Updated: April 30, 2018
Our culture at Biostrap is one of openness, collaboration and transparency. We believe in the power of healthy choices and strive everyday to help make our world better. As a member of our Biostrap Community you are more than a customer to us and we appreciate your trusting us with information that is important to you. In this document, we want to demonstrate our transparency with how we use your data to deliver best in class biometric data and services to you. In good health and in support of your goals.
When you use our Services, we collect the below types of information.
We collect two general types of information from users of our Site and Services - Personal and Aggregate Information as described below:
“Personal Information” consists of contact and biometric information. Contact information consists of information that we can use to verify and contact you such as your name, e-mail address, mailing and shipping address, phone number, gender, date of birth, credit card number, and social media account information, as well as information to help you pay for products and services, and determine your specific identity so that we can help answer any questions you may have or resolve issues with your account.
Some of this information is required in order to create an account on our Services, such as your name, a valid email address that is then linked to your account, self-selected password, date of birth, gender, height, weight, the pairing of at least one authentic Biostrap device (such as a Biostrap wristband), and in some cases your mobile telephone number. You may also choose to provide other types of optional information, such as a profile photo, your daily goals for number of steps, active calories, hours of sleep, and daily active time, as well as customizing your desired units of measure (i.e., Imperial or Metric), country information, and community username.
Biometric information consists of collected and derived data from your Biostrap device(s) that we use to provide our Services that are presented in our application. Biometric information may consist of data on your sleep, steps, active calories, activity time, resting heart rate, heart rate variability, respiratory rate, and oxygen saturation. This information may be updated as we continually develop the functionality and utility of our application to provide you with accurate and useful information about your health.
“Aggregate Information” is information about your activities on the Site or in connection with your use of the Services that does not contain any way of identifying you individually (such as frequency of visits to the Site, data entered when using the Site, vital statistics and trends, etc.). We use Aggregate Information to provide the Services, as well as to improve the use of our Site and to monitor, audit, and analyze information pertaining to our business metrics. Further, Aggregate Information may and can be used to determine trends and tendencies that may help with determining overall health.
To help improve your experience or enable certain features of our Services, you may choose to share with us additional information such as your weight, personal goals, and sleep pattern.
If you choose to post on our discussion boards, or send messages to your friends on the Services using our Remote Monitoring Program, we may also have access to information you share as part of these functionalities.
We may collect additional information such as the physical location of your device by, for example, using satellite, cell phone tower, wi-fi signals or your IP address. We may use your device’s physical location to provide you with location-based services and content. We may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing service providers to enable them to provide you with more localized content and to study the effectiveness of advertising campaigns. You may be able to allow or deny such uses and/or sharing of your device’s location by changing your device’s location settings, but if you choose to deny such uses and/or sharing, we and our marketing service providers may not be able to provide you with the location-based services and content.
You may also connect with friends on the Services or invite friends who have not yet joined by providing their email addresses, or accessing social networking accounts.
If you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and message.
Our Service contains the ability for you to share all of the biometric information gathered by Biostrap with other approved users, such as your friends, parents, physician, or a personal trainer (“Remote Monitoring Program”). This enables other people to track your health and fitness progress. The Remote Monitoring Program is disabled by default. By enabling the Remote Monitoring Program you understand and agree to share all of the biometric information collected by Biostrap with the users that you have designated.
Only your biometric information is shared when you grant access to other approved Biostrap users. Meaning, none of your personal or account information is visible to these users, other than your name and email address. To access your biometric information, other users must request access via the email address associated with your account through our application. For you to access someone else’s information, you too must request access using the email address associated with their account through our application.
You may disable the Remote Monitoring Program at any time, but you should note that the other users that you have agreed to share your information with may have stored a copy of this information, and may use it without your permission. We assume no responsibility for other users’ use or misuse of the information you choose to share via the Remote Monitoring Program.
If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. For example, if you connect to Facebook or Google, we may receive information like your name, profile picture, age range, language, email address, and friend list. You may also choose to grant us access to your exercise or activity data from another service. You can stop sharing the information from the other service with us by removing our access to that other service.
