PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE KINSA SERVICES.
Last Updated Date: September 29, 2020
Protecting your data, privacy and personal information is important to Kinsa Inc. and our affiliates (“Kinsa”, “us”, “we”, or “our”). At Kinsa, we strongly believe that companies have a social responsibility to help society; provided that they can do so without sacrificing user privacy. We believe that the spread of illness is one of the biggest problems the world faces, and to stop it, we must know where and when it is starting. We believe that fully anonymized illness data should be used to benefit society, and that personally identifiable information should not be used without a user’s permission and ongoing awareness.
When using Kinsa Services, you will be asked to acknowledge and, where appropriate, to give consent to the practices laid out in this policy.
If you are providing personal information about another individual, please make sure you have their consent to provide such information.
Kinsa’s Smart Thermometers are regulated as class II medical devices by the U.S. Food and Drug Administration (FDA). Kinsa’s Smart Thermometers are intended to measure human body temperature and are reusable for clinical or home use on individuals of all ages. Kinsa also develops and shares population health insights (for example, the percent of people in a county who are ill) which are aggregated from data collected by our Services.
All personal information obtained and maintained by Kinsa will be in compliance with applicable state and federal laws and regulations governing the security and confidentiality of such information.
Information Collected or Received
Kinsa aims to collect the least amount of personal information needed for specified, explicit and legitimate purposes. In operating our Services, we may collect and process the following types of information about you:
|Device information and product usage data such as traffic data, IP address, device ID, cookies, or which pages you viewed or features you interacted with||When you use our Services||To help identify and troubleshoot any technical or performance issues; to provide a seamless experience for users across sessions|
|Health data such as temperature, symptoms, medications taken, diagnosis, time of incidence of the illness or symptoms, or treatment seeking behavior||When you use a Kinsa Smart Thermometer or enter information into our Services||To allow you to track your health history over time and to provide personalized illness guidance; to aggregate geographic illness trends; to use, solely in de-identifiable form, for research purposes|
|Account information such as e-mail address, username, or password||When you sign up to use our Services||To allow you to back up your data and access it on multiple devices; to communicate with you|
|Profile information such as birthdate, gender, or name||When you create a user profile within the Services||To provide personalized illness guidance and a customized app experience; birthdate and gender may be used solely in de-identifiable form, for research purposes|
|Geolocation||If you permit our Services to access it||To enable syncing of readings from the thermometer to the Services; to aggregate geographic illness trends; to use, solely in de-identifiable form, for research purposes|
|Relationships to people or places such as which school your child attends or your place of employment||If you sign up to participate in specific programs like Kinsa’s FLUency schools program or WellTogether program||To manage program logistics such as delivering thermometers; to provide de-identified and aggregate information on the health situation at a certain location; to use, solely in de-identifiable form, for research purposes|
|Other information you may provide directly to Kinsa||For example, when you fill out forms or if you contact customer support||As necessary to fulfill your request|
Use of Personal Information
Kinsa collects personal information for two primary purposes:
Creating Aggregated Illness Signals: Kinsa uses illness information to help track and curb the spread of disease. In particular we use illness information to generate aggregated “Illness Signals”, which help inform where and when illness is spreading. For example, our Illness Signals may indicate an estimated share of the population in a particular geography (e.g. county, state, etc.) that is sick with influenza-like illness. We also use de-identified health data for research purposes to better predict and stop the spread of infectious disease.
Personalizing Your Kinsa Experience: In our Services you can enter or share personal information (e.g. illness history, name, age, gender, location) in order to keep a record of you and/or your family’s health information over time and receive guidance on how severe an illness may be and what to do next. You can also create an account by entering your email address or user identifier, in order to access your data on multiple devices or in the event your device is lost or stolen.
In the event that you receive your Kinsa Smart Thermometer via your employer, health plan, health providers, or educational institution, our Services may recognize that your thermometer is associated with that particular entity and may provide customized guidance and resources. We will not share your health data nor your personal information with such entity without your explicit permission – and then only in limited or specified ways that you consent to.
We may send you communications through push notifications, email, and SMS relating to our products and Services. You may opt-out of such notifications by changing the settings in the Services or on your device, or otherwise by contacting us as set forth below. In particular, you can opt-out from receiving marketing-related emails by following the unsubscribe instructions provided in each email. If you can sign-in to your Kinsa account, you may be able to change your communication preferences under the relevant section of the Services.
Additionally, we may use personal information from or about you:
- To provide you the Services, respond to your inquiries, and fulfill your requests;
- In a de-identified form, in combination with other de-identified data collected from third-parties for research purposes;
- To send you important information regarding our relationship with you or regarding our Services, changes to our terms, conditions, and policies and/or other administrative information; and
- For our internal business purposes, such as data analysis, audits, research, developing new products or services, improving our Services, identifying Services usage trends, and determining the effectiveness of our Services.
