1. SCOPE AND PURPOSE OF OUR PRIVACY POLICY 

Your privacy is important to us. This Privacy Policy describes the information we receive from individuals who use Root Cause ID, how we may use that information, and a disclaimer about us, and our product.

2. INFORMATION WE RECEIVE AND HOW WE USE IT 

Root Cause ID allows you to input and view your information that is stored on our application system cloud servers. Tracking your information provides a more customized experience from the Root Cause ID team.

3. USER’S PERSONAL INFORMATION 

You provide personal information to us when you set up your Root Cause ID account. The Root Cause ID application system stores the information you provide, including your name, email and other data that could possibly identify you. If you set up your account and you lose your phone, or switch to a different phone, your information should remain secure subject to the exceptions outlined in this privacy policy. Other than, as authorized by our privacy policy or applicable law, our terms of service, we do not sell or rent any of your personal information with third parties without your permission or share your information with anyone other than your Root Cause ID team member. Please read this privacy policy carefully, there are situations where your information (whether depersonalized or otherwise) may be shared. User personal information we will receive includes:

• Email Address. We need your email address to set up your account and for security purposes so that we know it’s really you retrieving your data. Root Cause ID may occasionally send you emails related to the use of the Root Cause ID Application System. Your Root Cause ID team member may send you emails, text message or call you regarding your progress. We do not share your email address with third parties unless authorized by applicable law, or pursuant to specific scenarios listed below.
• Payment Information. We may refer you to third party sites for transactions. All purchases are voluntary. We do not have any information about your payment instruments, and all transactions are subject to any applicable third party transaction platform’s privacy policy and terms of use.
• Communications. Communications with us may be used to help improve our customer support services and enhance our products. We never share your contact information with anyone else other than as authorized by applicable law, or pursuant to specific scenarios listed below.

4. DISCLOSURE OF PERSONAL INFORMATION—SCENARIOS WHERE DISCLOSURE MAY OCCUR

We may disclose your information under the following circumstances:

• With your express permission to do so.
• If we reasonably believe that disclosure is necessary to comply with a law, regulation, government request, or a valid legal process, or, as authorized by applicable law.
• If disclosure is for our vendors or service providers to assist us in providing improved services to you.
• If disclosure is for user verification purposes.
• If the information is de-identified and/or de-personalized.

We also use IP addresses to analyze trends, administer the application system, and gather broad demographic information for aggregate use. IP addresses are not typically linked to personal information. While there can be no guarantee of privacy, we have established reasonable and appropriate safeguards to protect your information from unauthorized use and disclosure. To the extent you share your information (your personal health information, contact information, or access credentials) within our application system, or otherwise with anyone, you are solely responsible for any compromise of confidentiality that may result from your sharing that information.

5. PERSONALIZED HEALTH INFORMATION

Information you provide may include facts about your health. You are voluntarily choosing to disclose this information. Such information may include reference to your health, health data, and medication(s) and/or medical conditions. This kind of information, coupled with information that identifies you, may be considered personalized health information that may be protected by federal health privacy laws such as the Health Insurance Portability and Accountability Act of 1996 and its privacy and security regulations (HIPAA), and under the privacy and security provisions of the Technology for Economic and Clinical Health Act of 2009 (HITECH Act). We believe in protecting your personalized health information from unauthorized disclosure, and will comply with applicable laws with respect to that information. Specifically, we will comply with provisions of the HIPAA Security Rule that apply to business associates under the HITECH Act, and the privacy and security provisions of the HITECH Act that are applicable to business associates. However, while we will engage in commercially reasonable efforts to protect your privacy, applicable law may allow for disclosures in certain circumstances.

6. PERMITTED USE OF PERSONALIZED HEALTH INFORMATION

If you chose to share your personalized health information with us, federal and state laws provide certain privacy and disclosure safeguards. However, these laws are not absolute; disclosure of that information may be authorized in certain circumstances. Some examples of when disclosure may lawfully occur are:

