Organization & Community Health Monitoring Solutions
Portal Login
Portal Login

Privacy Policy

We believe that transparency is the key to any healthy relationship. At Safe2Pass, we’re all about healthy. We appreciate that you are trusting us with information that is important to you, and we want to be transparent about how we collect, transmit, store, process, and share your confidential information.

Here we describe the privacy practices for our mobile applications, websites, APIs, and services (the “Services”). Safe2Pass maintains three (3) offerings, our Personal Edition and our Community Edition.

Personal Edition (Default) (Free Services)

The Personal Edition of our mobile application stores all information on your device. No information is sent to us or stored on our servers. We do provide users the ability to share certain information with us through the Settings page of the mobile application. By default, however, these sharing options are disabled.

Personal Edition with User Enabled Sharing and Community Editions (“Premium” Services)

You will learn about the information we collect, how we use it, the controls we give you over your information, and the measures we take to keep it safe.

Specifically, our privacy policy covers:

  • Information We Collect
  • How We Use Information
  • How Information Is Shared
  • Your Rights to Access and Control Your Personal Data
  • Data Retention
  • Analytics and Advertising Services Provided by Others
  • Our Policies for Children
  • Information Security
  • HIPAA Privacy Disclosures
  • FERPA Privacy Disclosures
  • Our International Operations and Data Transfers
  • European Privacy Disclosures
  • California Privacy Disclosures
  • Changes to This Policy Who We Are and How To Contact Us

The Personal Edition of our mobile application stores all information on your device. No information is sent to us or stored on our servers. We do provide users the ability to share certain information with us through the Settings page of the mobile application. By default, however, these sharing options are disabled.

INFORMATION WE COLLECT

When you use our Community Edition, we collect the following types of information.

ACCOUNT INFORMATION

Some information is required to create an account on our “Community Edition”, such as your name, email address, mobile phone number, and password. This is the only information you are required provide to create a “Community Edition“ account with us.

ADDITIONAL INFORMATION

In order to gain access to certain additional optional services (such as LIVECARE, LABLINK, VAXLINK), we may need to obtain certain additional confidential information from you. You have full control over the information that you share. Safe2pass has full control over the services provided based on the information you share. Specifically, the following information may be shared:

  • Health insurance information including employee name, name of insurance carrier, member ID, group number, plan type / name). This information is used solely to order labs and receive lab results and automate the recording, tracking, and monitoring of vital signs and/or immunizations. Vital Signs (Temperature, Pulse Ox) either entered by you, retrieved through a Bluetooth device you own, or obtained through the LiveCare network in which you have subscribed via Safe2Pass.
  • Lab Results either entered by you and/or obtained through Safe2Pass’s network of Laboratory partners for which you have approved the Sharing arrangement or for labs you have ordered through the Safe2Pass application.
  • Vaccines / Immunizations entered by you and/or obtain through Safe2Pass’s network of doctors and/or pharmacy partners.
  • Contact Tracing Alerts sent from governmental entities or sent through the platform from other platform members.
  • Symptoms entered by a member of a community or employee of a customer.
  • Pre-existing conditions entered by a member of a community or employee of a customer.
  • Responses from surveys and/or questionnaires obtained to evaluate each member’s / employee’s transmission risk to the Community and/or Customer.
  • Other demographic information including gender, year of birth, and race is collected for additional analytics capability.
  • To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information from other applications like food logs, the number of steps you take, your distance traveled, calories burned, weight, heart rate, sleep stages, active minutes, location or other health tracking.

For our Community Edition, you have full control over the information you share with community managers. Community managers may request information to monitor health status of community members and/or their employees. For example, a high temperature, low Pulse OX, recent positive COVID test, other symptoms, and immunization (vaccines) records may be used by the manager to provide health services, establish health policies, and to keep the community safe.

In addition, if you contact us or participate in a survey, contest, or promotion, we collect the information you submit such as your name, contact information, and message.

