AppPractice Privacy Policy

Effective Date: September 14, 2017

The privacy and security of your information is important to us. This privacy policy (“Privacy Policy”) describes how AppPractice Project (“AppPractice,” “us,” or “we”) collects, uses, and discloses information in connection with our software applications, such as AppPractice for web, AppPractice for mobile, and the AppPractice Uploader, together with any other applications developed and/or distributed by AppPractice (the “AppPractice Apps”), including storage and retrieval of information by the AppPractice Apps on or through our hosted cloud platform (the “AppPractice Platform”). We collect information from the people who use the AppPractice Apps to help manage their diabetes (“Patient Users,” the person with diabetes or the parent/guardian of one), from the people with whom the Patient User chooses to share that information (“Care Team Members”), from doctors, healthcare professionals, and other clinicians who may use the AppPractice Apps to review information for people under their care (“Clinicians”) and from researchers who collect information from study participants for research purposes through the AppPractice Apps or AppPractice Platform (“Researchers”). Patient Users, Care Team Members, Clinicians and Researchers may collectively be referred to herein as “Users” (or singularly, a “User”).

By using the AppPractice Apps, you agree to be bound by this Privacy Policy, as well as our Terms of Use, which are incorporated herein by reference. Please read this entire Privacy Policy and the Terms of Use. If you don’t agree with the terms of this Privacy Policy or the Terms of Use, please don’t use the AppPractice Apps or other applications that access your AppPractice account.

This Privacy Policy applies to AppPractice’s treatment of “personal information,” which is information that uniquely identifies a Patient User, Care Team Member, Clinician or Researcher or otherwise contains health and other personally identifiable information. This Privacy Policy also applies to the information, notes, and files Patient Users, any of a Patient User’s Care Team Members, or Clinicians or Researchers upload, store, and manage using the AppPractice Apps. This Privacy Policy does not apply to the practices of companies that AppPractice does not own or control, or to individuals who AppPractice does not employ or manage.

BY USING ANY OF THE AppPractice APPS YOU AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.

As our services expand, we will evaluate our policies and practices and occasionally implement changes and refinements. If we make a change to this Privacy Policy that we determine, in our sole discretion, is material, we will endeavor to notify you (for example, by email to the email address in your AppPractice account) prior to the changes becoming effective. We will post all revised or new Privacy Policies on the AppPractice website at www.AppPractice.org/legal, and indicate the date it was last revised.

AppPractice may treat the information of Patient Users, Care Team Members, Clinicians and Researchers differently. For this reason, this Privacy Policy has separate sections with information specific to Patient Users, to Care Team Members, to Clinicians and to Researchers, and a section that applies to everyone. To learn more, please review the following:

1. Information for Patient Users

We collect health and other information from you as a Patient User so that we can show it to you in useful ways within the AppPractice Apps. You may choose to share your health information with others and with applications that connect to the AppPractice Apps or the AppPractice Platform.

This section of the Privacy Policy describes what we do with Patient User information, including but not limited to health information, and is guided by the following principles:

  • You own the information in your AppPractice account.
  • You can request that your AppPractice account be deleted at any time. When your AppPractice account is deleted, all the information in account will also be deleted.
  • You decide who has access to the information in your AppPractice account.
  • You decide which third-party applications have permission to access to read or post new information on your behalf.
  • You decide whether device makers have access to data from your devices.
  • You decide if you would like to contribute the information in your AppPractice account to research.
  • You can obtain an export of the information in your AppPractice account and take it with you whenever you like.

Frequently Asked Questions for Patient Users

  • What Patient User information does AppPractice collect and for what purposes?
  • What choices do Patient Users have?
  • What about the practices of third-party applications that Patient Users can connect to AppPractice Apps or the AppPractice Platform?
  • Who else has access to my information?

1.1 What Patient User information does AppPractice collect and for what purposes?

1.1.1 Registration and Contact Information

To register as a Patient User for a AppPractice account, you must provide your email address and create a password. You use your email address and password to log in to your account. We may also collect contact information, such as your name, address, phone number, and certain non-personal information that does not itself identify you, such as your IP address.

We may use this information to: deliver, administer and improve the AppPractice Apps; provide customer service; improve and personalize your experience; better understand your needs; fulfill requests you make; deliver special announcements and updates about the AppPractice Apps; and contact you about any of the above as well as any changes to or notifications regarding your AppPractice account.

