Welcome to BROOK (the “Service” or the “App“). We at Brook Inc. (“we“, “us“, “our“) respect your privacy. This policy (the “Policy“) explains our privacy practices for the Service. It describes the ways your personal data is processed, the purposes for which it is processed, what we do with it, and the rights and options available to you with respect to your personal data.
Please note that unless you change the App settings when you first sign up for the Service, or at any time after that, our Service will continue to operate in the background of your mobile device. You can always turn off our Service through the “settings” menu of your mobile device.
The following are key points of the Policy, highlighted to you for your convenience. They do not substitute the full Policy, which we encourage you to read.
The App is a powerful machine learning real-time healthy lifestyle management tool that uses our innovative analytics tools to collect and combine personal data from user input and Third Parties, together with clinical knowledge, to create insights and recommendations to help users stay as healthy as possible. By accessing or using the Service in any way, or by registering as a user, you agree to be bound by these Terms.
We collect your full name, email and other personal information including your date of birth, gender, height, weight, and information related to your health, medical conditions and wellness. We also ask for permission to access information through Third Party Platforms (such as the Apple Health Kit and other fitness apps you may use). If you give us permission, we collect your geographical location as well as information pertaining to your day-to-day activities and other activities on the App.
We use the information we collect to provide and operate our proactive healthy lifestyle management solution, to operate all other aspects of the Service and to send you push notifications to enhance the Service and prevent misuse, if you agree to receive push notifications.
Your personal data may be shared with our contractors or data analysis service providers for the purpose of providing you with the Service. Your personal data may also be shared with third- party professionals (“Professionals”) who are listed on the App and with whom you choose to communicate. Your personal data may also be accessed, with your permission, through Third Party Platforms. Your personal data may also be shared with your health insurance provider (your “Insurer”) if your Insurer has partnered with us to provide services to the Insurer’s members, and you have opted to link your user account with your Insurer’s account. We may also share aggregated and de-identified data with others for the purpose of operating, maintaining and enhancing the Service.
It is your choice whether to let us access Third Party Platforms that contain your personal data. If you give us permission to do so, you may then opt-out of sharing with us certain, or all information generated from Third Party Platforms. You may also revoke your permission for us to access Third Party Platforms at any time.
We implement measures to reduce the risks of damage and unauthorized access or use of information, but they do not provide absolute information security.
We may change this Policy, by notifying you of such changes. Your continued use of the Service after the changes take effect indicates your acceptance of the amended Policy.
Although the full Service is available only to registered users, registration is not required and unregistered users who do not create a profile and a user account may use basic portions of the Service that are available to all users. To sign-up, you must provide us with certain contact and personal details, such as your full name and an active e-mail address and to enter a username and password. By using the Service and/or signing up we may ask you to actively provide us with other Service-related personal data such as your age, gender, height, weight, food intake or other attributes that define you as a user.
If you give us permission to do so, we may also collect your geographical location, including position coordinates provided by your mobile device. We essentially use your location-based information to provide the Service and to enhance its capabilities.
We may collect additional information to enhance the Service’s capabilities, such as information regarding your day to day behavior (sleep, location, movement, system clock etc.), if you give us permission to do so, as well as other activities on the App, such as the content you viewed or searched for on the App, and your session durations.
As part of the Device Program, the Device(s) may also collect physiologic data (e.g., ECG, blood pressure, glucose monitoring) of you that it will transmit to us and your Provider.
Keep in mind that personal data that you actively provide, allow us to access through Third Party Platforms, or other geographical location or behavioral content (collectively, the “Content”), may contain or be indicative of, your personal and health condition (depending on the particulars of the Content).
We may collect Content and other personal data from third party platforms for which you have provided us permission and access to, such as Apple iOS HealthKit, Google Fit and Fitbit (“Third Party Platforms”). You may, at any time, opt-out of sharing certain service provider or Third Party Platform information with us, as further explained in the section titled “Choice” below. The Service’s functionality may also let you actively submit additional information, whether through using our Service or via Third Party Platforms.
When using the App, Content may be provided in textual, audio or visual form. If you choose to share Content in visual form, the App will request your permission to access your device’s camera (to snap a photo) or memory storage (to let you select an existing photo).
We will use this Content, combined with our analytics tools, to create our real-time health and wellness management solution, and for additional purposes outlined in this Policy.
We may use integration tools such as iOS HealthKit or GoogleFit for purposes of collecting and analyzing health and medical information and we may use third party tools to collect this information.
PLEASE DO NOT SHARE WITH US CONTENT THAT MAY BE INDICATIVE OF PERSONAL OR HEALTH INFORMATION ABOUT YOURSELF OR OTHER INDIVIDUALS, WHICH YOU DO NOT WANT US TO HAVE. YOU ARE SOLELY RESPONSIBLE FOR ANY CONTENT THAT YOU SHARE WITH US.
Brook provides remote patient monitoring and other services under agreements with its health care provider and health plan customers ("Customers") that govern Brook's use and disclosure of protected health information and other personal information through the services (the “Provider Agreements”). This Policy supplements the Provider Agreements. To the extent that a term of this Policy conflicts with any applicable Provider Agreement, the Provider Agreement will control.
If you are a patient of one of our health care provider Customers, or a beneficiary of one of our health plan Customers, who use our services and have questions about your treatment or handling of your protected health information, you should check with your health care provider or health plan. As between Brook and our Customers, our Customers are primarily responsible for determining how we use and disclose the protected health information we collect through our services under the Provider Agreements. Your health care provider’s or health plan's collection, use and disclosure of protected health information about you is governed, in turn, by that entity's notice of privacy practices, privacy policies, and other agreements between you and the entity.
