Tidepool Privacy Policy

Effective Date: April 24, 2017, Version 2.0

Since Tidepool was founded in 2013, we’ve advocated that you own your own data, that you should be able to access it whenever and however you want, and that you should be able to share it however you see fit. In 2017, we feel more strongly about these tenets than ever. As Tidepool has grown, we’ve added new features that make it easier for clinicians and researchers to make accounts that store data on behalf of their patients and study participants. Please read our Privacy Policy to understand how you can control and manage your data and the choices you have. It describes the types of information we collect from PwD, Care Team Members, Clinicians, Researchers and casual site visitors, how we use it, how we protect it, and how we restrict its disclosure.

The privacy and security of your information is important to us. This privacy policy (“Privacy Policy”) describes how Tidepool Project (“Tidepool,” “us,” or “we”) collects, uses, and discloses information in connection with our software applications, such as Tidepool for web, Tidepool for mobile, and the Tidepool Uploader, together with any other applications developed and/or distributed by Tidepool (the “Tidepool Apps”), including storage and retrieval of information by the Tidepool Apps on or through our hosted cloud platform (the “Tidepool Platform”). We collect information from the people who use the Tidepool Apps to help manage their diabetes (“PwD Users,” the person with diabetes or the parent/guardian of one), from the people with whom the PwD User chooses to share that information (“Care Team Members”), from doctors, healthcare professionals, and other clinicians who may use the Tidepool Apps to review information for people under their care (“Clinicians”) and from researchers who collect information from study participants for research purposes through the Tidepool Apps or Tidepool Platform (“Researchers”). PwD Users, Care Team Members, Clinicians and Researchers may collectively be referred to herein as “Users” (or singularly, a “User”).

By using the Tidepool Apps, you agree to be bound by this Privacy Policy, as well as our Terms of Use, which are incorporated herein by reference. Please read this entire Privacy Policy and the Terms of Use. If you don’t agree with the terms of this Privacy Policy or the Terms of Use, please don’t use the Tidepool Apps or other applications that access your Tidepool account.

This Privacy Policy applies to Tidepool’s treatment of “personal information,” which is information that uniquely identifies a PwD User, Care Team Member, Clinician or Researcher or otherwise contains health and other personally identifiable information. This Privacy Policy also applies to the information, notes, and files PwD Users, any of a PwD User’s Care Team Members, or Clinicians or Researchers upload, store, and manage using the Tidepool Apps. This Privacy Policy does not apply to the practices of companies that Tidepool does not own or control, or to individuals who Tidepool does not employ or manage.

BY USING ANY OF THE TIDEPOOL APPS YOU AGREE TO THE COLLECTION, USE, AND DISCLOSURE OF INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.

As our services expand, we will evaluate our policies and practices and occasionally implement changes and refinements. If we make a change to this Privacy Policy that we determine, in our sole discretion, is material, we will endeavor to notify you (for example, by email to the email address in your Tidepool account) prior to the changes becoming effective. We will post all revised or new Privacy Policies on the Tidepool website at www.tidepool.org/legal, and indicate the date it was last revised.

Tidepool may treat the information of PwD Users, Care Team Members, Clinicians and Researchers differently. For this reason, this Privacy Policy has separate sections with information specific to PwD Users, to Care Team Members, to Clinicians and to Researchers, and a section that applies to everyone. To learn more, please review the following:

1. Information for PwD Users

Frequently Asked Questions for PwD Users

1.1 What PwD User information does Tidepool collect and for what purposes?

1.1.1 Registration and Contact Information

1.1.2 Other Information You Provide to Us

1.1.3 Third-Party Applications

1.1.4 Study Management for Academic and Clinical Research

1.2 What choices do PwD Users have?

1.2.1 Care Team Access

1.2.2 Custodial Accounts

1.2.3 Options for Sharing Information with Device Makers

1.2.4 Options for Sharing Anonymized Information with Researchers or Other Research Databases

1.2.5 Export, Delete, or Change Your Information

1.2.6 Cancel Your Account

1.2.7 Other Rights You May Have Under HIPAA

1.2.8 Email Communications

1.3 How do I invite members to join my Care Team or invite others to use Tidepool Apps?

1.4 What about the practices of third-party applications that PwD Users can connect to Tidepool Apps or the Tidepool Platform?

