(For Connecticut, Nevada, and Washington Residents)
Effective Date: January 1, 2025
This Consumer Health Data Privacy Policy (“Policy”) applies only to residents of Connecticut, Nevada, and Washington (the “Covered States”) to the extent that their respective laws (e.g., the Connecticut Data Privacy Act (“CTDPA”), Nevada SB 370, and Washington’s My Health, My Data Act (“MHMD”)) apply to Rythm Health, Inc. (“Rythm Health,” “we,” “us,” “our”). This Policy provides information about how we collect, store, and use your Consumer Health Data arising out of or relating to your use of our website at www.rythmhealth.com, any subdomains or mobile apps we offer (collectively, the “Site”), and our at-home self-collection testing services, as well as any technologies, features, or content we provide (altogether, our “Services”).
We encourage you to review our Privacy Policy for a broader discussion of our data privacy and security practices. This Policy supplements our general Privacy Policy with specific disclosures and protections for Consumer Health Data under the laws of Connecticut, Nevada, and Washington. Capitalized terms that appear in our general Privacy Policy have the same meaning herein, unless otherwise noted.
This Policy does not apply to third-party websites, applications, products, services, or other properties, even if they link to our Site (or our Site links to them). We recommend you review the privacy practices of those third parties before connecting with or accessing their offerings or sharing any Personal Information.
1. Consumer Health Data We Collect
For purposes of this Policy:
“Personal Information” means information that identifies, or is reasonably capable of being associated or linked, directly or indirectly, with an individual in one of the Covered States. It does not include de-identified data or publicly available information.
“Consumer Health Data” means Personal Information that is linked or reasonably linkable to an individual’s past, present, or future physical or mental health status, as those terms are defined by applicable laws in the Covered States.
1.1 Potential Categories of Consumer Health Data
In connection with our Services (including at-home test kits, your Lab Results, self-reported health information, wearable integrations, etc.), we may collect or have collected the following categories of Consumer Health Data about you, subject to applicable law:
Name and Contact Info: Such as your first name, last name, mailing address, email address, phone number.
Demographic Information: Such as date of birth, gender, or other demographics.
Account Profile Information: Credentials for our Services, preferences, and usage data.
Health Conditions & Treatments: Diagnoses, surgeries or procedures, conditions (physical or mental), reproductive or sexual health data, gender-affirming care details (if voluntarily provided), and information about healthcare interventions.
Use of Medication: Prescribed or over-the-counter medications, dosage, or purchase/use details.
Genetic Data: If you voluntarily provide genetic data or if certain test panels include relevant biomarkers.
Bodily Functions & Vital Signs: Information about bodily measurements, test sample results (e.g., biomarkers, hormone levels), or other data gleaned from your test kit.
Precise Location: Data that could indicate your attempts to acquire or receive health services or supplies, only if voluntarily provided or automatically collected by your mobile device’s location services (in compliance with your device or app settings).
Device Info & Tracking: IP address, device IDs, mobile application identifiers, operating system details.
Inferred Data: Information derived, inferred, or associated with your health status from non-health data points, if applicable.
1.2 De-Identified or Aggregated Data
We may create aggregated, de-identified, or anonymized data by removing information (e.g., name, email address, tracking IDs) that make the data personally identifiable or by combining your information with that of other users in a way that is not linkable to you. Subject to applicable law, we treat such aggregated or de-identified data as non-personal information, and we reserve the right to use or disclose it for any lawful purpose (e.g., research, analytics, marketing insights), in compliance with state/federal de-identification standards.
2. Categories of Sources of Consumer Health Data
We collect Consumer Health Data from:
You, Directly: When you interact with us (e.g., create an account, use our Site/Services, complete electronic forms, upload medical records, link wearables or IoT devices, communicate via chat/email/phone/text), collectively “Self-Reported Information.”
Third-Party Healthcare & Lab Partners: Our partner laboratories, telemedicine providers, or other medical service providers (“Lab and Provider Partners”)—with your permission and as allowed by law.
Wearable or IoT Device Integrations: If you authorize us to collect historical or real-time health data from your device(s).
Other Third Parties: Business partners, affiliates, or service providers, when you choose to share data (e.g., linking your account to a lab portal).
Automatic Tracking: Cookies, web beacons, or similar technologies that may collect usage data, device info, or location data.
Note: For individuals in the Covered States, we implement measures designed not to deploy non-strictly necessary cookies (e.g., advanced analytics cookies) unless you opt in (where required by law).
3. How We Use Consumer Health Data
We use your Consumer Health Data for a variety of purposes, including:
Service Provision: Processing orders for at-home test kits, coordinating shipping, delivering test results, and providing customer support.
Analytics & Product Improvement: Enhancing and personalizing your user experience, developing or refining features, optimizing website/app performance.
