Privacy Policy [Last update: February 3, 2023]
The information in this document applies to the My Thyroid Universe mobile application visitors and users (“users”, “you”, “your”). For information applying to visitors, users, and others who reside in the State of California, please scroll down
Protecting your Personal Information 🔒
Welcome to My Thyroid Universe, your new Hypothyroidism companion.
My Thyroid Universe is here to help you feel your best, offering you both a place to educate yourself and track your symptoms and labs.
The following document sets forth our “Privacy Policy” which governs our use of the Personal Information (as defined below) you submit through your use of our Service (as defined below). Please read our Privacy Policy carefully.
Maintaining the privacy of your information is of paramount importance to us as it helps foster confidence, goodwill and stronger relationships with you, our users. If, at any time, you have questions or concerns about our privacy practices, please feel free to contact us at privacy@palomahealth.com.
We understand that there is a lot of information in this Privacy Policy. We have tried to make it as accessible, precise and transparent as possible. However, if you still find that it is too dense or daunting, here are the answers to the top three questions that we are commonly asked:
1. Who are we?
- Butterfly Technologies Inc. is the owner of the My Thyroid Universe mobile application (“we”, “us”, “our”, “MTU” or the “App”). MTU is a mobile application that allows its users to track their symptoms, find recipes, read articles and get reminder to take their meds (the "Service”). You can choose to sign up for a free account. The Privacy Policy goes hand-in-hand with our Terms of Use, which govern all use of the Service and can be found here. Please read them together.
- Butterfly Technologies Inc. is the responsible party or data controller regarding personal information collected through our Service. If you have any questions or concerns at any time about your data, privacy, or our Terms of Use, please email us at privacy@palomahealth.com.
2. What is the purpose of this Privacy Policy?
- Our Privacy Policy explains how we collect, use, maintain and disclose your Personal Information when using the App. This includes information that identify or could be used to identify you (“Personal Information”), and other information that does not constitute Personal Information (“Non-Personal Information”) that is collected from you while using our Service. We take the privacy of your Personal Information very seriously. All individuals whose responsibilities include the processing of any Personal Information are required to follow our Privacy Policy.
- We issued this Privacy Policy to ensure that we have standards in place to protect the Personal and Non-Personal Information that we may collect from you while using our Service. Collecting your Personal Information may be necessary for providing our Service, and is a consequence of the normal operations of our business. We published this Privacy Policy to make it easy for you to understand what Personal Information we collect and store, why we do so, how we receive and/or obtain that information, and the rights you have over your Personal Information or data in our possession.
3. What Personal Information do we process about you?
- We want you to understand the types of information we collect as you use our Services. When using our Services, it may be necessary for us to collect both Non-Personal Information and Personal Information about you.
- We will collect Personal Information from you if you submit such information to us while using our Service; but also, if you passively submit such information.
- For the purposes described below in section 4, we may collect the following categories of Personal Information:
- Identification and Contact information: such as your first name & name, gender and email address;
- Information uploaded by you on the App: such as your lab results, symptoms using our Service;
- Information related to connexion: such as cookies and similar technologies like pixels, web beacons, and local storage, flash LSOs, geolocation, information collected via analytics software provided by third parties collecting information engagement with the Service, the events that occur within the Service, aggregated usage and performance data, and where the App was downloaded from;
- Information stored in Log files: such as IP addresses, browser/device type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data;
- Aggregated Data: So that we can continually improve our Service, we and our analytics partners often conduct research on user demographics, interests, and behavior while using our Service. This is based on information that we have collected, and may be compiled and analyzed on an aggregate basis;
- Statistical Information: We and our analytics partners may collect information about your online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes;
- Communications and Workflow: We collect some communication information about your activity and engagement when you use our support service. We also collect your information when you wish to set an e-meeting with us, to share with us your ideas about new features you would like to see on MTU or when providing us with your feedbacks. However, we will never collect information about your private communications;
- Information to protect you, other users on the App and the public: We collect some data to protect you and other users on the App and the public. For this purpose, we collect IP addresses, hashed version of your password and encrypted version of your encryption key;
- Other Information: We may collect other Personal Information about you, which we will protect according to this Privacy Policy. We may also collect Non-Personal Information about you such as information about your network, device, or operating system.