1.1.2 Other Information You Provide to Us

We may also collect health and other information you provide to us through the AppPractice Apps. This includes your gender, age and birth date, weight, height, treatment and diagnosis information, health and well-being related information (including diet and activity information), information identifying the diabetes monitoring and treatment devices you use, and data you upload from your diabetes monitoring and treatment devices using AppPractice Uploader, other AppPractice Apps or through third-party applications that connect to the AppPractice Platform.

We use the information you provide to us to deliver, administer, and improve the AppPractice Apps. We also use this information to provide the visualization, data analysis, and other features available to you through the AppPractice Apps, which are also available to any of your Care Team Members. As we add new AppPractice features for Patient Users, we may use your information to provide those features to you. When you seek support from us, the individual(s) providing you with support may need to access your information in order to identify the problem you are seeking support for, though your information will only be used to help provide you with support.

With your permission, and only with your permission, we may also provide your health information and internal, diagnostic data from your diabetes device to the maker of that device, include your information in a research database, or share your information with third-party applications that you choose to connect with.

1.1.3 Third-Party Applications

You may have the option to link or connect AppPractice Apps or the information collected with AppPractice Apps with certain third-party applications. We will not share the information in your AppPractice account with a third-party application without your direction.

1.1.4 Study Management for Academic and Clinical Research

You may be asked to participate in academic, clinical, commercial or other research studies, either by AppPractice or by entities performing research. You are under no obligation to participate in this research. If you do agree to participate, you may be asked to link your AppPractice account to the study coordination account, or to provide a unique identifier that will allow the researcher or institution to link other personally identifiable information to your AppPractice information. Only you can agree to this linkage with other information or databases. AppPractice will not link the information in your AppPractice account for academic, clinical, commercial or other research studies without your direction. If you agree to participate in a research study, the person or organization conducting the study may require you to sign a written consent to participate, which may include terms and conditions that are different from those of this Privacy Policy.

1.2 What choices do Patient Users have?

Under the Terms of Use, Patient Users own the health and other personal information, data, notes, and files that Patient Users upload, store, and manage using the AppPractice Apps or that are added by their Care Team Members. This means that you as a Patient User decide who has access to the information in your AppPractice account. You also have full control to edit permissions of Care Team Members, alter some types of information, export your information, or cancel your account.

1.2.1 Care Team Access

You can grant access to your AppPractice account to health care professionals, family, friends, or anyone else, creating what we call a Care Team. The Care Team Members to whom you provide access will be able to view and comment on the health and other information in your account. Only if you grant them permission will Care Team Members be able to upload information to your account or, if applicable, edit information in your account. Patient Users own all content in their AppPractice accounts added or altered by their Care Team Members.

1.2.2 Custodial Accounts

A Clinician such as your doctor or other health care provider, or a Researcher conducting a study in which you participate, may establish an account to store information about you in AppPractice. That Clinician or Researcher may invite you to open a AppPractice account. If you accept that invitation, you will become a Patient User and will have control of all the information associated with that account, which will be your AppPractice account. When you open the account, the Clinician or Researcher who invited you to open the account will automatically be a member of your Care Team. You may remove the Clinician or Researcher from your Care Team at any time.

If your Clinician or a Researcher told you to expect such an invitation and you did not receive it, please contact that Clinician or Researcher and ask them to verify your email address and re-send the invitation.

If a Clinician or Researcher who uses AppPractice to store information about you does not invite you to open an account, or if you decide not to do so, then you will not have control of the information associated with that account and this section of the Privacy Policy will not apply to you or to that information.

1.2.3 Options for Sharing Information with Device Makers

You may have the option of granting the maker of your diabetes monitoring or treatment device with access to the information you upload to the AppPractice Platform. Providing your device maker with access to this information may assist the device maker to provide customer support or diagnose and address issues with the device. Providing data access to device makers also helps them understand how their devices are being used, which helps them make better devices in the future. We may charge device makers a fee to access this data.

Your device manufacturer may be able to identify you based on the serial number associated with the device.

Please note that any information you may have previously shared with a device maker may remain with the device maker if they have stored that information and cannot be removed or deleted by changing your sharing preference.

1.2.4 Options for Sharing Anonymized Information with Researchers or Other Research Databases

You may have the option to donate your anonymized data with different Researchers or Research organizations, or with diabetes device or pharmaceutical companies in need of longitudinal datasets. Diabetes researchers have a very difficult time gaining access to quality diabetes data. We will give you the opportunity to make your anonymized information available to these organizations. By doing this we hope to contribute to a dramatic acceleration in the rate of innovation in diabetes care.