1.5 Who else has access to my information?

2. Information for Care Team Members

Frequently Asked Questions for Care Team Members

2.1 What information does Tidepool collect from Care Team Members and for what purposes?

2.1.1 Registration and Contact Information

2.1.2 Other Information You Provide to Us

2.2 What choices do Care Team Members have?

2.2.1 Change Your Information

2.2.2 Cancel Your Account

2.2.3 Email Communications

3. Information for Clinicians and Researchers

Frequently Asked Questions for Clinicians and Researchers

3.1 What information does Tidepool collect from Clinicians and Researchers and for what purposes?

3.1.1 Registration and Contact Information

3.1.2 Other Information You Provide to Us; Custodial Accounts

3.1.3 Other Information that You Collect from Patients or Study Subjects

3.1.4 Business Associate Agreement

3.2 What choices do Clinicians and Researchers have?

3.2.1 Change Your Information

3.2.2 Chancel Your Account

3.2.3 Email Communications

  1. Information for Everyone

Frequently Asked Questions for Everyone

4.1 Are there any territorial restrictions for using Tidepool Apps?

4.2 Do any third party service providers have access to my information?

4.3 When can Tidepool disclose my information?

4.4 How long does Tidepool keep my information?

4.5 How does Tidepool secure my information?

4.6 What about information about children?

4.7 What are my California Privacy Rights?

4.8 Does Tidepool use cookies?

4.9 Does Tidepool collect information automatically when I use the Tidepool Apps?

4.10 Can third parties collect information about me when I use the Tidepool Apps?

4.11 Does Tidepool recognize Do Not Track signals?

4.12 Where can I send questions, comments or suggestions about Tidepool’s privacy practices?

1. Information for PwD Users

We collect health and other information from you as a PwD User so that we can show it to you in useful ways within the Tidepool Apps. You may choose to share your health information with others and with applications that connect to the Tidepool Apps or the Tidepool Platform.

This section of the Privacy Policy describes what we do with PwD User information, including but not limited to health information, and is guided by the following principles:

  • You own the information in your Tidepool account.
  • You can request that your Tidepool account be deleted at any time. When your Tidepool account is deleted, all the information in account will also be deleted.
  • You decide who has access to the information in your Tidepool account.
  • You decide which third-party applications have permission to access to read or post new information on your behalf.
  • You decide whether device makers have access to data from your devices.
  • You decide if you would like to contribute the information in your Tidepool account to research.
  • You can obtain an export of the information in your Tidepool account and take it with you whenever you like.

Frequently Asked Questions for PwD Users

  • What PwD User information does Tidepool collect and for what purposes?
  • What choices do PwD Users have?
  • How do I invite members to join my Care Team or invite others to use Tidepool Apps?
  • What about the practices of third-party applications that PwD Users can connect to Tidepool Apps or the Tidepool Platform?
  • Who else has access to my information?

1.1 What PwD User information does Tidepool collect and for what purposes?

1.1.1 Registration and Contact Information

To register as a PwD User for a Tidepool account, you must provide your email address and create a password. You use your email address and password to log in to your account. We may also collect contact information, such as your name, address, phone number, and certain non-personal information that does not itself identify you, such as your IP address.

We may use this information to: deliver, administer and improve the Tidepool Apps; provide customer service; improve and personalize your experience; better understand your needs; fulfill requests you make; deliver special announcements and updates about the Tidepool Apps; and contact you about any of the above as well as any changes to or notifications regarding your Tidepool account.

1.1.2 Other Information You Provide to Us

We may also collect health and other information you provide to us through the Tidepool Apps. This includes your gender, age and birth date, weight, height, treatment and diagnosis information, health and well-being related information (including diet and activity information), information identifying the diabetes monitoring and treatment devices you use, and data you upload from your diabetes monitoring and treatment devices using Tidepool Uploader, other Tidepool Apps or through third-party applications that connect to the Tidepool Platform.

We use the information you provide to us to deliver, administer, and improve the Tidepool Apps. We also use this information to provide the visualization, data analysis, and other features available to you through the Tidepool Apps, which are also available to any of your Care Team Members. As we add new Tidepool features for PwD Users, we may use your information to provide those features to you. When you seek support from us, the individual(s) providing you with support may need to access your information in order to identify the problem you are seeking support for, though your information will only be used to help provide you with support.

With your permission, and only with your permission, we may also provide your health information and internal, diagnostic data from your diabetes device to the maker of that device, include your information in a research database, or share your information with third-party applications that you choose to connect with.

