Last Updated: June 14, 2016

Welcome to Rise by 1Life Healthcare, Inc. and its affiliates (“we” or “us”). Protecting your privacy is really important to us. Accordingly, we’re providing this Privacy Policy to explain our practices regarding the collection, use and disclosure of information that we receive when you use our Services (defined as the services included in “Services” as defined in both our Customer Terms of Service as well as our Coach Terms of Service. Generally, you can browse through our Site without giving us any information about yourself. When we do need to collect your PII (defined below) to provide you with the Services, or when you choose to provide us with your PII, this Privacy Policy describes how we collect, use and disclose your PII, except to the extent that any personal health information may be submitted by you in the course of using our Service, which is covered by the One Medical HIPAA Policy (the “HIPAA Policy“). Any conflict between this Privacy Policy and the HIPAA Policy with respect to such submitted personal health information shall be resolved in favor of the HIPAA Policy. In addition, this Privacy Policy applies only to those websites, services and applications included within “Services” and doesn’t apply to any third-party websites, services or applications, even if they are accessible through our Services. Also, please note that unless we define a term in this Privacy Policy, all capitalized words used in this Privacy Policy have the same meanings as in our Terms of Service.

How do we collect and use information?

Our primary goals in collecting information are to provide and improve our Services, to administer your use of the Services (including your Account or Coach Account, as applicable), and to enable you to enjoy and easily navigate our Services.

Personal Information. When you create an Account or Coach Account we’ll collect certain information that may include information that can be used to identify you, such as your name, email address and phone number (“Personally Identifiable Information” or “PII”). We may also collect certain information that is not PII because it cannot be used by itself to identify you, such as your gender, age, date of birth and zip code. We or our third party services providers may also collect certain information from you in connection with your use of the Services, including payment information.

Information Collected Using Cookies and Tracking Technology. We collect certain information through the use of “cookies,” which are small text files that are saved by your browser when you access our Services. We may use both session cookies and persistent cookies to identify that you’ve logged in to the Services and to tell us how and when you interact with our Services. We may also use cookies to monitor aggregate usage and web traffic routing on our Services and to customize and improve our Services. Unlike persistent cookies, session cookies are deleted when you log off from the Services and close your browser. Although most browsers automatically accept cookies, you can change your browser options to stop automatically accepting cookies or to prompt you before accepting cookies. Please note, however, that if you don’t accept cookies, you may not be able to access all portions or features of the Services. Some third-party services providers that we engage (including third-party advertisers) may also place their own cookies on your browser. Note that this Privacy Policy covers only our use of cookies and does not include use of cookies by such third parties.

“Web Beacons” (also known as Web bugs, pixel tags or clear GIFs) are tiny graphics with a unique identifier that may be included on our Services for several purposes, including to deliver or communicate with cookies, to track and measure the performance of our Services, to monitor how many visitors view our Services, and to monitor the effectiveness of our advertising. Unlike cookies, which are stored on the user’s hard drive, Web Beacons are typically embedded invisibly on web pages (or in an e-mail).

Information Related to Use of the Services. Our servers automatically record certain information about how a person uses our Services (we refer to this information as “Log Data”), including both Account and Coach Account holders and non-account holders (“Users”). Log Data may include information such as a User’s Internet Protocol (IP) address, device ID, browser type, operating system, the web page that a User was visiting before accessing our Services, the pages or features of our Services to which a User browsed and the time spent on those pages or features, search terms, the links on our Services that a User clicked on, interactions between a Customer and Coaches, diet history and habits, and Content that a Customer submits to the Services when logging eating habits in his or her food journal on the Services. We use this information to administer the Services and we analyze (and may engage third parties to analyze) this information to improve and enhance the Services by expanding their features and functionality and tailoring them to our Users’ needs and preferences. We may use a person’s IP address to fight spam, malware and identity theft. We also use the IP Address to generate aggregate, non-identifying information about how our Services are used.

Location Information. In some cases we collect and store information about where you are located, such as by converting your IP address or mobile GPS data into a rough geolocation. We may use location information to improve and personalize our Services for you.

Opt-Out. We may periodically send you free newsletters and e-mails that directly promote our Services. When you receive such promotional communications from us, you will have the opportunity to “opt-out” (either through your Account or by following the unsubscribe instructions provided in the e-mail you receive). We do need to send you certain communications regarding the Services and you will not be able to opt out of those communications – e.g., communications regarding updates to our Terms of Service or this Privacy Policy or information about billing.