Research & Development: Conducting internal research for product improvements, subject to applicable state or federal privacy rules on health data.
Business Operations: General business administration, audits, compliance with internal policies.
Marketing & Communications: Providing you with updates, health-related content, or promotional materials consistent with your preferences.
Legal Compliance: Meeting our legal or regulatory obligations, such as responding to valid subpoenas or lawful requests from authorities.
When we share test results with service providers or Lab and Provider Partners, we do so under agreements that limit how those recipients can use your personal or Consumer Health Data, consistent with the Services you request and legal requirements.
4. To Whom We Disclose Consumer Health Data
We may “share” or “disclose” (as those terms are defined under applicable laws) your Consumer Health Data with:
Your Consent: When you explicitly authorize sharing (e.g., sending your Lab Results to a specialist or your primary care doctor).
Service Providers: Companies we engage to perform functions on our behalf (e.g., labs, shipping couriers, data hosting, analytics). They are contractually obligated to use Consumer Health Data only as directed and not for other purposes.
Legal Obligations: If we are required by law, such as responding to valid subpoenas, court orders, or government requests, or if we believe disclosure is necessary to address threats of harm.
Corporate Transactions: If we undergo a merger, acquisition, reorganization, sale of assets, or similar corporate event, your Consumer Health Data may be transferred as part of that deal, subject to compliance with applicable data privacy laws.
We do not sell your Consumer Health Data to third parties in exchange for monetary compensation or share it for marketing of unrelated products without your consent, as restricted or prohibited by applicable law.
5. Consumer Health Data Privacy Rights
5.1 Rights for Residents of Nevada, Washington, or Connecticut
Depending on your state, you may have these rights:
Right to Know: You may request details on the specific Consumer Health Data we have collected, shared, or “sold,” and the categories of third parties involved. Washington residents may also request the actual data we collected.
Right to Withdraw Consent: If we rely on your consent for certain data collection or sharing, you can withdraw it.
Right to Delete: You can ask us to delete your Consumer Health Data (and require our service providers/contractors to do so), subject to legal exceptions.
Right to Non-Discrimination: We will not discriminate against you for exercising these rights.
Additional Connecticut Rights
Access & Portability: You may request a copy of your Consumer Health Data up to two times in a rolling 12-month period.
Right to Correct: If data is inaccurate, you may request a correction.
Opt-Out: You can opt out of targeted advertising, the sale of personal data, and certain profiling.
Sensitive Data Consent: We must obtain affirmative consent before processing certain sensitive personal or Consumer Health Data, especially around health or biometric information, as required by Connecticut law.
5.2 How to Exercise Your Rights
If you are a resident of a Covered State (Connecticut, Nevada, Washington), you can submit a request using one of the methods below. Note that we must verify your identity and residency before fulfilling certain requests, and we may have lawful exceptions that prevent us from fully complying.
Contact:
Email: [email protected]
Website: www.rythmhealth.com/privacy
Phone: 6283333787
Verification: We may ask for additional information (like your name, email, address, or ID) to confirm you are the consumer about whom we collected Consumer Health Data.
Authorized Agents: If you appoint an authorized agent, we may request proof of that agent’s authorization and additional verification from you.
We do not charge fees for these requests unless they are excessive, repetitive, or manifestly unfounded. If we do charge a fee, we will inform you beforehand.
Appeals Process
If we decline your request (in whole or part), you may appeal by contacting us again at [email protected]. We will respond within the timeframe required by law (often 45 or 60 days). If we ultimately deny your appeal, you may escalate to your state’s Attorney General’s office:
Connecticut: Office of the Attorney General or phone (860) 808-5420
Nevada: Office of the Attorney General or phone (702) 486-3132
Washington: Office of the Attorney General or phone (800) 551-4636
6. Changes to This Policy
We may update this Policy from time to time. We will notify you by posting the revised Policy on this page (and possibly through other means, such as Site banners or email notifications). The Effective Date at the top indicates when the updated Policy becomes valid. Your continued use of our Site or Services after the updated Policy is posted means you acknowledge and accept those changes.
7. Contact Us
If you have questions, concerns, or feedback about this Policy, or if something does not make sense to you, please contact us:
Email: [email protected]
Mail: Rythm Health, Inc., 2261 Market Street, Ste. 10490, San Francisco, CA 94105
Phone: 628 333-3787
Because email is not always secure, please do not include highly sensitive information in your messages to us. If you need to share sensitive details, we can coordinate a secure method once we establish contact.
Thank You for Trusting Rythm Health.
We remain committed to safeguarding your privacy and handling Consumer Health Data responsibly, particularly under the laws of Connecticut, Nevada, and Washington. If you have any questions or need further clarification, please reach out using the contact methods above.