Privacy Policy

LilyLink Inc. 

Privacy Policy for Application Users

Effective: 9/15/24

This Privacy Policy (the “Privacy Policy”) serves to inform you of our policies and procedures regarding the collection, use and disclosure of the information we receive when you access and use the digital health content and services provided through our web portal and mobile application (the “Platform”) and all other products and services (all of the foregoing collectively, the “Services”) owned, controlled or offered, directly or indirectly, by LilyLink Inc. (together with its subsidiaries and affiliates, “LilyLink”, “we,” “our” or “us”).  LilyLink believes that the privacy of its users is paramount and strives to use Personal Information (as defined below) only in ways outlined in this Privacy Policy.  The Privacy Policy is incorporated by reference into the End User License Agreement, currently available www. lilylink.com/eula-app (the “EULA”). Any terms used herein and not defined will have the meanings given to them in the EULA.  By using the Services, you hereby warrant and represent that you have read, understand and agree to this Privacy Policy and the EULA, that you are a resident of the United States and that you are over 18 years of age.  PLEASE DO NOT USE, INSTALL OR ACCESS THE SERVICES IF YOU DO NOT AGREE TO THIS PRIVACY POLICY.

  1. What We Mean by Personal Information

For purposes of this Privacy Policy, “Personal Information” means any information from or about a person that either identifies that person directly or that makes that person identifiable when it is combined with other information from or about that person from any source. Personal Information may include Protected Health Information. 

  1. Information We Collect

Information You Provide To Us

We collect and process the following Personal Information that you provide to us:

  • Account and Use of the Platform. When you use the Platform or register for the Services or create an account or profile or accept the creation of an account or profile on your behalf (an “Account”), we collect your name, phone number, email address and age, but you may also optionally provide your address, photos and videos and other information.
  • Personal Information within Patient Content. As you use our Platform, we may collect information relating to your health and wellness, which may constitute Protected Health Information, and we may collect Personal Information that you include within Patient Content. We process this data only on your behalf as a user and we process all Protected Health Information in compliance with HIPAA and any other federal privacy and security regulations applicable to such Protected Health Information. 
  • Subscriptions and updates. We collect and process information you provide in order to subscribe to our newsletters and updates, including your email address and phone number and content preferences.  
  • Requests, messages and submitted forms details. We receive and process your messages, support requests, emails and information you share with us via online forms or other support channels. This includes the content of such communications as well as your contact details, if any.
  • Other Information. Any other information you may want to share with us. 

Moreover, if you contact us, a record of such correspondence may be kept.  

Other than Protected Health Information that you provide in connection with your use of the Platform and Services, we ask that you not provide or disclose to us any sensitive personal data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs or criminal background) on or through the Platform or the Services, within any Patient Content or otherwise. 

Automatically Collected Information

Most of the data we collect in and through the Platform and the Services is technical in nature and is collected and processed automatically through so-called application programming interfaces, software development kits, cookies and similar software-based technologies. Alone or in combination with other data, such automatically collected data may constitute Personal Information. The data we may collect by automated means may include, without limitation:

  • Device data: including, but not limited to, data on device ID’s and similar hardware qualifiers.
  • Usage data: including, but not limited to, search terms entered, pages viewed and general analytics.  
  • Network and internet information: including, but not limited to, URLs, Internet Protocol addresses, bounce rates, use of spoofing, active (TCP/IP) ports, number of sessions initiated, click streams, location information and network/Wi-Fi access points.
  • Information we collect on the use of the Platform via cookies: please see the “How We Use Cookies and Other Technologies” section below for more information. 

Information You Share on Third Party Websites or through Social Media Services

The Services may include links to third party websites and social media services where you will be able to post comments, stories, reviews or other information. Your use of these third party websites and social media services may result in the collection or sharing of information about you by these third party websites and social media services. We encourage you to review the privacy policies and settings on the third party websites and social media services with which you interact to make sure you understand the information that may be collected, used, and shared by those third party websites and social media services.

How We Use Cookies and Other Technologies 

Some of the features on the Platform and the Services require the use of “cookies” - small text files that are stored on your device’s hard drive. We use cookies to measure which pages are being accessed, and which features are most frequently used. This enables us to continuously improve the Platform to meet the needs of our visitors.

The following sets out how we may use different categories of cookies and your options for managing cookie settings:

Type of Cookies

Description

Managing Settings

Required cookies

Required cookies enable you to navigate the Platform and use its features, such as accessing secure areas of the Platform and using the Services. If you have chosen to identify yourself to us, we use cookies containing encrypted information to allow us to uniquely identify you. These cookies allow us to uniquely identify you when you are logged into the Platform and to process your online requests.