How we Share or Disclose Information
Kinsa may share user information with third parties in the following scenarios:
- To our third party service providers (e.g., Mixpanel, Crashlytics, Braze, and Google Analytics) who provide services such as website hosting and moderating, mobile application hosting, data analysis, infrastructure provision, IT services, email services, marketing services, auditing services, and other services, in order to enable them to provide services for us (one example is that we share email, profile name and age with a third party so that we can send personalized communications to users);
- Kinsa may provide research institutions certain de-identified health data for research purposes to better predict and stop the spread of infectious disease (provided that we take reasonable steps to ensure such research institutions cannot personally identify the source of such health data);
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings);
- If you opt-in to receiving offers or communications from any of our third-party partners, we will share your name, email, and title (if applicable) with such third-party partner so they may provide you with such offers or communications. We will only share your information with the specific third-party partner(s) you have opted-in for. We may use this opt-in process with our FLUency school program, in which Kinsa thermometers and software are provided free of charge to participants (which include parents, school nurses and teachers) in an effort to reduce illness levels in school communities. When you register as part of FLUency under this program you may be given an opportunity to receive certain offers and communications from the sponsoring organization helping us provide this program to the participants; or
- If you opt-in to participate in our school programs (FLUency or Kinsa for Schools), we will share de-identified, aggregated symptom and diagnosis data with the school you have enrolled in and fellow school participants. In the event of limited program participation or limited symptoms or diagnoses reported, the aggregated data may only consist of the user’s de-identified data (example: 1 student has a fever today in the 4th grade at Kinsa Elementary School). Users may opt-out of our school program at any time via the mobile app settings.
- If you opt-in to participate in our employer/organization program (WellTogether), we will share a de-identified, aggregated count of daily self-checks completed, self-checks resulting in a red light status, and fevers reported with the organization you have enrolled with. If applicable and if selected by the user, this data may be aggregated at the building or regional level. In the event of limited self checks completed or fevers reported, the aggregated data may only consist of the user’s de-identified data (example: 1 employee has a fever today in Building X). Users may opt-out of our employer/organization program at any time via the mobile app settings.
- If you opt-in to share IDENTIFIABLE health data with an organization, the data specified at opt-in (examples: temperature values, self check red/green status results) will be shared with the organization you have enrolled with. Users may verify and opt-out of sharing identifiable data with an organization at any time via the mobile app settings.
- When we otherwise have your consent.
How We Secure Your Information
Kinsa is committed to protecting all data according to applicable laws, regulations and security best practices. We have put in place reasonable and current security methods, including physical, electronic, and managerial procedures designed to prevent misuse, unauthorized access, use, or disclosure of your information. However, Kinsa cannot eliminate all security risks, as mistakes and breaches may happen. Please use the instructions provided below to contact us with any questions.
Your California Privacy Rights
California law permits California residents to request from us certain information regarding the disclosure of certain categories of personal information to third parties for their direct marketing purposes within the immediately preceding calendar year. A company may also comply with the law by disclosing in its privacy notice that it provides consumers choice (opt-out or opt-in) regarding sharing personal information with third parties for those third parties’ direct marketing purposes (as we do), and information on how to exercise that choice.
If you are a California resident and you have questions about our practices with respect to sharing information with third parties for their direct marketing purposes and your ability to exercise choice, please send your request to us via the email address or the mailing address set forth below. Please put the statement “Your California Privacy Rights” in the subject field of your email or include it in your writing if you choose to write to us at the designated mailing address. You must include your name, street address, city, state, and zip code. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.
California Consumer Privacy Act (CCPA)
To the extent the California law is applicable to our collection of information that identifies or relates to you or your household, you as a user have the following rights:
- Right to know: Gives the user the right to request disclosure of information collected and shared, and the right to disclosure of categories of information sold by Kinsa. Please use the contact information below for inquiries.
- Right to delete: As a user you have the right to delete your user profile and associate personal information (name, email). Please use the contact information below for inquiries.
- Right to opt-out: Kinsa does not sell personal information (name, email) to third parties unless the user gives direct permission and consent. Please use the contact information below for inquiries.
- Right to nondiscrimination: Kinsa does not use any technology to profile a user or make decisions based on automated detection and data analyzed. Please use the contact information below for inquiries.
Your Privacy and Our Global Operations
Kinsa operates in multiple jurisdictions. We process data both inside and outside the United States and Europe and we may share your data among service providers based in countries other than your country of residence. Data entered in the Kinsa Services may be transferred to, processed and stored in the United States.
Safeguards in place to ensure an adequate level of data protection.
European Union Rights (GDPR)
This section applies only to our processing of personal data of EU country residents. It aims to provide increased transparency into our processing, retention, and transfer of EU resident personal data that is in line with the letter and spirit of the General Data Protection Regulation.
The controller for Personal Data covered under this section is Kinsa Inc., 535 Mission St., 18th Floor, San Francisco, California, 94105, USA.
In the EU, “Personal Data” is defined very broadly and includes any information about a natural person, who can be identified, directly or indirectly, from data that we hold about them or from data that is combined with other information. EU data protection law requires us to have a legal basis before processing any Personal Data about you.