1.1.3 Third-Party Applications

You may have the option to link or connect Tidepool Apps or the information collected with Tidepool Apps with certain third-party applications. We will not share the information in your Tidepool account with a third-party application without your direction.

1.1.4 Study Management for Academic and Clinical Research

You may be asked to participate in academic, clinical, commercial or other research studies, either by Tidepool or by entities performing research. You are under no obligation to participate in this research. If you do agree to participate, you may be asked to link your Tidepool account to the study coordination account, or to provide a unique identifier that will allow the researcher or institution to link other personally identifiable information to your Tidepool information. Only you can agree to this linkage with other information or databases. Tidepool will not link the information in your Tidepool account for academic, clinical, commercial or other research studies without your direction. If you agree to participate in a research study, the person or organization conducting the study may require you to sign a written consent to participate, which may include terms and conditions that are different from those of this Privacy Policy.

1.2 What choices do PwD Users have?

Under the Terms of Use, PwD Users own the health and other personal information, data, notes, and files that PwD Users upload, store, and manage using the Tidepool Apps or that are added by their Care Team Members. This means that you as a PwD User decide who has access to the information in your Tidepool account. You also have full control to edit permissions of Care Team Members, alter some types of information, export your information, or cancel your account.

1.2.1 Care Team Access

You can grant access to your Tidepool account to health care professionals, family, friends, or anyone else, creating what we call a Care Team. The Care Team Members to whom you provide access will be able to view and comment on the health and other information in your account. Only if you grant them permission will Care Team Members be able to upload information to your account or, if applicable, edit information in your account. PwD Users own all content in their Tidepool accounts added or altered by their Care Team Members.

1.2.2 Custodial Accounts

A Clinician such as your doctor or other health care provider, or a Researcher conducting a study in which you participate, may establish an account to store information about you in Tidepool. That Clinician or Researcher may invite you to open a Tidepool account. If you accept that invitation, you will become a PwD User and will have control of all the information associated with that account, which will be your Tidepool account. When you open the account, the Clinician or Researcher who invited you to open the account will automatically be a member of your Care Team. You may remove the Clinician or Researcher from your Care Team at any time.

If your Clinician or a Researcher told you to expect such an invitation and you did not receive it, please contact that Clinician or Researcher and ask them to verify your email address and re-send the invitation.

If a Clinician or Researcher who uses Tidepool to store information about you does not invite you to open an account, or if you decide not to do so, then you will not have control of the information associated with that account and this section of the Privacy Policy will not apply to you or to that information.

1.2.3 Options for Sharing Information with Device Makers

You may have the option of granting the maker of your diabetes monitoring or treatment device with access to the information you upload to the Tidepool Platform. Providing your device maker with access to this information may assist the device maker to provide customer support or diagnose and address issues with the device. Providing data access to device makers also helps them understand how their devices are being used, which helps them make better devices in the future. We may charge device makers a fee to access this data.

Your device manufacturer may be able to identify you based on the serial number associated with the device.

Please note that any information you may have previously shared with a device maker may remain with the device maker if they have stored that information and cannot be removed or deleted by changing your sharing preference.

1.2.4 Options for Sharing Anonymized Information with Researchers or Other Research Databases

You may have the option to donate your anonymized data with different Researchers or Research organizations, or with diabetes device or pharmaceutical companies in need of longitudinal datasets. Diabetes researchers have a very difficult time gaining access to quality diabetes data. We will give you the opportunity to make your anonymized information available to these organizations. By doing this we hope to contribute to a dramatic acceleration in the rate of innovation in diabetes care.

You will not be directly identifiable based on the information you choose to donate. However, it may be possible for others to identify you if you have made your information available publicly in other ways; for example, if you post pictures or information to social media that describes you or your health condition, such as tweeting a picture of your continuous glucose monitor readings, it may be possible for someone to correlate that with information in a Tidepool dataset. Donated, anonymized information will be stored and made available without any of your personal Tidepool account information. If you agree to donate your information, here is the information that will and will not be included (if provided):