PAYMENT AND CARD INFORMATION

Our mobile application and/or website may support payments and transactions for additional services by us and/or third-party partners of ours. If you activate these features, you may be required to provide certain information for identification and verification, such as your name, credit, debit or other card number, card expiration date, and CVV code. This information is encrypted and sent to your card network, which upon approval sends back to your device a token, which is a set of random digits for engaging in transactions without exposing your card number. For your convenience, we store the last four digits of your card number and your card issuer’s name and contact information. You can remove the token from your account using your account settings. We do not store your transaction history.

IMPROVE, PERSONALIZE, AND DEVELOP THE SERVICES

We use the information we collect to improve and personalize the Services and to develop new ones. For example, we use the information to troubleshoot and protect against errors; perform data analysis and testing; conduct research and surveys; and develop new features and Services.

When you allow us to collect precise location information, we use that information to provide and improve features of the services identifying locations of risk.

COMMUNICATE WITH YOU

We use your information when needed to send you Service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications and most Service notifications by using your notification preferences in account settings or via the “Unsubscribe” link in an email.

PROMOTE SAFETY AND SECURITY

We use the information we collect to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to authenticate users, facilitate secure payments, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.

We use cookies and similar technologies for the purposes described above. For more information, please read our Cookie Use statement.

HOW INFORMATION IS SHARED

We never sell the personal information of our users. We do not share your personal information except in the limited circumstances described below.

WHEN YOU AGREE OR DIRECT US TO SHARE

You may direct us through your acceptance of membership into a community or employment with a customer to disclose your information to the “Community” or “Customer”. You do have full control of the information you share with “Community” or “Customer” managers, however, at a minimum, “Community” or “Customer” managers need access to the risk levels calculated within the applications. These risk level calculations, which are derived based information that can be seen on our Website at http://www.safe2pass.me, establish a threshold where pandemic transmission risk is high and/or imminent.

For health related information, we provide you with privacy preferences in settings to allow you to control how your information is visible to “Community” or “Customer” managers of the Services.

You may also direct us to share your information in other ways, for example, when you give a third-party application access to your account, or give your employer access to information when you choose to participate in an employee wellness program. Remember that their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with third-party applications or employee wellness programs using your account settings.

FOR EXTERNAL PROCESSING

We transfer information to our corporate affiliates, service providers, and other partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, marketing, data analysis, research, and surveys.

FOR LEGAL REASONS TO PREVENT HARM

We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.

Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.

We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in public reports about COVID and/or Pandemic risks.

If we are involved in a merger, acquisition, or sale of assets, we will continue to take measures to protect the confidentiality of personal information and give affected users notice before transferring any personal information to a new entity.

YOUR RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL DATA

We give you settings and tools to access and control your personal data, as described below, regardless of where you live. If you live in certain jurisdictions, you may have legal rights with respect to your information, which your account settings and tools allow you to exercise, as outlined below.

Accessing and Exporting Data. By logging into your account, you can access much of your personal information, including your health status dashboard. Using your settings, you can also download information in a commonly used file format.

Editing and Deleting Data. By logging into your account and using your settings, you can change and delete your personal information. For instance, you can edit or delete the profile data you provide and delete your account if you wish.

If you choose to delete your account, please note that while most of your information will be deleted within 30 days, it may take up to 90 days to delete all of your information. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the How Information Is Shared section.

Objecting to Data Use. We give you settings and tools to control our data use. For example, through your settings, you can limit how your information is visible to other users of the Services; using your notification settings, you can limit the notifications you receive from us; and under your application settings, you can revoke the access of third-party applications that you previously connected to your account.

DATA RETENTION

We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. In some cases, when you give us information for a feature of the Services, we delete the data after it is no longer needed for the feature (e.g., history of vitals beyond computing 7 days rolling average, history of COVID testing beyond two tests or 30 days). We keep other information, like your history of vaccines, until you use your account settings or tools to delete the data or your account because we use this data to provide you with your personal statistics and other aspects of the Services. We also keep information about you and your use of the Services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the How We Use Information and How Information Is Shared sections.

ANALYTICS AND ADVERTISING SERVICES PROVIDED BY OTHERS

We work with partners who provide us with analytics and advertising services. This includes helping us understand how users interact with the Services, serving advertisements on our behalf across the internet, and measuring the performance of those advertisements. These companies may use cookies and similar technologies to collect information about your interactions with the Services and other websites and applications. To learn more and about your privacy choices, please read our Cookie Use statement.