Our lawful basis for processing personal data covered by this Policy will depend on the purposes of the processing. To the extent we process personal data because it is necessary to perform a contract with you, our legal basis for that processing is that it is necessary for the performance of a contract with you.
When we are required to share personal data with law enforcement agencies or other governmental bodies, or we otherwise process personal data to comply with our legal obligations, we do so on the legal basis that we are under a legal obligation to do so.
We use consent as our basis for processing to the extent required by applicable law, or as we otherwise deem appropriate, for example, before we collect information from you through our app or hardware.
We also process personal data on the lawful basis that it is necessary for Kinsa’s legitimate business interests, which may include: providing, improving, and developing our products and services; communicating with and otherwise managing our relationship with you; enhancing the safety and security of our products, services, sites, employees, and others; and protecting Kinsa and our business partners from wrongful conduct.
In accordance with applicable laws in the European Union, you have the following rights with respect to your personal data, which apply differently in different circumstances, and may be limited by local law: (i) right of access, (ii) right to correction, (iii) right to erasure, (iv) right to restriction of processing, (v) right to data portability, (vi) right to object to certain types of processing, and (vii) right to withdraw consent to certain types of processing. Most of these rights are not absolute. You may exercise these rights by submitting a request to us. Please note that we may ask for additional information to verify your request before responding to it.
Upon proper request, Kinsa will remove all personal data as required, but under GDPR Article 17 (3) (c) and (d) we will be keeping the aggregated data. All users of the Kinsa application have the right to update personal information and profiles within the application. Kinsa does not sell any personal information with third parties unless the user gives explicit consent. Please use the contact information below for inquiries.
Your personal information may be transferred to, stored, and processed in a country other than the one in which it was collected, including the United States. For example, we may store your data on a server in the United States because that is where a particular database is hosted; and that data may be “transferred” again for permitted processing. We perform such transfers using contractual protections that EU regulators have pre-approved to ensure your data is protected (known as model contract clauses).
While we hope that we can resolve any query or concern you raise about our use of your information, the General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
You may contact Kinsa’s data protection officer regarding any issues related to processing of your personal information and to exercise your rights under applicable law regarding the processing of your personal information.
ATTN: Data Protection Officer
535 Mission Street, 18th Floor
San Francisco, CA 94105
A “cookie” is a piece of text which asks permission to be placed on your computer’s hard drive. Once you agree, this cookie file is stored on the hard drive of your computer. They help us and our affiliates to improve our Services and ensure that the content from our Services is presented in the most effective manner for you and your computer.
Devices have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our Services.
Your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of cookie information for analytic and internal purposes. The only way to completely opt out of the collection of any information through cookies or other tracking technology is to actively manage the settings on your browser or device to delete and disable cookies and other tracking/recording tools. Please note, depending on your type of device or browser, it may not be possible to delete or disable all tracking mechanisms on your device.
We permit third-party partners to use the foregoing tracking technologies to collect information about your browsing activities over time and across different websites when you use the Services. For example, we may use advertising services provided by third-party ad partners, such as Google, to market our service to you on other websites and online services. Through a process called “retargeting,” each service places a cookie on your browser when you visit the Services so that they can identify you and serve you ads on other sites around the web based on your browsing activity. We use third party analytics packages like Google Analytics and in some cases we share personal information with these services. We, along with third-party vendors such as Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our Services. To avoid use of this information for these third-party partners, you can change your browser settings to reject cookies or to notify you when cookies are set and you could select the Do Not Track option on your browser, though we have no control over and cannot confirm whether these third-party partners honor the Do Not Track browser signal. Additionally, many advertising companies are members of the NAI or DAA and/or provide opt outs on those industry pages at networkadvertising.org/choices or aboutads.info/choices. Users can set preferences for how Google and other third party advertisements using the Google Ad Settings page.
Links to Third Party Sites
Our mobile applications may ask you to share your location information with Kinsa. Note that this is the location reported from your phone’s operating system and typically utilizes your phone’s GPS system. You may opt out of sharing your phone’s location services by changing the settings on your phone.
If you do not want to receive communications from Kinsa, you may opt out of further communications at any time. Please note that Kinsa can only comply with requests relating to communications provided by Kinsa. We will seek to comply with your request(s) as soon as reasonably practicable.
If applicable, and you would like to review, correct, update, or delete certain personal information that you have provided via the Services, please contact us. We will seek to comply with your request as soon as reasonably practicable.
Our Services are designed and intended to be used by those who have reached 16 years of age. By using our Services, you affirm that you are at least 16 years of age or older. No one under age 16 is authorized to submit or post any information, including personal information, on our Services. Parents or guardians may use the Applications on behalf of their child and in doing so share their child’s personal information with the Kinsa system, but a child under the age of 16 may not use the Services themselves. For clarity, consent must be given or authorized by the holder of parental responsibility over the child before providing personal information of a child below the age of 16 years.
Updates to Our Policy
For all inquiries please contact us using the email or phone number provided below.
Phone: (+1) 917-426-3860