You will not be directly identifiable based on the information you choose to donate. However, it may be possible for others to identify you if you have made your information available publicly in other ways; for example, if you post pictures or information to social media that describes you or your health condition, such as tweeting a picture of your continuous glucose monitor readings, it may be possible for someone to correlate that with information in a AppPractice dataset. Donated, anonymized information will be stored and made available without any of your personal AppPractice account information. If you agree to donate your information, here is the information that will and will not be included (if provided):

  • For each Patient User:
    • Included: birth month and year, month and year of date of diagnosis, gender, and weight.
    • Not included: name, address, email address, birth day, notes, profile picture, or other personally identifiable information
  • For all diabetes devices:
    • Included: device event and data timestamps
    • May be included: Brand and model of the device (some device makers preclude this).
    • Not included: device serial number
  • For blood glucose monitors:
    • Included: blood glucose readings
  • For continuous glucose meters (“CGM”):
    • Included: estimated glucose, events tracked by the CGM, including meals, insulin, calibration, exercise
  • For insulin pumps:
    • Included: all pump settings, including bolus calculator parameters, basal rates, basal rate profiles, insulin to carb ratios, and insulin sensitivity factors as well as all events tracked by the pump, including meals, insulin dosed,temp basals and suspends events, and BG inputs. Note that some of the terms above may have slightly varying language on your device.
  • For exercise monitors:
    • Included: Exercise and activity data imported from devices or software, such as FitBit, FuelBand, Strava, and RunKeeper (not including GPS data or personally identifying information).
    • Not included: GPS location data or other personally identifying information

We will not include in the anonymized datasets (1) freeform text and notes entered by you or your Care Team Members, or (2) any other data that could identify a specific individual.

The data from your device will be correlated across time and with the donated Patient User information using a random, cryptographically secure user key (a “one-way hash”). Having this key allows researchers to correlate multiple data points over time from a single person, but does not allow them (or anyone else without internal access to AppPractice servers) to identify the person.

You may be asked to donate your information via email or via using AppPractice Apps.. If you would like to change your donation preference, you may do so by using the appropriate interface in AppPractice Apps. If you change your preference to stop donating your information, you will not be able to remove or delete anonymized information that was previously donated prior to the change.

1.2.5 Export, Delete, or Change Your Information

You can change the contact information you provided when you registered by going to Account Settings. You can change or delete other information and data you have provided by editing or deleting that information directly using the utilities and features available in the AppPractice Apps. To learn how to export or delete your information, please visit support.AppPractice.org.

1.2.6 Cancel Your Account

You can cancel your account at any time. Upon cancellation, we will delete your account information and data. Please visit support.AppPractice.org to learn how to cancel your account.

1.2.7 Other Rights You May Have Under HIPAA

AppPractice may enter into relationships with a number of institutions or health care providers, such as Clinicians, Researchers, or others, for whom AppPractice will act as a “business associate” under the federal Privacy and Security Rules issued under the Health Information Portability and Accountability Act (“HIPAA”). If you are a patient of one of these institutions or other providers, or are participating in a research study conducted by one of these organizations, AppPractice may have obligations to that institution or other provider under HIPAA and AppPractice’s business associate contract with the institution or other provider that affect the information about you that the institution or provider stores in the AppPractice platform. These “business associate” relationships will not affect information in your AppPractice account.

1.2.8 Email Communications

You can choose to stop receiving marketing or informational emails from us by clicking the “unsubscribe” link at the bottom of any such email.

1.4 What about the practices of third-party applications that Patient Users can connect to AppPractice Apps or the AppPractice Platform?

Our Privacy Policy applies solely to information collected by and through the AppPractice Apps. You may be able to connect this information to third-party applications from the AppPractice Apps, or by connecting your AppPractice account from within a third-party application, or you may choose to share your device data with a device maker. Please be aware that AppPractice doesn’t control and isn’t responsible for the privacy and security practices of the third party services you choose to connect with or those of your device makers. However, all third-party developers that connect to the AppPractice Platform will be required to certify that their privacy policy is consistent with the terms of this Privacy Policy. For example, third-party applications will need to agree to not disclose your personal information without your consent. We encourage you to become familiar with their information practices before choosing to share any personal information or data with them.

1.5 Who else has access to my information?

Only you can see who your information. Sharing is not allowed at this time

Some Clinicians or Researchers who you include on your Care Team may participate in other information sharing agreements, and may share some or all of your health information as part of those agreements. For example, your Clinician may participate in the T1D Exchange Registry, QI Collaborative, or other similar information sharing registry, which provides information collection and research services for a network of clinical sites. Please check with your health care provider, clinic, Clinician or Researcher to ask how they may be sharing your health information.