Because required cookies are essential to operate the Platform, there is no option to opt out of these cookies.

Performance cookies

These cookies collect information about how you use our Platform, including which pages you go to most often and if they receive error messages from certain pages. These cookies do not collect information that individually identifies you. Information is only used to improve how the Platform functions and performs. From time-to-time, we may engage third parties to track and analyze usage and volume statistical information relating to individuals who visit the Platform. We may also utilize Flash cookies for these purposes.

To learn how to opt out of performance cookies using your browser settings, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.

Functionality cookies

Functionality cookies allow our Platform to remember information you have entered or choices you make (such as your username, language, or your region) and provide enhanced, more personal features. These cookies also enable you to optimize your use of the Platform after logging in. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. We may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on the Platform to personalize your visit.

To learn how to opt out of functionality cookies using your browser settings, click here. To learn how to manage privacy and storage settings for Flash cookies, click here.

We and our service providers may also use “pixel tags,” “web beacons,” “clear GIFs,” or similar means in connection with the Services and HTML-formatted email messages to, among other things, track the actions of users, to determine the success of marketing campaigns and to compile aggregate statistics about Platform usage and response rates. 

  1. Use of Collected Information

We use the information you provide to us for the following purposes: (i) to further our legitimate interests in providing the Services, (ii) to administer your use of the Services and any Accounts you may have with us, (iii) to personalize your experience, (iv) to provide to you Service announcements or inform you of new releases and features, (v) to provide you with further information and offers from us or third parties that we believe you may find useful or interesting, such as newsletters, marketing or promotional materials, (vi) to perform tasks on behalf of and according to instructions of a third party, such as payment processors or third party-service providers, (vii) to enforce the EULA, (viii) to resolve any disputes between users of our Services or between such users and us, (ix) comply with a legal requirement or process, including, but not limited to, civil and criminal subpoenas, court orders or other compulsory disclosures; (x) to further our legitimate interest in protecting our rights, property, or safety and the rights, property and safety of the Services, our users or the public, and (xi) to contact you to obtain feedback from you regarding the Platform and the Services. 

In addition to the purposes described above, we use the information collected automatically to (i) to further our legitimate interests in monitoring and analyzing the use of the Services and for the technical administration of the Platform, (ii) improve the Platform and the Services, (iii) generate and derive useful data and information concerning the interests, characteristics and website use behavior of our users, and (iv) verify that users of the Services meet the criteria required to process their requests. 

  1. Third Parties We Share Personal Information With

We may disclose Personal Information you provide to us or that we collect automatically on the Platform and in and through the Services with the following categories of third parties; provided, that we will only share your Protected Health Information in compliance with HIPAA and any other federal privacy and security regulation applicable to such Protected Health Information:

  • Your healthcare providers who are using the Platform in connection with providing healthcare services to you;
  • Service providers, such as payment processors, web hosting and data storage service providers, service providers helping us deliver and develop the Services, including diabetes educators that we contract with to provide services to users, data storage service providers, marketing service providers, and communications service providers;
  • Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and
  • Our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Platform and/or the Services and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all of our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganization, in accordance with this Privacy Policy.
  1. Links to Other Websites

We frequently make content or services from other websites available to you from links located on the Platform. We may present links in a format that enables us to keep track of whether these links have been followed. This Privacy Policy applies only to the Platform and the Services. We do not exercise control over third party services or other websites that provide information, or links from within the Platform or the Services. Your interactions with these third party services are governed by the privacy policy of the company providing it. These other sites and services may place their own cookies or other files on your computer’s browser, collect data or solicit Personal Information from you. Other websites and services follow different rules regarding the use or disclosure of the Personal Information that you submit, and the collection and use of such information and access of any third party websites are subject to such third party’s privacy policy. We encourage you to read the privacy policies and other terms of such third parties before using their services.

  1. Security

We understand the importance of privacy and security of Personal Information to our users and have made them a priority.  LilyLink uses a variety of industry-standard security technologies and procedures, to help protect Personal Information about you from unauthorized access, use, or disclosure and trains LilyLink employees on privacy and security issues. LilyLink uses appropriate safeguards in compliance with HIPAA regulations to protect Protected Health Information. However, we cannot guarantee that unauthorized third parties will never be able to overcome those measures or use your Personal Information for improper purposes, and we do not promise that Personal Information about you or private communications will be protected from unauthorized disclosure or use. 

  1. Do Not Track Signals and Similar Mechanisms

Some web browsers transmit “do-not-track” signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them.  We currently do not take action in response to these signals.