If you purchase Biostrap merchandise on our website, you provide your payment information, including your name, credit or debit card number, card expiration date, CVV code, and billing address. This information is encrypted and sent to our payment network. We do not have access to your payment information, other than your name and shipping address, payment card provider, and occasionally the last four digits of your payment card. We store your name and shipping address to fulfill your order and delete this information once the purpose for which we have collected it has been satisfied. Note that third-party payment processors may retain this information in accordance with their own privacy policies and terms.
Your device collects data to estimate a variety of metrics like the number of steps you take, distance traveled, calories burned, heart rate and heart rate variability, sleep pattern, respiratory rate, and oxygen saturation. The data collected varies depending on a number of factors such as your chosen activity, whether you utilize our shoe pod, the battery life of your device(s), the quality of connection between your device and your phone, etc. When your device syncs with our applications or software, data recorded on your device is transferred from your device to our secure servers for analysis.
When you access or use our Services, we receive certain usage data that includes information about your interaction with the Services, for example, when you create or log into your account, pair your device to your account, synchronize an activity, or open or interact with an application on your Biostrap device.
To the extent that information we collect is health data or another special category of personal data subject to the European Union’s General Data Protection Regulation (“GDPR”), we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you pair your device to your account or grant us access to your exercise or activity data from another service. You can use your account settings to request the disablement or withdrawal of your connections at any time, including by stopping use of a feature, removing access to a third-party service, unpairing your device, or requesting the deletion of your data or your account by contacting us at firstname.lastname@example.org. These steps can also be accomplished through the Privacy Center section of Biostrap.com
We use the information you provide to offer and improve our Service, which includes processing the information for the following purposes.
Using the information we collect, we are able to deliver the Services to you and honor our Terms of Service contract with you. For example, we need to use your information to provide you with your Biostrap dashboard tracking your exercise, activity, sleep, and other trends; to enable the community features of the Services; and to provide you with exemplary customer support.For the Services’ community features, we may use your information to help you find and connect with other users and to allow other users to find and connect with you as described in the Remote Monitoring Program section above. For example, your account contact information allows other users to add you under our Remote Monitoring Program to share data with your friends, family, trainer, and others. Another user can send you an invite to connect via our Remote Monitoring Program using the email address used for your Biostrap account and vise versa. Meaning you can ask to monitor your friends account using the email address they use for their Biostrap account.
We use the information you provide us to improve our existing Services and develop new ones that match your personal needs. For example, we use the information to troubleshoot, improve accuracy, and protect against errors; perform data analysis and testing; conduct research and surveys to improve our Services; and develop new features that are valuable to our customers.
When you allow us to collect and analyze your information, we use that information to provide and improve features of the Services, such as recording a workout,whether you have properly recovered from a previous one, or if your sleep was adequate.
We also use your information to customize content and information based on analytical inferences. Here are some examples:
We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications by using your “update subscription preferences” in account settings or via the “unsubscribe from this list” link in an email.
We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
For personal data subject to the GDPR, we rely on several legal bases to process data. These include when you have given your consent, which you may withdraw at any time by completing our GDPR Subject Data Form and requesting modification of your consent; when the processing is necessary to perform a contract with you, such as the services described in our Terms of Service; and our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described above. Please note that our process for modifying/accepting a withdrawal of your consent is manual and not automatic, and therefore there may be a delay between the receipt of your request and us processing it.
We do not share your personal information except in the limited circumstances described below.
You may direct us to disclose your information to others, such as when you use our forums, including our social media channels, our Remote Monitoring Program, and other social tools. For certain information, we provide you with privacy preferences in our Privacy Center to control how your information is visible to other users of our Services. Just remember that if you choose to participate in a challenge, information such as your profile, posted messages, total steps in the challenge, personal statistics, and achievements, is not governed by your privacy preferences and will be visible to all other challenge participants.You may also authorize us to share your information with others, for example, with a third-party application when you give access to your account, or with your employer when you choose to participate in an employee wellness program. Remember that their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with third-party applications or employee wellness programs using your account settings.