  • For each PwD User:
    • Included: birth month and year, month and year of date of diagnosis, gender, and weight.
    • Not included: name, address, email address, birth day, notes, profile picture, or other personally identifiable information
  • For all diabetes devices:
    • Included: device event and data timestamps
    • May be included: Brand and model of the device (some device makers preclude this).
    • Not included: device serial number
  • For blood glucose monitors:
    • Included: blood glucose readings
  • For continuous glucose meters (“CGM”):
    • Included: estimated glucose, events tracked by the CGM, including meals, insulin, calibration, exercise
  • For insulin pumps:
    • Included: all pump settings, including bolus calculator parameters, basal rates, basal rate profiles, insulin to carb ratios, and insulin sensitivity factors as well as all events tracked by the pump, including meals, insulin dosed,temp basals and suspends events, and BG inputs. Note that some of the terms above may have slightly varying language on your device.
  • For exercise monitors:
    • Included: Exercise and activity data imported from devices or software, such as FitBit, FuelBand, Strava, and RunKeeper (not including GPS data or personally identifying information).
    • Not included: GPS location data or other personally identifying information

We will not include in the anonymized datasets (1) freeform text and notes entered by you or your Care Team Members, or (2) any other data that could identify a specific individual.

The data from your device will be correlated across time and with the donated PwD User information using a random, cryptographically secure user key (a “one-way hash”). Having this key allows researchers to correlate multiple data points over time from a single person, but does not allow them (or anyone else without internal access to Tidepool servers) to identify the person.

You may be asked to donate your information via email or via using Tidepool Apps.. If you would like to change your donation preference, you may do so by using the appropriate interface in Tidepool Apps. If you change your preference to stop donating your information, you will not be able to remove or delete anonymized information that was previously donated prior to the change.

1.2.5 Export, Delete, or Change Your Information

You can change the contact information you provided when you registered by going to Account Settings. You can change or delete other information and data you have provided by editing or deleting that information directly using the utilities and features available in the Tidepool Apps. To learn how to export or delete your information, please visit support.tidepool.org.

1.2.6 Cancel Your Account

You can cancel your account at any time. Upon cancellation, we will delete your account information and data. Please visit support.tidepool.org to learn how to cancel your account.

1.2.7 Other Rights You May Have Under HIPAA

Tidepool may enter into relationships with a number of institutions or health care providers, such as Clinicians, Researchers, or others, for whom Tidepool will act as a “business associate” under the federal Privacy and Security Rules issued under the Health Information Portability and Accountability Act (“HIPAA”). If you are a patient of one of these institutions or other providers, or are participating in a research study conducted by one of these organizations, Tidepool may have obligations to that institution or other provider under HIPAA and Tidepool’s business associate contract with the institution or other provider that affect the information about you that the institution or provider stores in the Tidepool platform. These “business associate” relationships will not affect information in your Tidepool account.

1.2.8 Email Communications

You can choose to stop receiving marketing or informational emails from us by clicking the “unsubscribe” link at the bottom of any such email.

1.3 How do I invite members to join my Care Team or invite others to use Tidepool Apps?

If you would like to invite someone to become a member of your care team, we’ll ask you for the person’s email address for the sole purpose of sending an invitation. To do so, please select “Share” from within the Tidepool for web application.

1.4 What about the practices of third-party applications that PwD Users can connect to Tidepool Apps or the Tidepool Platform?

Our Privacy Policy applies solely to information collected by and through the Tidepool Apps. You may be able to connect this information to third-party applications from the Tidepool Apps, or by connecting your Tidepool account from within a third-party application, or you may choose to share your device data with a device maker. Please be aware that Tidepool doesn’t control and isn’t responsible for the privacy and security practices of the third party services you choose to connect with or those of your device makers. However, all third-party developers that connect to the Tidepool Platform will be required to certify that their privacy policy is consistent with the terms of this Privacy Policy. For example, third-party applications will need to agree to not disclose your personal information without your consent. We encourage you to become familiar with their information practices before choosing to share any personal information or data with them.

1.5 Who else has access to my information?

You can see who your information is shared with by logging into your Tidepool account and selecting the “Share” link.

Some Clinicians or Researchers who you include on your Care Team may participate in other information sharing agreements, and may share some or all of your health information as part of those agreements. For example, your Clinician may participate in the T1D Exchange Registry, QI Collaborative, or other similar information sharing registry, which provides information collection and research services for a network of clinical sites. Please check with your health care provider, clinic, Clinician or Researcher to ask how they may be sharing your health information.

2. Information for Care Team Members

PwD Users have control of the information in their Tidepool accounts. This means that as a Care Team Member your access to a PwD User’s data and information is controlled by the PwD User and that any comments or information that you add may be deleted by the PwD User at any time.