4. Why and How do we process Personal Information about you?
Most information is collected in association with your use of the Service. In particular, information is likely to be processed as follows:
Copy of Data Processing Recap
- MTU does not aim to process special categories of data about you such as information about your health, genetic, religious, ethnicity, religion, trade union membership, genetic and biometric data, sexual orientation or sex life. If we were to process such data, please be sure that we shall only do so in accordance with applicable laws and regulations.
- Please, note that MTU may feature public forums where you and users with similar issues, interests, or conditions can share information and support one another or maybe in the future where you can post questions for experts to answer. Our forums are open to the public and should not be considered private. Any information (including Personal Information) you share in any online forum is by design open to the public and is not private. You should think carefully before posting any Personal Information in any public forum. What you post can be seen, disclosed to or collected by third parties and may be used by others in ways we cannot control or predict, including to contact you for unauthorized purposes. As with any public forum on any site, the information you post may also show up in third-party search engines. If you mistakenly post Personal Information in our Public Forums and would like it removed, you can send your right request below and send us an email to request that we remove it by using the following contact address : privacy@palomahealth.com
- Also, our Service may include social media features. These features may collect your IP address and which page you are visiting on our Service, and may set a cookie to enable the feature to function properly. Social media features are either hosted by a third party or hosted directly on our Service. Your interactions with these features are governed by the privacy policy of the company providing them.
- We understand that there are many circumstances in which we may collect information, and we work hard to ensure that you are always aware when your Personal Information is being collected.
5. Where do we process your Personal Information?
- MTU has one headquarter in the United States. Personal Information about you may be accessible to MTU headquarter in the United States, and to our affiliates, and selected vendors and partners, globally.
- ****Where we process information in countries that may not provide the same level of protection as your own country, MTU will implement reasonable and appropriate legal and security measures to protect your information from unauthorized access, use or disclosure including, but not limited to, maintaining binding contracts that require appropriate protection of information about users.
6. Do we disclose your Personal Information?
- MTU discloses your Personal Information only in accordance with local applicable laws and regulations, and appropriate safeguards will be established, where possible, to protect your information. MTU may disclose information to any member of our group of companies.
- In order to conduct MTU Services, MTU may also disclose your Personal Information to the following third parties:
- Agents, Consultants, and Related Third Parties. Like many businesses, we sometimes have companies perform certain business-related functions for us. These companies include our marketing agencies, analytics service providers such as Segment and Amplitude, database service providers, backup and disaster recovery service providers, email service providers, and others. For example, Facebook may collect or receive information from our Service and use that information to provide measurement services and targeted ads. When we engage another company, we may provide them with your Personal Information -- with your consent, so they can perform their designated functions.
- From time to time, we may partner with other businesses to improve our Service (like offering new features and/or branded content). In order to execute these partnerships, we may have to share some of your Personal Information (like your email address-but never your symptoms or lab values) with these third-party partners but we won't do it without your explicit consent. In some circumstances, we may disclose some of the Personal Information that you have provided to MTU to a third party that offers and/or provides goods or services complementary to our own for the purpose of enhancing our users’ experiences by offering you integrated or complementary features, complementary services or bundled pricing options.
- Corporate Restructurers. We may share some or all of your Personal Information in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Information may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the Personal Information collected by us and will assume the rights and obligations regarding your Personal Information as described in this Privacy Policy.