• We will allow you, and anyone you authorize, on our application system to access your personalized health information. To the extent that you authorize your employer, or any other third parties, access to your personalized health information on our application system, that is your decision to allow that access and we have no privacy obligation to you regarding such disclosures.
• Our application system allows your authorized users who use your access credentials to view your personalized health information stored within our application system. Use caution when providing such authorization or access credentials to others, as those users may in turn disclose your information to their employees, vendors, and other health coaches, or service providers (such as laboratories, pharmacies, or parties engaged in healthcare or related billing). Applicable laws may allow such disclosures, subject to certain requirements. Additionally, your terms of use or license agreements with such parties may also affect how your information may be shared.
• De-identified personal health information is information about your health that is disconnected from information regarding your identify. This information under our terms of service transferred and assigned to us, and this de-identified information may be used, disclosed, marketed, licensed, and sold for any purpose and without restriction. You will have no ownership rights or interest in such de-identified information, or in the proceeds of any sale, license, or other commercialization of that data. Root Cause ID may use such de-identified information in large-scale medical studies so that we can continue to validate the effectiveness of your practitioner’s programs, and for any other lawful purpose. However, your personal identifying information will not be shared or disclosed unless applicable law authorizes such disclosure, and we will maintain the confidentiality and security of any personal health information to the extent required by applicable law.
• We may create limited data sets from your health information, and disclose them for any purpose for which limited data set disclosure is lawful.
• We may aggregate your health information with that of other users, and share aggregated information to the extent that is lawful.
• We may use your health information for the proper management and administration of our businesses, and to help us fulfill our legal responsibilities. We may also disclose your health information if disclosure is required by law, or we obtain reasonable and lawful assurances from the recipient that your information will be held confidentially and used or further disclosed only in a manner that complies with applicable law. For example, we may permit access to our application system to contracted application system developers, and we will do so only in a manner that complies with applicable law (which may include procuring appropriate confidentiality agreements from such parties).

This Privacy Policy does not list every category of use and disclosures regarding personalized health information.

7. YOUR OBLIGATIONS

You agree that if you use another individual’s information, available on, or through this application system (whether or not personalized health information), you will do so in accordance with applicable law. You also agree to ensure that others under your guidance or control who have access to such information, will also comply with applicable law. You may share information on our application system from other platforms, and from a range of sources. You are solely responsible for ensuring that your sharing of any information on our application system complies with other parties’ terms of use or license terms, and is done so with any required consents or authorizations. We are not responsible if you share information on our application system in a manner that violates another party’s rights or is not lawful.

8. ACCOUNT ACCESS

You provide personal information when you create your account with us. We may use that information to verify your identity and permit you to view data in our application system. However, we have no way of knowing if someone logging on to our application system is really you so we must solely rely on the access credentials provided. That means if someone secures your access credentials, with your permission or not, they will be able to access our application system and view your information and communicate on our application system. Our application system lacks the ability to discern whether access credential holders are legitimate. We log and audit application system use in an effort toward ensuring that users access the application system appropriately. But, if you share your access credentials with another person or party, or another person or party acquires your access credentials, we cannot determine if that access is authorized by you or not. In the event we suspect application system misuse, or are engaged in quality control efforts, we may attempt to contact you regarding application system use. But, we cannot guaranty we can or will detect application system misuse by someone not actually authorized by you if that person has your access credentials, and we disclaim any responsibility if access credentials are used to access your information or to communicate on our application system in a manner not authorized by you.

9. SURVEYS, QUESTIONNAIRES, AND POLLS

We may ask you to participate in user surveys, questionnaires, or polls, to facilitate application system feedback as we work to improve our application system and services. We may collect and retain survey responses, questionnaires, or polls related to our application system, and use that information to the extent authorized by our terms of service and applicable law.

10. SECURITY AND STORAGE

Our application system may require a valid user name, e-mail address, code or password (or a combination of the foregoing) to access and use the application system. Users are solely responsible for: (1) maintaining the strict confidentiality of any user identification, and/or access credentials, including, name, e-mail address, code or password, (2) any personal information that user choses to provide on our application system, (3) not allowing anyone other than you to gain access to your application system access credentials  (4) any damages or losses that may be incurred or suffered as a result of your intended or unintended disclosure of application system access credentials  or any of your other personal information (5) the failure to promptly and credibly inform us regarding any changes required for your access credentials, or any loss of your information that threatens unauthorized access of our application system, or the need for any reason to deactivate your application system access. We are not responsible or liable for any stolen or shared user application system access credentials, loss of data associated with shared or lost access credentials, user’s disclosure of information, or any access to our application system with access credentials that match our application system requirements. We cannot verify the identities of users other than via our access credential application system. Please immediately notify us of any unauthorized use of any of your user access credential information, or if you suspect such information has been shared or compromised. Applicable laws may require that we retain your data for an assigned duration. However, once that duration expires, we will either destroy or no longer have the ability to share or return data.