Frequently Asked Questions for Care Team Members

  • What information does Tidepool collect from Care Team Members and for what purposes?
  • What choices do I have about the use of my information?

2.1 What information does Tidepool collect from Care Team Members and for what purposes?

2.1.1 Registration and Contact Information

To register as a Care Team Member, you must provide an email address and create a password. You use your email address and password to log in. We may also collect contact information, such as your name, address, phone number, and certain non-personal information that does not itself identify you, such as your IP address.

We may use this information to: deliver, administer and improve the Tidepool Apps; provide customer service; improve and personalize your experience; better understand your needs and interests; fulfill requests you make; deliver special announcements and updates about the Tidepool Apps; and contact you about any of the above as well as any changes to or notifications regarding your account.

2.1.2 Other Information You Provide to Us

We may also collect other information you provide to us through the Tidepool Apps. As a Care Team Member, this information will mostly be information or comments about the PwD User or PwD Users that add you as a Care Team Member using the Tidepool Apps. We use the information you provide as a Care Team Member to display notes, comments and other features of the Tidepool Apps. A PwD User has the ability to delete information or comments you add to his or her account at any time.

A PwD User has the option to donate anonymized information from his or her account to the Tidepool Anonymized Diabetes Database. If the PwD User donates his or her information, information or data that you add to the PwD User’s account that is being donated will exclude comments that you make on that account.

2.2 What choices do Care Team Members have?

A PwD User owns all content you generate on that PwD User’s accounts and you have no control over that information, except in the course of editing comments you have made as long as the PwD User permits such changes. However, you can delete or change your personal information.

2.2.1 Change Your Information

You can change the contact information you provided when you registered by going to Account Settings.

2.2.2 Cancel Your Account

You can also cancel your account at any time. Upon cancellation, we will delete your account information but not information or comments you have added to any PwD User accounts.

2.2.3 Email Communications

You can choose to stop receiving marketing or informational emails from us by clicking the “unsubscribe” link at the bottom of any such email.

3. Information for Clinicians and Researchers

As a Clinician or Researcher, you will be able to create accounts and collect information on behalf of people that you provide care for, or people that are participating in a research study that you are conducting. These accounts are called Custodial Accounts. You can optionally provide an email address that will cause an account invitation to be sent to an individual, allowing that person to sign up for and claim the Tidepool account, and become a PwD User. When you create a Custodial Account, you have control over that account and information at the outset. Once the account is claimed by a PwD User, that PwD User takes over control and ownership of the information and account, and you become a member of that PwD User’s Care Team.

Frequently Asked Questions for Clinicians and Researchers

  • What information does Tidepool collect from Clinicians and Researchers and for what purposes?
  • What choices do Clinicians and Researchers have?

3.1 What information does Tidepool collect from Clinicians and Researchers and for what purposes?

3.1.1 Registration and Contact Information

To register for a Tidepool account as a Clinician or Researcher, you must provide an email address and create a password. You use your email address and password to log in to the account. We may also collect other contact information, such as your name, your clinic or institution name, address, phone number, and certain non-personal information that does not itself identify you, such as your IP address or your role within your organization.

We may use this information to: deliver, administer and improve the Tidepool Apps; provide customer service; improve and personalize your experience; better understand your needs and interests; fulfill requests you make; deliver special announcements and updates about the Tidepool Apps; and contact you about any of the above as well as any changes to or notifications regarding your account.

3.1.2 Other Information You Provide to Us; Custodial Accounts

We also collect other information you provide to us through the Tidepool Apps. As a Clinician or Researcher, you will be able to create accounts for your patients or study subjects, called “Custodial Accounts.” When you create these accounts, you will identify those individuals by their name, date of birth, and an optional Medical Record Number (MRN). You may also optionally provide an email address for each individual. Providing an email address will initiate an email invitation that will allow the individual to sign up for Tidepool and claim the account, thereby taking ownership of the account information. It is your responsibility to ensure the accuracy of that email address.

If an individual chooses to sign up for Tidepool and claim an account, he or she then takes ownership of the account and becomes a PwD User, as defined above. The account will be automatically shared with you, making you a Care Team Member, as defined above. The PwD User may remove you as a Care Team Member at any time.

We may also collect other information you provide to us through the Tidepool Apps. This may include gender, age and birth date, weight, height, treatment and diagnosis information, health and well-being related information (including diet and activity information), information identifying the diabetes monitoring and treatment devices you upload for individuals, and data that you upload from their diabetes monitoring and treatment devices using Tidepool Uploader.