- User Testimonials and Feedback. We often receive testimonials and comments from users who have had positive experiences with our Service. We occasionally publish such content. We may post user feedback on our website and/or other media from time to time. If we choose to post your first and last name along with your feedback, we will ask for your consent prior to posting your name with your feedback. If you make any comments on a blog or forum associated with your site, you should be aware that any Personal Information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these blogs and forums.
- There are a few other circumstances where we must disclose users' Personal Information - such as the following:
- Where we have strong reasons to believe that an individual may be engaged in fraudulent, deceptive, or unlawful activity that a governmental authority should know about;
- In response to lawful requests by public authorities, including to meet national security or law enforcement requirements; or as required by any law or regulation; to third parties such as public/regulatory authorities/governmental bodies (government, including social and benefits departments);
- To protect the rights, property, or personal safety of another user or any member of the public;
- In special cases, to protect our users such as in response to a physical threat to you or others.
- We can assure you that we do not disclose or sell your Personal Information to unrelated third parties under any circumstances, ever. We do not sell, trade, or rent your Personal Information to others. In any case, MTU does not make your Personal Information available to third parties for their marketing purposes without your consent.
7. What are your Rights?
- Right to access and/or request a copy of your Personal Information. Under applicable privacy law (e.g. European data privacy law, local data privacy laws etc.), you may have a right to access and/or request a copy of information about you held by MTU.
- Right to update, correct, delete your Personal Information. You may also have the right to update, correct, or delete Personal Information, which is incomplete, out of date or inaccurate. Your information can be updated by you in the App. For any question on how to do it or if you have issues in doing so, please contact us at privacy@palomahealth.com. Please note that it is your responsibility to provide us with accurate and truthful information. We cannot be liable for any information that is provided to us that is incorrect. Also, you can request the deletion of your Personal Information if:
- your Personal Information is no longer necessary for the purpose of the data processing,
- you have withdrawn your consent on the data processing based exclusively on such consent,
- you objected to the data processing,
- the Personal Information processing is unlawful,
- the Personal Information must be erased to comply with a legal obligation applicable to MTU.
- Right to restrict processing of your Personal Information. You can request the restriction of the processing:
- in the event the accuracy of your Personal Information is contested to allow MTU to check such accuracy,
- if you wish to restrict your Personal Information rather than deleting it despite the fact that the processing is unlawful,
- if you wish MTU to keep your Personal Information because you need it for your defense in the context of legal claims,
- if you have objected to the processing but MTU conducts verification to check whether it has legitimate grounds for such processing which may override your own rights.
- Right to data portability. You can ask for the portability of your Personal Information.
- Right to withdraw consent. When your information processing is based on your consent, you may withdraw any consent you previously provided to us at any moment. Such withdrawal shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right to object to processing of your Personal Information. You may have the right to object to processing of your Personal Information, including information being used for the purposes of direct marketing. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly at privacy@palomahealth.com. Despite your indicated e-mail preferences, we may send you service-related communications, including notices of any updates to our Terms of Use or Privacy Policy.
- Right to instructions after death. Depending on your country, you may also have the right to provide us with your instructions regarding the storage, deletion or disclosure of your Personal Information after your death. Such instructions may be general or specific.
- Right to lodge a complaint. In the event that any individual located in the EEA countries or Switzerland believes that MTU has processed Personal Information in a manner that is unlawful or breaches his/her rights, or has infringed the “General Data Protection Regulation”, such individual has the right to complain directly to the applicable Data Protection Authority.
- Your rights may be subject to limited applicable legal and regulatory restrictions. To exercise your individual rights please write to privacy@palomahealth.com. Depending on the applicable laws and the nature of the request, individuals may be required to provide some additional information.
- California-Specific Rights. Under the California Consumer Privacy Act 2018 (CCPA), California residents have specific rights regarding their personal information held by private companies. California consumers can reference their detailed applicable rights below**.**
8. How do we ensure the safety & security of your Personal Information?
- We are committed to protecting the security of your Personal Information. MTU uses appropriate technical and organizational measures to protect your Personal Information. We take reasonable steps to protect your information from loss, misuse, unauthorized access, disclosure, alteration or destruction. We use a variety of state-of-the-art encryption technologies and procedures to help protect your Personal Information from unauthorized access, use, or disclosure. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we take all necessary and extraordinary efforts to protect your Personal Information, we cannot guarantee its absolute security.
