatives of the availability of our services.
To provide, maintain, personalize, and improve the Marketing Site.
To monitor the usage of the Marketing Site.
To gather analysis and assess trends and interests.
Contact information and account registration information for platform users
This is the Personal Information provided to us by you, your employer, or your health plan, or that you input when you register to access or learn more about the Digital Platform. This may include your name, address, email address, phone number, date of birth, gender, and health information.
To determine your eligibility to use the Digital Platform.
To communicate with you through the Digital Platform.
To respond to your questions and requests.
To create, maintain and personalize your account with us.
To provide customer support.
To notify you about changes to the Digital Platform.
To allow you to participate in interactive features of the Digital Platform when you choose to do so.
To contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you.
To perform other duties as required by law.
To gather analysis and assess trends and interests.
Protected Health Information
The Digital Platform may access and process Protected Health Information (“PHI”) submitted by you or your care team. Our collection, use, and disclosure of PHI are governed by separate terms and conditions between Cylinder and our customers, as well as by our HIPAA Notice of Privacy Practices. PHI should only be submitted through the Digital Platform as permitted or required for use of the Digital Platform.
To determine your eligibility to use the Digital Platform.
To provide, maintain, and personalize the Digital Platform.
To create, maintain, and personalize your account with us.
The PHI we may collect from you, your employer, health plan, and your care team may include:
The identifiers and contact information associated with your account;
Medical insurance details;
Information about physical and mental health conditions and diagnoses;
Treatments for medical conditions;
Genetic information;
Family medical history;
Symptoms and health history;
Medications an individual may take, including the dosage, timing, and frequency;
Lab or diagnostic results; or
Other results from clinical consultations or interaction
To communicate with you through the Digital Platform or the Marketing Site.
To respond to your questions and requests.
To provide customer support.
Demographic data
We may collect the Personal Information you provide when you contact us with questions or feedback, otherwise correspond with us online through the Digital Platform or the Marketing Site.
To determine your eligibility to use the Digital Platform.
To provide, maintain, personalize, and improve the Digital Platform.
To provide customer support
To monitor the usage of the Digital Platform.
To gather analysis and assess trends and interests.
Location information
We may collect the following Personal Information when you submit reviews or otherwise post through the Digital Platform:
Date of birth
Gender
State/region
Preferences
To provide you with location-based services.
To monitor the usage of the Digital Platform or Marketing Site.
To gather analysis and assess trends and interests.
Platform usage information
This can be information that is collected about you by automated means when you are using the Digital Platform, and this may include:
Information about your interactions with the Digital Platform, which includes the data and time of any information you enter into the Digital Platform and your interactions with other users of the Digital Platform.
User content you post to the Digital Platform including messages you send and/or receive and your interactions with our customer service team.
Technical data which may include URL information, cookie data, web beacons and other tracking technology information, the types of devices you are using to access or connect to the Digital Platform, unique device IDs, device attributes, network connection type (e.g., WiFi, 3G, LTE, Bluetooth) and provider, network and device performance, browser type, language, and operating system. Further details about the technical data that is processed by us can be found below.
For more information about these technologies, including steps you can take to manage these technologies, please read below.
To optimize the display of the Digital Platform on your device.
To create, maintain and personalize your account with us.
To provide, maintain, personalize and improve the Digital Platform.
To provide customer support.
To monitor the usage of the Digital Platform.
To allow you to participate in interactive features of the Digital Platform when you choose to do so.
To gather analysis and assess trends and interests.
To detect, prevent, and address technical issues.
To help maintain the safety, security, and integrity of the Digital Platform.
We may use Personal Information to create anonymized and/or aggregated data that is no longer associated with individuals or our customers. We may use and share this information for our lawful purposes.
Disclosing your information
We may share your Personal Information with certain third parties, including under the following circumstances:
Software and service providers we use to manage and process your information, for example, providers of claims processing software, or services providers that we otherwise use to facilitate and operate our services and the Marketing Site or Digital Platform.
Healthcare-related entities involved in your treatment and care, such as pharmacies, physicians, and other healthcare providers, as well as health plans, claims processors, and other service providers that assist with health care operations. To learn more about these or similar types of disclosures as they relate to PHI, please refer to our HIPAA Notice of Privacy Practices.
Your employer, as necessary to facilitate your access to the Digital Platform, performance evaluation, quality improvement, and payment. The information disclosed to your employer does not include PHI.
Clinical research organizations, researchers, and healthcare institutions. To the extent this information includes PHI, we will comply with the HIPAA requirements for authorization.
Product-related service providers, such as our vendors and manufacturers.
Marketing service providers we use to communicate with you.
Service providers to assist in marketing to prospective business-level clients.
Business partners, including those who provide a product or service in partnership or collaboration with us.