We use this information to provide the visualization, data analysis, and other features available through the Tidepool Apps. When you seek support from us, the individual(s) providing you with support may need to access your information in order to identify the problem you are seeking support for, though the use of your information will only be used to help provide you with support.

3.1.3 Other Information that You Collect from Patients or Study Subjects

Through the course of providing care or conducting a research study, you may collect information other than through Tidepool. Only information collected by Tidepool or via Tidepool Apps is covered by this Privacy Policy.

3.1.4 Business Associate Agreement

If Tidepool will be acting as your business associate under the federal Privacy and Security Rules issued under the Health Information Portability and Accountability Act (“HIPAA”), our obligations regarding the privacy and security of the personal information you store in Tidepool will be governed by a separate written business associate agreement between us. Tidepool will not be subject to any business associate agreement unless it is executed on Tidepool’s behalf by an authorized person.

3.2 What choices do Clinicians and Researchers have?

A PwD User owns all content you generate on that PwD User’s accounts and you have no control over that information, except in the course of editing comments you have made as long as the PwD User permits such changes. However, you can delete or change your personal information.

3.2.1 Change Your Information

You can change the contact information you provided when you registered by going to Account Settings.

3.2.2 Cancel Your Account

You can also cancel your account at any time. Upon cancellation, we will delete your account information but not information or comments you have added to any PwD User accounts.

3.2.3 Email Communications

You can choose to stop receiving marketing or informational emails from us by clicking the “unsubscribe” link at the bottom of any such email.

4. Information for Everyone

The following information applies to all Users of the Tidepool Apps and Tidepool Platform: PwD Users, Care Team Members, Clinicians and Researchers.

Frequently Asked Questions for Everyone

  • Are there any territorial restrictions for using Tidepool Apps?
  • Do any third party service providers have access to my information?
  • When can Tidepool disclose my information?
  • How long does Tidepool keep my information?
  • How does Tidepool secure my information?
  • What about information from children?
  • What about my privacy rights in California?
  • Does Tidepool use cookies?
  • Does Tidepool collect information automatically when I use the Tidepool Apps?
  • Can third parties collect information about me when I use the Tidepool Apps?
  • Does Tidepool recognize Do Not Track signals?
  • Where can I send questions, comments or suggestions about Tidepool’s privacy practices?

4.1 Are there any territorial restrictions for using Tidepool Apps?

At this time, Tidepool Apps are only intended for use in the United States. The Tidepool Apps and Tidepool Platform are hosted in the United States and all information is stored in the United States. By using the Tidepool Apps and Tidepool Platform you consent to processing and storage of your information in the United States.

4.2 Do any third party service providers have access to my information?

We may employ independent companies or other third parties and individuals to help us provide, facilitate or improve the Tidepool Apps (such as customer service support or data hosting). These service providers may have access to your personal information and data as necessary to perform their services for Tidepool.

4.3 When can Tidepool disclose my information?

Other than the sharing you have authorized, we will only disclose your personal information or data as disclosed in this Privacy Policy.

We may disclose your information in the following circumstances:

  • We may disclose information about you to help complete a transaction for you or to our agents or service providers performing functions on our behalf.
  • We may also disclose your information in the event of a purchase, transfer or sale of services or assets (e.g., in the event that some or all of our assets are acquired by another party, customer information may be one of the transferred assets).
  • If Tidepool believes you’ve misused or abused the Tidepool Apps or the personal information of any PwD User, Care Team Member, Clinician or Researcher, or attempted to interfere with or harm the Tidepool Apps, we will investigate and cooperate with appropriate law enforcement, including, if necessary or appropriate, by disclosing your name, registration information or IP address and any other relevant information, to protect our rights or property, or those of our PwD Users, Care Team Members, Clinicians, Researchers and others. We will cooperate fully with any legal process or criminal investigation into the misuse or abuse of the Tidepool Apps.
  • We may disclose your information or data to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce our Terms of Use or other agreements, or to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a consumer reporting agency for fraud protection, etc.). Where your personal information and data has been requested by any governmental entity or other third party pursuant to subpoena or similar legal process, we will attempt to notify you as quickly as practicable before providing any such information, unless we are legally prohibited from doing so or we believe in good faith that disclosure is or may be necessary to protect life, avoid serious physical injury or property loss or damage, or to prevent or investigate an ongoing crime.