We transfer information to our corporate affiliates, service providers, and other partners who process data for us, based on our instructions, and in compliance with our policies and any other appropriate confidentiality and security measures. These partners provide us with services such as website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, text messaging, credit card or other payment account processing, auditing and similar services, and surveys.
Contracts with our service providers require them to keep your information confidential. We will not sell or trade your Personal Information with unaffiliated third parties. These third party service providers are not authorized to retain, share, store or use your Personal Information for any purposes other than to provide the services for which they have been contracted to provide. When you submit your Personal Information, you also provide us permission to use your Personal Information to contact you by email, telephone, cell phone, direct mail, or text message about certain offers made available by us or third parties that we believe you might be interested in based on information you have provided to us. You may always opt-out of this processing at any time.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about exercise and activity, to partners under agreement with us, or as part of the community benchmarking information we provide to users of our subscription services.
If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to a new entity.
Please note that on some portions of the Site, users can choose to have their Personal Information displayed. The default for these portions of the Site is that Personal Information is private, other than your username and any other information you choose to display publicly. If users choose to have their Personal Information displayed on the Site, we will not be responsible for this disclosure and such display shall not be considered a breach of this Policy.
We provide you the right to access and control your personal data, as described below, regardless of where you live. If you live in the European Economic Area, United Kingdom, and Switzerland (the “Designated Countries”), you have a number of legal rights with respect to your information, that you can access and exercise through our Privacy Center , as outlined below.
Accessing and Exporting Data. By logging into your account, you can access much of your personal information, including your dashboard with your daily exercise and activity statistics. Using the information provided in our Privacy Center, you can acquire a download of your information in a commonly used file format, such as data about your activities and sleep. You can also email us at email@example.com for a copy of your data.
Deleting Data. Your account settings allows you the option to ask us to delete your personal information. If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information, like the data recorded by your Biostrap device and other data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the previous How Information Is Shared section.
Restricting or Limiting Data Use. In addition to the various controls that we offer, if you reside in a Designated Country, you can seek to restrict our processing of your data in certain circumstances. Please note that you can always ask us to delete your account at any time.If you need further assistance regarding your rights, please contact our Data Protection Officer via Privacy@biostrap.com, and we will consider your request in accordance with applicable laws. If you reside in a Designated Country, you also have a right to lodge a complaint with your local data protection authority.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to provide our Services to you. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature. We keep other information, like your exercise or activity data, until you use your account settings or tools to delete the data or your account because we use this data to provide you with your personal statistics and other aspects of our Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Information and How Information Is Shared sections.
We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. This includes using Secure Socket Layer (“SSL”) to encrypt many of our Services. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact Customer Support by emailing firstname.lastname@example.org.
If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem. Please note that emails you send to us through our Site are not encrypted, and we strongly advise you not to communicate any confidential information through these means.
If you have any questions or complaints about how we are complying with the Privacy Shield principles, please contact us at email@example.com. If we can’t resolve your concern, you may submit a complaint to your local data protection authority. In certain circumstances, you may also have the right to invoke binding arbitration to resolve your concern. To learn more about binding arbitration, see Annex I to the EU-U.S. Privacy Shield and Annex I to the Swiss-U.S. Privacy Shield.
As we've indicated elsewhere, Biostrap may sometimes share your personal information with third parties for processing on our behalf. We are responsible for this third-party processing if it violates the Privacy Shield principles, unless we can show that we were not responsible for the violation.
Please note that the countries where we operate may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. You agree to this risk when you create a Biostrap account and click “I agree” to data transfers, irrespective of which country you live in. If you later wish to withdraw your consent, you can delete your Biostrap account as described in the Your Rights To Access and Control Your Personal Data section.
We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use the Services. You can review previous versions of the policy in our archive.
If you have questions, suggestions, or concerns about this policy, or about our use of your information, please contact us at firstname.lastname@example.org.No matter where you live, whether in the European Economic Area, United Kingdom, Switzerland, or United States, Biostrap USA, LLC. controls your personal data and provides you with the Services. If you are seeking to exercise any of your statutory rights, please contact our Data Protection Officer at email@example.com.
You may also contact us at:Biostrap USA, LLC.
Phone: (323) 999-4757
Archive of Previous Privacy Policies