- Phishing. It has become increasingly common for unauthorized individuals to send e-mail messages to consumers, purporting to represent a legitimate company such as a bank or on-line merchant, requesting that the consumer provide personal, often sensitive information. Sometimes, the domain name of the e-mail address from which the e-mail appears to have been sent, and the domain name of the web site requesting such information, appears to be the domain name of a legitimate, trusted company. In reality, such sensitive information is received by an unauthorized individual to be used for purposes of identity theft. This illegal activity is known as “phishing”. If you receive an e-mail or other correspondence requesting that you provide any sensitive information (including your password or credit card information) via e-mail or to a website that does not seem to be affiliated with us, or that otherwise seems suspicious to you, please do not provide such information, and report such request to us at support@palomahealth.com.
- Third Party Use. To the extent permitted by applicable laws, we are not responsible for the privacy or security practices of any third party; this includes third parties to whom we are permitted to disclose your Personal Information in accordance with this policy or any applicable laws. The collection and use of your information by these third parties may be subject to separate privacy and security policies.
- Unauthorized Access. If you suspect any misuse, loss of, or unauthorized access to your Personal Information, you should let us know immediately at support@palomahealth.com
- Authorized Use. We are not liable for any loss, damage, or claim arising out of another person’s use of the Personal Information where we were authorized to provide that person with the Personal Information.
- Location of our Servers. All data you provide to us through the Service is stored on servers located in the United States and managed by Amazon Web Services, Inc.
9. How long do we retain your Personal Information?
- ****Unless indicated otherwise, MTU makes sure to retain your Personal Information for no longer than is necessary for the specific purposes for which it was collected. Your Personal Information may be retained for a longer duration where applicable laws or regulations require, or allow MTU to do so.
- ****This means that you may close your account by contacting us at support@palomahealth.com, but we may retain Personal or Non-Personal Information for an additional period as is permitted or required under applicable laws. Even after we delete your Personal Information, it may persist on backup or archival media for an additional period of time where applicable laws or regulations require, or allow MTU to do so.
10. Do we process children Personal Information?
- MTU website and App are not intended or designed for children under the age of 13. We do not knowingly collect Personal Information from children under the age of 13.
- ****If you have reason to believe that a child under the age of 13 has used our Service and provided Personal Information to us, please contact us at privacy@palomahealth.com and we will work to delete those Personal Information from our servers without undue delay.
- ****If you are under the age of 18, you must have your parent's permission to access and use our Service.
11. Do we use Cookies?
- Butterfly Technologies, Inc uses technology known as “cookies” and similar tracking technologies on its websites.
- ****For more information about types of cookies and how to manage cookies, including how to block them and delete them, please visit http://www.allaboutcookies.org.
12. Change to this Privacy Policy
- ****We may revise from time to time our Privacy Policy. If we make any material changes to our Privacy Policy, we will post updates on the Service: we will post the new Privacy Policy on the Website and its App with a new effective date to notify you of these changes and/or we will notify you by sending you an email or other notification as required by applicable law (the “Modifications”). Modifications will apply to all current and past users of the Services as of its effective date and will replace any prior policies. In addition, by accessing the Services on or after the effective date, you are deemed to consent to our then-current Modifications.
- ****Please review this Privacy Policy periodically for changes, and especially before you provide any Personal Information. If Modifications to this Privacy Policy are not acceptable to you, you should cease accessing, browsing, and otherwise using the Service.