  1. Managing Your Privacy

We keep your data on your behalf and for your benefit. You can correct or terminate and delete your Account information by following the instructions on the Services or by e-mail at contact@lilylink.com, which you may also access for further assistance and questions regarding the Privacy Policy or for a copy of your Account data. If you cancel your Account or request us to delete your information, LilyLink will limit its access to Personal Information to perform what is requested by you and will delete information accessible to LilyLink within seven business days.

  1. California Residents

California Civil Code Section 1798.83 requires certain businesses that share customer Personal Information with third parties for the third parties’ direct marketing purposes to respond to requests from California customers asking about the businesses’ practices related to such information-sharing. We currently do not share or disclose your Personal Information to third parties for the third parties’ direct marketing purposes.  If we change our practices in the future, we will implement an opt-out policy as required under California laws.

Furthermore, subject to certain exemptions, California residents have the following rights with respect to Personal Information we may have collected about them: 

Requests to Know

You have the right to request that we disclose: 

  • The categories of Personal Information we have collected about you;
  • The categories of Personal Information about you we have sold or disclosed for a business purpose;
  • The categories of sources from which we have collected Personal Information about you;
  • The business or commercial purposes for selling or collecting Personal Information about you;
  • The categories of Personal Information sold or shared, if any, about you, as well as the categories of third parties to whom the Personal Information was sold, by category of Personal Information for each party to whom Personal Information was sold; and
  • The specific pieces of Personal Information collected.

You may submit a request to know via data.request@lilylink.com. The delivery of our response may take place electronically or by mail. We are not required to respond to requests to know more than twice in a 12-month period.

We do not sell, and have not in the prior 12 months sold, Personal Information about California residents. Therefore, we have not included a “Do Not Sell My Personal Info” link on our Platform. If our practices change, we will update this Privacy Policy and take any other necessary action to comply with applicable law. We do, however, disclose Personal Information for business purposes as described in the “Third Parties We Share Personal Information With” section above.

Requests to Delete

You have the right to request that we delete any Personal Information about you that we have collected. Upon receiving a verified request to delete Personal Information, we will do so unless otherwise required or authorized by law. You may submit a request to delete Personal Information via data.request@lilylink.com.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney pursuant to Probate Code sections 4000-4465 may submit a request on your behalf.

Methods for Submitting Consumer Requests and Our Response to Requests

You may submit a request for access and requests to delete Personal Information about you via:

  • Phone at 650-667-5033, or
  • Email at contact@lilylink.com.

Upon receipt of a request, we may ask you for additional information to verify your identity. Any additional information you provide will be used only to verify your identity and not for any other purpose.

We will acknowledge the receipt of your request within 10 days of receipt. Subject to our ability to verify your identity, we will respond to your request within 45 days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  In order to protect your privacy and the security of Personal Information about you, we verify your request by requiring you to log in to the Platform before submitting your request. 

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

The Right to Non-Discrimination

You have the right not to be discriminated against for the exercise of your California privacy rights described above. Unless permitted by the CCPA, we will not:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
  1. International Transfers of Personal Information

LilyLink is based in the United States.  As a result, Personal Information that we collect in and through the Services and on the Platform may be transferred to our U.S. offices. In addition, we may work with third-party service providers in the U.S. and in other countries to support our business activities. Thus, Personal Information may be transferred to, stored on servers in, and accessed from the United States and countries other than the country in which the Personal Information was initially collected. In all such instances, we use, transfer, and disclose Personal Information solely for the purposes described in this Privacy Notice and in compliance with applicable laws.

  1. Data Retention

We keep Personal Information related to your Account for as long as it is needed to fulfill the purposes for which it was collected, to provide our services, to deal with possible legal claims, to comply with our business interests and/or to abide by all applicable laws. Thereafter, we either delete Personal Information about you or de-identify it. Please note that even if you request the deletion of Personal Information about you, we may be required (by law or otherwise) to retain the Personal Information and not delete it. However, once those requirements are removed, we will delete Personal Information about you in accordance with your request.

  1. Changes to the Privacy Policy

Our security and Privacy Policy are periodically reviewed and enhanced as necessary. This Privacy Policy might change as we update and expand the Services. You can tell when this Privacy Policy was last updated by reviewing the Last Updated-legend on top of this page. We will endeavor to notify you of these changes by email, but will not be liable for any failure to do so. We also encourage you to review this Privacy Policy periodically. If you do not understand any of the terms or conditions of any of our policies, you may inquire regarding the same via email at contact@lilylink.com. Your continued use of the Services after any change in this Privacy Policy will constitute your acceptance of such change.

  1. Contacting Us

If you have any concerns or questions about this Privacy Policy, please contact us at contact@lilylink.com.