2. Information for Care Team Members

Patient Users have control of the information in their AppPractice accounts. This means that as a Care Team Member your access to a Patient User’s data and information is controlled by the Patient User and that any comments or information that you add may be deleted by the Patient User at any time.

Frequently Asked Questions for Care Team Members

  • What information does AppPractice collect from Care Team Members and for what purposes?
  • What choices do I have about the use of my information?

2.1 What information does AppPractice collect from Care Team Members and for what purposes?

2.1.1 Registration and Contact Information

To register as a Care Team Member, you must provide an email address and create a password. You use your email address and password to log in. We may also collect contact information, such as your name, address, phone number, and certain non-personal information that does not itself identify you, such as your IP address.

We may use this information to: deliver, administer and improve the AppPractice Apps; provide customer service; improve and personalize your experience; better understand your needs and interests; fulfill requests you make; deliver special announcements and updates about the AppPractice Apps; and contact you about any of the above as well as any changes to or notifications regarding your account.

2.1.2 Other Information You Provide to Us

We may also collect other information you provide to us through the AppPractice Apps. As a Care Team Member, this information will mostly be information or comments about the Patient User or Patient Users that add you as a Care Team Member using the AppPractice Apps. We use the information you provide as a Care Team Member to display notes, comments and other features of the AppPractice Apps. A Patient User has the ability to delete information or comments you add to his or her account at any time.

A Patient User has the option to donate anonymized information from his or her account to the AppPractice Anonymized Diabetes Database. If the Patient User donates his or her information, information or data that you add to the Patient User’s account that is being donated will exclude comments that you make on that account.

2.2 What choices do Care Team Members have?

A Patient User owns all content you generate on that Patient User’s accounts and you have no control over that information, except in the course of editing comments you have made as long as the Patient User permits such changes. However, you can delete or change your personal information.

2.2.1 Change Your Information

You can change the contact information you provided when you registered by going to Account Settings.

2.2.2 Cancel Your Account

You can also cancel your account at any time. Upon cancellation, we will delete your account information but not information or comments you have added to any Patient User accounts.

2.2.3 Email Communications

You can choose to stop receiving marketing or informational emails from us by clicking the “unsubscribe” link at the bottom of any such email.

3. Information for Clinicians and Researchers

As a Clinician or Researcher, you will be able to create accounts and collect information on behalf of people that you provide care for, or people that are participating in a research study that you are conducting. These accounts are called Custodial Accounts. You can optionally provide an email address that will cause an account invitation to be sent to an individual, allowing that person to sign up for and claim the AppPractice account, and become a Patient User. When you create a Custodial Account, you have control over that account and information at the outset. Once the account is claimed by a Patient User, that Patient User takes over control and ownership of the information and account, and you become a member of that Patient User’s Care Team.

Frequently Asked Questions for Everyone

  • Are there any territorial restrictions for using AppPractice Apps?
  • Do any third party service providers have access to my information?
  • When can AppPractice disclose my information?
  • How long does AppPractice keep my information?
  • How does AppPractice secure my information?
  • What about information from children?
  • What about my privacy rights in Texas?
  • Does AppPractice use cookies?
  • Does AppPractice collect information automatically when I use the AppPractice Apps?
  • Can third parties collect information about me when I use the AppPractice Apps?
  • Does AppPractice recognize Do Not Track signals?
  • Where can I send questions, comments or suggestions about AppPractice’s privacy practices?

4.1 Are there any territorial restrictions for using AppPractice Apps?

At this time, AppPractice Apps are only intended for use in the United States. The AppPractice Apps and AppPractice Platform are hosted in the United States and all information is stored in the United States. By using the AppPractice Apps and AppPractice Platform you consent to processing and storage of your information in the United States.

4.2 Do any third party service providers have access to my information?

We may employ independent companies or other third parties and individuals to help us provide, facilitate or improve the AppPractice Apps (such as customer service support or data hosting). These service providers may have access to your personal information and data as necessary to perform their services for AppPractice.

4.3 When can AppPractice disclose my information?

Other than the sharing you have authorized, we will only disclose your personal information or data as disclosed in this Privacy Policy.