13. Contacting us
- ****If you have any questions about this Privacy Policy, your dealings with our Service, or a complaint about our handling of your Personal Information, please contact us at support@palomahealth.com
CALIFORNIA CONSUMER INFORMATION 🐻
PRIVACY STATEMENT-CALIFORNIA
This California Consumer Information supplements the information contained in the Privacy Policy of MTU (“we”, “us”, “our”, “MTU” or the “App”) and applies solely to visitors or users of MTU who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.
1. Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device i.e., you (“personal information”).
MTU does not “sell” personal information and has not “sold” personal information relating to California residents, including within the meaning of the CCPA within the past 12 months. For purposes of this Disclosure, “sell” or “sold” means the disclosure of personal information for monetary or other valuable consideration.
We have collected the following categories of personal information from consumers within the last twelve (12) months:
Copy of Data Processing Recap
Please, note that personal information does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
- Information excluded from the CCPA's scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our users. For example, from documents that you provide to us related to our Services.
- Indirectly from our users. For example, through information we collect from you in the course of providing Services to you.
- Directly and indirectly from activity on our App. For example, from your lab values, medications or symptoms you enter.
For more information, please refer to section 3 **“**What Personal Information do we process about you? ” of our general Privacy Policy.
2. Use of Personal Information
The business purposes for which MTU uses personal information depends on the relationship or interaction with a specific California resident, and we only process your information for purposes permitted by applicable laws.
We outline in detail under section 4 of our Privacy Policy, “Why and How do we process Personal Information about you?” the purposes of the processing personal information.
Examples include:
- Managing MTU's relationship with you;
- To follow-up with your feedbacks;
- To allow the use of the app in all its functionalities such as the tracking of your symptoms, filling of your lab values; Reminding you to take your medications, etc.
3. Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
- Personal Identifiers
- Protected classification characteristics under California or federal law
- Commercial information
- Biometric information
- Internet or other similar network activity
- Geolocation data
- Inferences drawn from other personal information
MTU discloses your personal information only in accordance with local applicable laws and regulations, and appropriate safeguards will be established, where possible, to protect your information. MTU may disclose personal information to any member of our group of companies. We disclose your personal information for a business purpose to the following categories of third parties:
- Agents, Consultants, and Related Third Parties
- Business partners and service providers
- Corporate Restructurers
- Payment processor
- MTU affiliates
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you
In the preceding twelve (12) months, we have not sold any personal information.
The sharing of your personal information is outlined in further detail under section 6 of our Privacy Policy, **“**Do we disclose your Personal Information? ”
4. Your Rights and Choices
The CCPA provides you (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to access certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm identity, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your identity, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
Authorized Agents
You have the right to designate an authorized agent to act on your behalf to exercise your rights under the CCPA. In order to do so, MTU must verify your identity, and your authorized agent must have written permission from you. We reserve the right to deny a request from an agent that does not submit proof that they are authorized to act on your behalf.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with MTU. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Consumers with Disabilities
MTU strives to accommodate all users regardless of disabilities. If you need to receive the information contained in this document in a different format, please contact us using the contact information listed below.
5. Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you our Services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of Services.
- Suggest that you may receive a different price or rate for services or a different level or quality of goods or services.
6. Changes to Our California Consumer Information
- We may revise from time to time our California Consumer Information and we will review it at least each year. If we make any material changes to our California Consumer Information, we will post updates on the Service: we will post the new Information on the Website and its App with a new effective date to notify you of these changes and/or we will notify you by sending you an email or other notification as required by applicable law (the “Modifications”). Modifications will apply to all current and past users of the Services as of its effective date and will replace any prior policies. In addition, by accessing the Services on or after the effective date, you are deemed to consent to our then-current Modifications.
- Please review this California Consumer Information periodically for changes, and especially before you provide any Personal Information. If Modifications to this Privacy Policy are not acceptable to you, you should cease accessing, browsing, and otherwise using the Service.
7. Contact Information
If you have any questions or comments about this notice, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at: privacy@palomahealth.com or support@palomahealth.com