Tidepool may disclose anonymous or statistical information about the use of the Tidepool Apps at any time without restriction.

4.4 How long does Tidepool keep my information?

Tidepool will retain your account and related information on your behalf as long as needed to support your use of the Tidepool Apps and comply as necessary with our legal obligations, resolve disputes, and enforce our agreements. We may delete your account due to inactivity, but we will notify you by email prior to doing so and give you a reasonable opportunity to either transfer your information or begin active use of your account again.

4.5 How does Tidepool secure my information?

To help protect the privacy of personal information and data you transmit using Tidepool Apps, we use technology designed to encrypt your personal information and data before it is sent to us over the internet. In addition, we take reasonable physical, administrative, and technical steps to protect the personal information and data that you provide us against unauthorized access. However, the software, hardware and networks that support the Tidepool Apps may, from time to time, require maintenance or experience problems or breaches of security beyond our control.

Please also be aware that despite our best intentions and the guidelines outlined in this Privacy Policy, no data transmission over the internet or encryption method can be guaranteed to be 100% secure. Tidepool cannot guaranty the security of the information you provide us, and therefore you use Tidepool Apps at your own risk.

While we take steps to protect your personal information and data and keep it secure, you also play a role in protecting your information. You can help to maintain the security of this information by using a unique, strong password, not sharing your account information and password with anyone, and by preventing unauthorized use of your computers and mobile devices.

4.6 What about information about children?

Tidepool does not allow children under the age of 13 to register or use the Tidepool Apps and we require that children between 13 and 18 must have their parent’s or legal guardian’s consent to register or use Tidepool Apps. Tidepool does not knowingly collect information from children under the age of 13. If we discover that a person under 13 has registered as a PwD User or Care Team Member we will delete that person’s account.

4.7 What are my California Privacy Rights?

We act in accordance with the principle behind the California “Shine the Light” law, CA Civil Code § 1798.83, which gives consumers the right to know about certain personal information shared with third parties for their use in directly marketing their own products or services. We will never do that without your express permission, except as described in this Privacy Policy. Under California law, a California resident with whom we have an established relationship has the right to request certain information with respect to the types of personal information that Tidepool has shared with third parties for their direct marketing purposes, and the identities of those third parties, during the immediately preceding calendar year, subject to certain exceptions. All requests for such information must be in writing and sent to Tidepool at the mailing address set forth below.

4.8 Does Tidepool use cookies?

We use cookies and similar technology to collect aggregate (non-personal) information about usage of Tidepool Apps by all of our Users and to help us remember you and your preferences when you revisit the Tidepool Apps. These cookies may stay on your browser into the future until they expire or you delete them. Some cookies that assist in the functionality of the Tidepool Apps, like page loading, usually are erased when you close your browser window. Further general information about cookies and how they work is available at www.allaboutcookies.org.

4.9 Does Tidepool collect information automatically when I use the Tidepool Apps?

We receive and store certain types of information whenever you interact with Tidepool Apps. We automatically receive and record information on your activity on our server logs, including your IP address. Generally, we also automatically collect usage information, such as the features of the Tidepool Apps that you use and how you use them, the number of Care Team Members, devices you upload, and how PwD Users and Care Team Members interact. We may use this information, as well as your personal information such as your email address, to provide personalized features and functionality, for example to provide reminders to upload data from your diabetes devices. We may also use this data to help us understand how you and other Users use parts of the Tidepool Apps so that we can improve them. We may disclose anonymous statistical information to third parties about how Tidepool Apps are used without your permission.

4.10 Can third parties collect information about me when I use the Tidepool Apps?

We do not allow third parties to place cookies through the Tidepool Apps or to collect information about a consumer’s online activities over time and across different websites when he or she uses our Tidepool Apps. We do not permit third parties to place cookies through our Tidepool Apps to perform marketing functions but we may allow service providers to place cookies to assist us with analytic functions.

4.11 Does Tidepool recognize Do Not Track signals?

We currently do not use technology that recognizes a “do-not-track” signal from your web browser.

4.12 Where can I send questions, comments or suggestions about Tidepool’s privacy practices?

We welcome your questions and feedback and will work to improve our practices based on useful input we receive. Please contact us at privacy@tidepool.org or via mail at:

Tidepool Project

Attn: Legal Department

555 Bryant St., #429

Palo Alto, CA 94301