We may disclose your information in the following circumstances:

  • We may disclose information about you to help complete a transaction for you or to our agents or service providers performing functions on our behalf.
  • We may also disclose your information in the event of a purchase, transfer or sale of services or assets (e.g., in the event that some or all of our assets are acquired by another party, customer information may be one of the transferred assets).
  • If AppPractice believes you’ve misused or abused the AppPractice Apps or the personal information of any Patient User, Care Team Member, Clinician or Researcher, or attempted to interfere with or harm the AppPractice Apps, we will investigate and cooperate with appropriate law enforcement, including, if necessary or appropriate, by disclosing your name, registration information or IP address and any other relevant information, to protect our rights or property, or those of our Patient Users, Care Team Members, Clinicians, Researchers and others. We will cooperate fully with any legal process or criminal investigation into the misuse or abuse of the AppPractice Apps.
  • We may disclose your information or data to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce our Terms of Use or other agreements, or to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a consumer reporting agency for fraud protection, etc.). Where your personal information and data has been requested by any governmental entity or other third party pursuant to subpoena or similar legal process, we will attempt to notify you as quickly as practicable before providing any such information, unless we are legally prohibited from doing so or we believe in good faith that disclosure is or may be necessary to protect life, avoid serious physical injury or property loss or damage, or to prevent or investigate an ongoing crime.

AppPractice may disclose anonymous or statistical information about the use of the AppPractice Apps at any time without restriction.

4.4 How long does AppPractice keep my information?

AppPractice will retain your account and related information on your behalf as long as needed to support your use of the AppPractice Apps and comply as necessary with our legal obligations, resolve disputes, and enforce our agreements. We may delete your account due to inactivity, but we will notify you by email prior to doing so and give you a reasonable opportunity to either transfer your information or begin active use of your account again.

4.5 How does AppPractice secure my information?

To help protect the privacy of personal information and data you transmit using AppPractice Apps, we use technology designed to encrypt your personal information and data before it is sent to us over the internet. In addition, we take reasonable physical, administrative, and technical steps to protect the personal information and data that you provide us against unauthorized access. However, the software, hardware and networks that support the AppPractice Apps may, from time to time, require maintenance or experience problems or breaches of security beyond our control.

Please also be aware that despite our best intentions and the guidelines outlined in this Privacy Policy, no data transmission over the internet or encryption method can be guaranteed to be 100% secure. AppPractice cannot guaranty the security of the information you provide us, and therefore you use AppPractice Apps at your own risk.

While we take steps to protect your personal information and data and keep it secure, you also play a role in protecting your information. You can help to maintain the security of this information by using a unique, strong password, not sharing your account information and password with anyone, and by preventing unauthorized use of your computers and mobile devices.

4.6 What about information about children?

AppPractice does not allow children under the age of 13 to register or use the AppPractice Apps and we require that children between 13 and 18 must have their parent’s or legal guardian’s consent to register or use AppPractice Apps. AppPractice does not knowingly collect information from children under the age of 13. If we discover that a person under 13 has registered as a Patient User or Care Team Member we will delete that person’s account.

4.7 What are my Texas Privacy Rights?

More information can be found here: Texas Privacy Rights

4.8 Does AppPractice use cookies?

We use cookies and similar technology to collect aggregate (non-personal) information about usage of AppPractice Apps by all of our Users and to help us remember you and your preferences when you revisit the AppPractice Apps. These cookies may stay on your browser into the future until they expire or you delete them. Some cookies that assist in the functionality of the AppPractice Apps, like page loading, usually are erased when you close your browser window. Further general information about cookies and how they work is available at www.allaboutcookies.org.

4.9 Does AppPractice collect information automatically when I use the AppPractice Apps?

We receive and store certain types of information whenever you interact with AppPractice Apps. We automatically receive and record information on your activity on our server logs, including your IP address. Generally, we also automatically collect usage information, such as the features of the AppPractice Apps that you use and how you use them, the number of Care Team Members, devices you upload, and how Patient Users and Care Team Members interact. We may use this information, as well as your personal information such as your email address, to provide personalized features and functionality, for example to provide reminders to upload data from your diabetes devices. We may also use this data to help us understand how you and other Users use parts of the AppPractice Apps so that we can improve them. We may disclose anonymous statistical information to third parties about how AppPractice Apps are used without your permission.

4.10 Can third parties collect information about me when I use the AppPractice Apps?

We do not allow third parties to place cookies through the AppPractice Apps or to collect information about a consumer’s online activities over time and across different websites when he or she uses our AppPractice Apps. We do not permit third parties to place cookies through our AppPractice Apps to perform marketing functions but we may allow service providers to place cookies to assist us with analytic functions.

4.11 Does AppPractice recognize Do Not Track signals?

We currently do not use technology that recognizes a “do-not-track” signal from your web browser.

4.12 Where can I send questions, comments or suggestions about AppPractice’s privacy practices?

We welcome your questions and feedback and will work to improve our practices based on useful input we receive. Please contact us at patelcyfair@gmail.com or via mail at:

AppPractice Project

Attn: Legal Department

9539 Huffmeister Rd

Hosuton, TX 77095