Law enforcement, government agencies, or other third parties pursuant to legal process or to assist a government or law enforcement investigation.
Our attorneys, consultants, or similar advisors to assess or assert our legal or business interests.
Other third parties that you expressly request us to share your Personal Information with.
Additionally, we will share your Personal Information with third parties where required by law, where it is necessary in connection with the Digital Platform or Marketing Site, or where we have another legitimate interest in doing so. Please note that we may share de-identified information with third parties at our discretion.
If we are subject to a merger, acquisition, or similar business transaction with/by another company, we may share or transfer information with them in connection with the transaction.
How we safeguard your personal information
We have put in place commercially reasonable security measures designed to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration of your Personal Information. While we are committed to protecting your Personal Information, please understand that information communicated over the Internet is never 100% safe and secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Any transmission of Personal Information is at your own risk.
How long we store your personal information
We will retain your Personal Information only for as long as is necessary for the legitimate business purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal, accounting, or reporting obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. Additionally, we may continue to store your Personal Information contained in our standard back-ups.
Tracking technologies and options regarding your personal information
We use cookies, pixels, web beacons, and similar technologies to collect information over time when you use or access the Digital Platform or Marketing Site. We and our third-party partners use common tracking tools to collect information about the pages you view, the functions that you access, the buttons and icons you click, and to remember your login information and settings to make it easier and more efficient for you to use the Digital Platform or Marketing Site.
You can choose whether to accept cookies by changing the settings on your browser or device. However, if you choose to disable cookies, your experience with the Digital Platform or Marketing Site may be impaired and some features may not work as they were intended. For more information regarding your choices with respect to cookies and other tracking technologies, please see “Your Rights and Options Regarding Your Personal Information” below. However, if you choose to disable this function, your experience with the Digital Platform or Marketing Site may be impaired and some features may not work as they were intended. When we use cookies or other similar technologies, we may set the cookies ourselves or ask third parties to do so to help us.
Additionally, Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the preferences or settings page of your web browser. However, these features are not yet uniform, so we do not currently respond to such features or signals. Therefore, if you select or turn on a “do not track” feature in your web browser, we and our third-party providers may continue collecting information about your online activities as described in this Privacy Policy. We may, however, recognize and process other opt-out preference signals in accordance with applicable law, such as the Global Privacy Control (“GPC”). To learn more about GPC, including how you may install or use the tool through your browser or browser extension, visit: https://globalprivacycontrol.org/
In addition to these steps, you may have other options to manage marketing communications and related data collection:
Marketing Preferences. You can opt-out from receiving future marketing communications from us at any time by using the unsubscribe function in the email you receive from us, or contacting us as set forth under “How to Contact Us” above. Please allow sufficient time for your preferences to be processed. Even if you opt-out from receiving marketing messages, we may still contact you for transactional purposes like confirming or following up on an order or service request, asking you to review a product or service you have ordered, appointment reminders, or notifying you of product recalls. If you later opt back into receiving marketing communications from us, we will remove your information from our opt-out databases.
Personalized Advertising on Marketing Site.
If you do not wish to participate in advertising personalization, you can opt-out by following the directions provided within the applicable advertisement, through your account settings, or through disabling ad cookies through your browser settings. You may also opt out of receiving interest-based ads from LinkedIn, Facebook, and Google. You will continue to see ads on each platform, but they will not be personalized as a result of your actions on the Marketing Site. Please visit the links below if you wish to opt-out or update your preferences:
Use of Third Party Services. To the extent applicable, you can choose to limit the data that third-party services (e.g., social media platforms) share with us using the options provided to you by the applicable third-party service (for example, the options provided by a third-party social media platform when you connect your social media account with the Digital Platform). You can also disconnect your use of the Digital Platform from the third-party service at any time using the options provided by the applicable third-party service. Please note, however, that if you disconnect from the third-party service, that will not delete the data we may have previously collected while you were connected.
Rights regrading your personal information
You may have the following rights (“Data Subject Rights”) with respect to the Personal Information that we collect or process about you. (Your rights with respect to PHI are described in our HIPAA Notice of Privacy Practices. Data Subject Rights differ depending on your place of residency, including the following U.S. states: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Vermont, and Virginia. Please note that we reserve the right to honor your Data Subject Rights as required by applicable law, including any exceptions allowed to us under applicable law.
Right to Know/Access and Obtain a Copy:
If you ask us, we will confirm whether we are processing your Personal Information. You may request certain details about the Personal Information we collect or disclose. Additionally, you may request that we provide you with a copy of all Personal Information you are lawfully entitled to receive.
Right to Amend:
If you believe your Personal Information is inaccurate or incomplete, you are entitled to request that we correct or complete it.
Right to Delete:
You may request that we delete or remove your Personal Information.