11. INTERNET COOKIES

Each time you visit our application system website, we collect the limited information that your browser makes available whenever you visit any website. We may also place internet “cookies” on the computer hard drives (or on any mobile or tablet device) of visitors to this website. Information we obtain from cookies helps us to tailor our application system website to be more helpful and efficient for visitors. The cookie consists of a unique identifier that should not contain information about you or your health history. We use two types of cookies, “session” cookies and “persistent” cookies.

• A session cookie is temporary, and expires after you end a session and close your web browser. We use session cookies to help customize your experience on our application system, and maintain your signed-on status as you navigate through the features.
• Persistent cookies remain on your hard drive after you exit from our application system, until you erase them or they expire. Persistent cookies will not contain any personal information about you.

12. MEDICAL DISCLAIMER

We solely own the content of our data and any data and information shared with us. We grant a non-exclusive license to users to utilize such data and information within our application system applications or sites. We are not a licensed medical care provider and do not create a patient-physician relationship. We are not responsible for any health problems or inaccurate and/or inadequate advice that may result from any third-party communications, training programs, products, or events you access via our application system. You agree that you engage in our application system and practitioner communications at your own risk and are voluntarily participating in such activities. We are not responsible for any upsetting or unwelcome communication that you may receive from any third party or practitioners using our application systems. We cannot edit or change what is communicated using our application system.

13. MEDICAL PROVIDER’S USE OF ROOT CAUSE ID

If you are medical provider that is considered a “covered entity” under HIPAA, or otherwise hold and share personalized health information such that HIPAA requirements are applicable, you agree to comply with the terms of this Privacy Policy, our Terms of Use, and all applicable laws. You must notify us and provide an appropriate business associate agreement (BAA). Unless advised otherwise, we will presume that individuals who contact us on behalf of a covered entity are employees of the covered entities, and not independent contractors, who might need a BAA in place, with respect to personalized health information shared between the covered entity, that contractor, and us. You also agree that you will implement and maintain appropriate administrative, physical, and technical safeguard to protect information within our application system, and immediately notify us of any breach or suspected breach of our application system.

14. CHILDREN’S USE OF ROOT CAUSE ID

We do not intend to accept any information from individuals under the age of 2. If you are not yet 2 years of age, please leave our application system immediately. Parents are urged to monitor and supervise their children’s on-line activity. If you are under the age of 18 you may not use this application system without the written permission of your parent/guardian and physician.

15. ADDITIONAL MATERIAL

You may provide content or material to our application system by participating in forums, discussion groups, or similar forums. You agree that any information, material, or work product you provide to our application system is the exclusive property of Root Cause ID, and by submitting such content or material; you assign to Root Cause ID, all intellectual property rights in such content or material. Furthermore, you agree that we may use, disclose, market, license, and sell such material or content, and that you have no interest in the information, or in the proceeds of any sale, license, or other commercialization thereof to the extent authorized by applicable law, this privacy notice, and our terms of use. You agree that any material you provide will not infringe on the intellectual property or other rights of others, and will not be otherwise unlawful, infringing, threatening, libelous, defamatory, obscene, pornographic, or in violation of any applicable law. You should bear in mind that any information you post in a forum or discussion group is available to the public, and may result in your receiving communications from others outside of our application system. You are responsible for safeguarding the privacy of your personal information when you participate in forums and discussion groups.

16. LINKS TO OTHER MATERIAL

Our application system may provide links to sites operated by third parties. We have no control over the content or security of such linked sites, and are not responsible for those sites, or for the effect of your accessing a site through a link on our application system. A third party operates any link provided by our application system so you should read the site’s privacy notice before using it.

17. APPLICABLE LAW

Any claim relating to the use of our application systems or information to which it gives access shall be governed by the internal substantive laws of the State of Pennsylvania, without giving effect to any principles of conflict laws.

18. CHANGES TO THIS PRIVACY POLICY

We reserve the right to make changes to this Privacy Policy as needed. If we make any changes to this Privacy Policy, we will post them at www.rootcauseid.com. These are principles that we believe in strongly, so the spirit of this privacy policy will not change, but if we forgot something, or if new laws require change, or we add new features that need some clarification, we will make these changes available to you and update our privacy notice accordingly.

19. QUESTIONS, COMPLAINTS, AND CONTACTS

If you have any concerns about your privacy or security of the information you provide us, we are always happy to listen and make sure you feel comfortable using Root Cause ID. If you have any questions or complaints, please contact us at: support@rootcauseid.com