What Information Do We Share?

We will not share any PII that we have collected from you except as described below.

Information Shared with Our Services Providers. We may engage third party service providers, such as third party payment processors, to work with us to administer and provide the Services. These third-party services providers have access to your PII only for the purpose of performing services on our behalf.

Information Shared with Third Parties. We may share aggregated information and non-identifying information with third parties for industry analysis, demographic profiling and other similar purposes.

Information Disclosed in Connection with Business Transactions. Information that we collect from our users, including PII, is considered to be a business asset. As a result, if we go out of business or enter bankruptcy or if we are acquired as a result of a transaction such as a merger, acquisition or asset sale, your PII may be disclosed or transferred to the third-party acquirer in connection with the transaction.

For Fitbit trial users, we may share email addresses and anonymized aggregate usage data with Fitbit. They may use this data in accordance with their privacy policy.

Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials and private parties to enforce or comply with law. Accordingly, we reserve the right to disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate: (i) to enforce our Terms of Service; (ii) to satisfy or comply with any applicable law, regulation or legal process or to respond to claims or lawful requests, including subpoenas, warrants or court orders; (iii) to protect our property, rights and safety and the rights, property and safety of third parties or the public in general; (iv) to prevent or stop activity we consider to be illegal, unethical or legally actionable activity; and (v) as required or allowed in accordance with HIPAA or related applicable local, state or federal laws (please refer to the HIPAA Policy.

The Security of Your Information.

We take reasonable measures to protect the information that we collect from or about you (including your PII) from unauthorized access, use or disclosure. Please be aware, however, that no method of transmitting information over the Internet or storing information is completely secure. Accordingly, we cannot guarantee the absolute security of any information you transmit to us, and so we urge you to take every precaution to protect your information when you are on the Internet. Change your passwords often, use a combination of letters and numbers, and make sure you use a secure browser.

Responding to Do Not Track Signals

Our Site does not have the capability to respond to “Do Not Track” signals received from various web browsers.

Links to Other Sites.

Our Services may contain links to other websites and services. Any information that you provide on or to a third-party website or service is provided directly to the owner of the website or service and is subject to that party’s privacy policy. Our Privacy Policy does not apply to such websites or services and we’re not responsible for the content, privacy or security practices and policies of those websites or services. To protect your information we recommend that you carefully review the privacy policies of other websites and services that you access.

Modifying Your Information.

You can access and modify the PII associated with your Account by accessing the “Settings” tab in the App. If you want us to delete your PII and your Account, please contact us at team@rise.us with your request. We’ll take steps to delete your information as soon as is practicable, but some information may remain in archived/backup copies for our records or as otherwise required by law or our policies.

International Transfer.

Your PII may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you’re located outside the United States and choose to provide your PII to us, we may transfer your PII to the United States and process it there. Those who choose to access and use the Services from outside the United States do so on their own initiative, at their own risk, and are responsible for compliance with applicable laws.

Our Policy Toward Children.

Our Services are not directed to children under 13 and we do not knowingly collect PII from children under 13. If we learn that we have collected PII of a child under 13 directly from that child we will take steps to delete such information from our files as soon as possible. Notwithstanding the foregoing, we may collect PII about children under 13 that parents or guardians provide to us in establishing or managing an Account for their children’s records should we offer this service.

Notice for California Users and Residents

Under California Civil Code Section 1789.3, California users are entitled to the following specific consumer rights notice: If you have a question or complaint regarding the Site, please send an email to team@rise.us. You may also contact us by writing to us at 130 Sutter Street, San Francisco, California 94104. California residents may reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs may be contacted in writing at 400 R Street, Suite 1080, Sacramento, California 95814, or by telephone at (916) 445-1254 or (800) 952-5210.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask for a notice identifying the categories of PII which we share with certain third parties for direct marketing purposes under certain circumstances and providing contact information for such third parties. If you are a California resident and would like a copy of this notice, please submit a written request to us at 130 Sutter Street, San Francisco, California 94104.

Changes to Privacy Policy.

Any information that we collect is subject to the Privacy Policy or HIPAA Policy in effect at the time such information is collected. We may, however, modify and revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we’ll notify you of such changes by posting them on the Services or by sending you an email or other notification, and we’ll indicate when such changes will become effective.

Questions?

Please contact us at team@rise.us if you have any questions about our Privacy Policy.