OUR POLICIES FOR CHILDREN

We appreciate the importance of taking additional measures to protect children’s privacy.

Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at [email protected].

INFORMATION SECURITY

We work hard to keep your data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your data. This includes using Transport Layer Security (“TLS”) to encrypt many of our Services. No method of transmitting or storing data is completely secure, however. If you have a security-related concern, please contact Customer Support at [email protected].

HEALTH AND STUDENT DATA

To the extent that information we collect is health data and/or student data subject to the Health Insurance Portability and Accountability Act of 1996 (referred to as HIPAA) and/or Family Educational Rights and Privacy Act (referred to as FERPA), we ask for your explicit consent through acknowledgement of this policy to store and/or process this type of data. We obtain and store this consent separately when you enroll on the platform. You can use your account settings and tools to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or your account.

To the extent that you are not of legal age, but over the age of 13, we required, as per FERPA, to obtain the legal consent of custodial and non-custodial parents to share personally identifiable information from the records with non-exempt third parties.Additionally, custodial and non-custodial parents maintain the right to access your records and the right to seek to have the records amended. For additional information relating to these rights, please contact [email protected].

With respect to HIPAA, FERPA, and other privacy regulations, you retain the right to:

  • Access and correct all medical records within the platform.
  • Request confidential communications.
  • Limit the information we share.
  • List of those with whom we’ve share your information.
  • Obtain a copy of our privacy notice.
  • Chose someone to act of your behalf.
  • File a complaint if you believe your privacy rights have been violated (please contact [email protected].

OUR LEGAL BASES FOR PROCESSING PERSONAL DATA

For personal data subject to the HIPAA, FERPA and/or any other privacy regulation, we rely on several legal bases to store and process the data, including:

  • When you have given your consent, which you may withdraw at any time using your account settings and other tools;
  • When the processing is necessary to perform a contract with you, like the Terms of Service; and,
  • Our legitimate business interests, such as in improving, personalizing, and developing the Services, marketing new features or products that may be of interest, and promoting safety and security as described in the How We Use Information section.

HOW TO EXERCISE YOUR LEGAL RIGHT

Please review the Your Rights to Access and Control Your Personal Data section for how your account settings and tools allow you to exercise your rights under the GDPR to access and control your personal data.

In addition to the various controls that we offer, in certain circumstances, you can seek to restrict our processing of your data, or object to our processing of your data based on our legitimate interests, including as described in the How We Use Information section. Under the GDPR, you have a general right to object to the use of your information for direct marketing purposes. Please see your notification settings to control our marketing communications to you about Fitbit products. Our Cookie Use statement describes your options for controlling how we and our partners use cookies and similar technologies for advertising. Please note that you can always delete your account at any time.

If you need further assistance regarding your rights, please contact our Data Protection Officer at [email protected], and we will consider your request in accordance with applicable laws. You also have a right to lodge a complaint with your local data protection authority or with the Irish Data Protection Commission, our lead supervisory authority, whose contact information is available here.

CALIFORNIA PRIVACY DISCLOSURES

If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act (“CCPA”).

HOW TO EXERCISE YOUR LEGAL RIGHTS

You have the right to understand how we collect, use, and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights using your account settings and tools as described in the Your Rights To Access and Control Your Personal Data section, for example:

  • By logging into your account and using your account settings, you may exercise your right to access your personal information and to understand how we collect, use, and disclose it.
  • Your account settings also let you exercise your right to delete personal information.

If you need further assistance regarding your rights, please contact our Data Protection Officer at [email protected], and we will consider your request in accordance with applicable laws.

CHANGES TO THIS POLICY

We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use the Services. You can review previous versions of the policy in our archive.

WHO WE ARE AND HOW TO CONTACT US

If you have questions about this policy, or need help exercising your privacy rights, please contact our Data Protection Officer at [email protected].

If you reside in the U.S., you may contact us at:

Safe2Pass LLC
Attn: Legal Department (Privacy Policy)
420 Lexington Avenue, Suite #1620
New York, NY 10170
U.S.A.