When you engage in certain activities on our Service, such as submitting a customer-service request, you may be asked to provide personal data depending on the activity or request. When we process your inquiries or requests, we may also require additional personal data from you, to verify your account and identity.
We do not knowingly or intentionally collect information about children who are under the age of 16. If you are a minor, you may not use the Service and may not provide any personal details to us.
You may choose to select a Professional listed on the App and communicate directly with the Professional. If you choose to communicate with a Professional, the Professional will need to receive certain personal information about you in order to provide you with the Professional’s services. By selecting a Professional, you consent to the sharing of your personal information with the Professional.
If your Insurer offers you the option to link your user account with your Insurer’s account and you choose to link the accounts, we will share your personal information with your Insurer. By choosing to link your user account with your Insurer account, you consent to the sharing of your personal information with your Insurer.
We will use the information outlined above, for the following purposes:
We may share the information outlined above, with others, in any of the following instances:
In any case other than the above, your personal data will only be shared with others if you provide your explicit prior consent.
We may use de-identified, statistical or aggregated information, including information that we process according to this policy, to properly operate the Service, to develop and improve the quality and functionality of the Service, to enhance your experience, to create new services, including customized services, to change or cancel existing features and for other research, development and statistical purposes. We may share, publish, post, disseminate, transmit or otherwise communicate or make available such information to suppliers, business partners, sponsors, developers, affiliates and any other third party, at our sole discretion, provided however, that we will not knowingly, or intentionally share information that can be reasonably used to reveal your identity without your consent.
It is your choice whether to let us access information from Third Party Platforms. If you give us permission to access your accounts from Third Party Platforms, you may, at any time, opt-out of sharing with us certain, or entire categories of information. You may also revoke your permission at any time.
The personal data we collect (or process) in the context of the Service will be stored in the United States. Some of the data recipients with whom we share your personal data may be located in countries other than the country in which your personal data originally was collected. The laws in those countries may not provide the same level of data protection compared to the country in which you initially provided your data. Nevertheless, when we transfer your personal data to recipients in other countries, including the United States, we will protect that personal data as described in this Policy and in compliance with applicable law. If you reside or are located in the European Economic Area (“EEA”) we take measures to comply with applicable legal requirements for the transfer of personal data to recipients in countries outside of the EEA that do not provide an adequate level of data protection. We use a variety of measures to ensure that your personal data transferred to these countries receives adequate protection in accordance with data protection rules; this includes signing the EU Standard Contractual Clauses, verifying the recipient has adopted Binding Corporate Rules or adheres to the EU-US and Swiss-US Privacy Shield Framework.
We retain the information outlined above for as long as is necessary in order for us to provide you with the Service or as required under applicable law.
Generally, as long as you are a user of the Service, we do not delete information related to you, unless there are technical reasons that require us to retain only portions of the data, or if we are required by law to delete it.
Please note that we will retain and disclose information when we deem it necessary to satisfy orders issued by courts and government authorities. We will notify you about the disclosure, only if we are explicitly permitted to do so. In any case, we may keep any aggregated or anonymous information for statistical, development, marketing and other purposes, indefinitely.
Be advised that removing or uninstalling the App from your smartphone or other device to which the App is activated will not automatically cause the personal data or Content to be deleted from the Service. However, we will delete your personal data and Content from the Service upon your request.
If you would like information in relation to your rights or would like to exercise any of them, you may contact us via firstname.lastname@example.org or our postal address provided below. If you reside or are located in the EEA, you may ask us to take the following actions in relation to your personal data that we hold:
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal data, it is not guaranteed, and you cannot expect that the Service will be immune from information security risks.
We may change this Policy from time to time. Substantial changes will take effect 30 days after you are given notice of such changes through the Service. Other changes will take effect 7 days after you are given notice. However, if the Policy is amended to comply with legal requirements, the amendments will become effective immediately upon their initial posting, or as required. The most up-to-date Policy will always be accessible through the App.
In any event, we will seek your explicit consent if we wish to have substantial changes to the Policy apply to personal data we collected prior to those changes.
Your explicit consent to the amended Policy or continued use of the Service after the changes take effect each indicate your acceptance of the amended Policy. If you do not agree to the amended Policy, you must uninstall the App and refrain from using the Service.
If you have any comments, requests or questions about this Policy, please contact us at email@example.com or use or our postal address:
311½ Occidental Ave South
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||YES|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||YES|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||YES|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||NO|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
In the preceding twelve (12) months, Brook has disclosed following categories of personal information for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category E: Biometric information.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
Category H: Sensory data.
Category K: Inferences drawn from other personal information.
We have disclosed your personal information for a business purpose to services providers.
In the preceding twelve (12) months, Brook has not sold personal information.
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see section below titled “Exercising Access, Data Portability, and Deletion Rights”), we will disclose to you:
We do not provide these access and data portability rights for B2B personal information.
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see section below titled “Exercising Access, Data Portability, and Deletion Rights”), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
We do not provide these deletion rights for B2B personal information.
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org or write us at: Brook Inc, 113 Cherry Street, PMB 30466, Seattle, Washington, 98104
We reserve the right to amend this Addendum at our discretion and at any time. When we make changes to this Addendum, we will post the updated Addendum on the Website and update the Addendum’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
Attn: Customer Support
113 Cherry Street
Seattle, Washington 98104