Right to Restrict Processing:
You may ask us to restrict or “block” the processing of your Personal Information in certain circumstances, such as if we process Personal Information that is considered “sensitive” under applicable state laws or engage in automated decision-making.
Right to Opt-Out of Targeted Advertising (as applicable): Targeted advertising is the practice of serving you tailored advertisements based on your Personal Information gathered across other businesses, websites, applications, or services. Some jurisdictions may refer to this activity as “sharing.” As noted above, we do not engage in targeted advertising with respect to the Digital Platform.
Right to Opt-Out of Sales on the Marketing Site: You may request that we not “sell” your Personal Information. Currently, we do not sell Personal Information collected through or on the Digital Platform.
Right to Non-discrimination: We will not discriminate against you for exercising these rights, but we may charge a reasonable fee as permitted by law in fulfilling these rights, such as if you request multiple copies of your Personal Information.
Right to Appeal: If we deny your request to exercise your Data Subject Rights, you may have the right to appeal the decision with us. If you would like to appeal a prior decision, please submit an appeal request to us using the contact information listed at the end of this Privacy Statement. Please include “Appeal” in your request and information that will help us locate your prior request. Additionally, you may have the ability to contact your state’s attorney general if you have concerns about the results of the appeal.
Only you, or someone legally authorized to act on your behalf, may request to exercise Data Subject Rights related to your Personal Information. Please understand that we are required to verify your request and may require you to provide some information to enable us to carry out such verification. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
Submitting a Data Subject Rights request does not require you to create an account with us. We will only use Personal Information provided with the request to verify the requestor’s identity or authority to make the request.
To submit a Data Subject Rights request, contact us by using one of the means listed above in “How to Contact Us.”
Notice to California residents
We are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide this CCPA Notice to California residents to explain how we collect, use, and disclose their Personal Information, and the rights and choices we offer California residents regarding our handling of their Personal Information.
This CCPA Notice does not apply to any PHI because PHI is subject to HIPAA.
In the past 12 months, we have collected the Personal Information described in “The Information We Collect” and disclosed it to third parties for the reasons identified in “The Information We Collect” and as listed in “Sharing Your Information.” The Personal Information listed in “The Information We Collect” may be categorized as follows under the CCPA:
Identifiers
Categories of Personal Information described in Cal. Civ. Code § 1798.80(e)
Characteristics of protected classifications under California or federal law
Commercial information
Internet or electronic network activity information
Geolocation data
Professional or employment-related information
Inferences drawn from certain demographic data
Sensitive Personal Information (health information that is not considered PHI, login credentials for your account with the Digital Platform, and the contents of messages that you send through the Marketing Site or Digital Platform)
We do not use or disclose Sensitive Personal Information for purposes other than those specified in Cal. Civ. Code § 1798.121.
We do not “sell” or “share” Personal Information collected through or on the Digital Platform.
Targeted advertising on our Marketing Site (not the Digital Platform) may be considered a “sale” or “share” of Personal Information according to CCPA. Because we engage in this practice on the Site, we may have “sold” or “shared” identifiers, commercial information, and internet or electronic network activity information with third-party data analytics providers, social media networks, and marketing or advertising networks in the last 12 months. If you wish to request to opt out of this use of your information, please email with the subject line: Do Not Sell or Share My Personal Information.
Transfer of data; Special notice to non-U.S. users
Cylinder Health is a US-based provider, and our infrastructure – including databases and applications that handle and store Personal Information – is hosted in the US. As a result, it is necessary for us to transfer Personal Information within the United States to provide our services to users, pursuant to our relevant agreements with users and/or their employers.
Children’s information
The Digital Platform and Marketing Site are not intended for use by children under the age of 18. As such, we do not have actual knowledge that we sell or share the Personal Information of children under the age of 18. By using the Digital Platform or Marketing Site, you represent that you are at least 18. If you do not meet this age requirement, please do not access or use the Digital Platform or Marketing Site.
If we learn that we have collected Personal Information from a child under the age of 18, we will take reasonable steps to delete it, unless we are legally obligated to retain such information. If you believe that we have collected information from a child under the age of 18, please contact us through one of the methods listed under “How to Contact Us” above.
Links to other websites
The Digital Platform or Marketing Site may contain links to third-party websites. We have no control over how these websites collect your information and are not responsible for the content, privacy policies, actions, or security of these websites. Please make sure to read the privacy statements of these other websites that collect your Personal Information.
Updates to this privacy policy
We may update this Privacy Policy from time to time and notify you in accordance with law, which may include email or other notice posted to the Digital Platform or Marketing Site. Any changes to this Privacy Policy will become effective when we notify you of the changes. Your use of the Digital Platform or Marketing Site following any such updates will constitute your acceptance of such updates.