Privacy Policy
Part One: Introduction
WE AT CIX HEALTH VALUE YOUR PRIVACY AND ARE COMMITTED TO KEEPING YOUR PERSONAL DATA CONFIDENTIAL. WE USE YOUR DATA SOLELY IN THE CONTEXT OF HELPING YOU IMPROVE YOUR HEALTH OR HELPING YOU IMPROVE THE HEALTH OF ANOTHER BY OFFERING A CONVENIENT AND HIGH-QUALITY MOBILE APPLICATION AND WEB SITE WITH TOOLS THAT ALLOW USERS TO EASILY AND PURPOSEFULLY MANAGE COMPLEX MEDICAL CONDITIONS.
THIS PRIVACY POLICY APPLIES TO PERSONAL DATA CIX HEALTH COLLECTS FROM USERS OF THE CIX HEALTH APPLICATION AND CIX HEALTH'S WEB SITE (THE "APPLICATIONS"). "PERSONAL DATA" INCLUDES ANY INFORMATION THAT CAN BE USED ON ITS OWN OR WITH OTHER INFORMATION IN COMBINATION TO IDENTIFY OR CONTACT AN INDIVIDUAL. WE BELIEVE THAT TRANSPARENCY ABOUT THE USE OF YOUR PERSONAL DATA IS OF UTMOST IMPORTANCE. IN THIS PRIVACY POLICY, WE PROVIDE YOU DETAILED INFORMATION ABOUT OUR COLLECTION, USE, MAINTENANCE, AND DISCLOSURE OF YOUR PERSONAL DATA.
Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it. The data controller is:
Cix Health, LLC
2400 Old Brick Road, Suite 337
Glen Allen, VA 23060
BY SUBMITTING YOUR (OR SOMEONE ELSE'S) PERSONAL DATA THROUGH THIS APPLICATION, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT LOG INTO OR ACCESS THE APPLICATIONS AND DO NOT SUBMIT ANY PERSONAL DATA TO US.
PLEASE NOTE THAT WE OCCASIONALLY UPDATE THIS PRIVACY POLICY. IF WE MODIFY THIS PRIVACY POLICY, WE WILL POST THE UPDATED VERSION ON THE WEB SITE AND UNDER "SETTINGS" IN THE APPLICATION AND WILL UPDATE THE "EFFECTIVE DATE" ABOVE. FOR MATERIAL CHANGES, WE WILL PROVIDE NOTICE BY EMAIL OR THROUGH THE APPLICATION. CHANGES TAKE EFFECT WHEN POSTED. IF YOU CONTINUE TO USE THE APPLICATION AFTER A CHANGE TAKES EFFECT, YOU ARE AGREEING TO THE UPDATED PRIVACY POLICY.
Our Dual Role
Cix Health operates in two distinct capacities, and the privacy practices that apply to your information depend on which capacity governs the data:
Direct-to-Consumer Services. When you create a personal User Account and use our Applications to manage your own health information or that of a family member or care recipient, Cix Health acts as the data controller. This Privacy Policy governs how we collect, use, and protect that information.
Service Provider to Health Plans, TPAs, and Employers. When Cix Health provides services to a health plan, third-party administrator, employer, or other organization (each, a "Covered Entity" or "Plan Sponsor"), we act as a service provider or business associate to that organization. In that capacity, your information is governed primarily by the agreement between Cix Health and the Plan Sponsor and, where applicable, by the Health Insurance Portability and Accountability Act ("HIPAA") and any associated Business Associate Agreement. If you are a member of a health plan or program that uses Cix Health, you should also review your Plan Sponsor's notice of privacy practices for information about how they collect, use, and disclose your health information.
This Privacy Policy applies in full to our direct-to-consumer Services. Where this Privacy Policy conflicts with a Business Associate Agreement or other contract governing our role as a service provider, the terms of that agreement control. For some Plan Sponsor or white-labeled deployments, a client-branded version of this Privacy Policy may be presented to you; where it is, that version governs your use of that deployment.
Part Two: Policy Summary
For your convenience, we have summarized the key takeaways from our Privacy Policy below. You may access our full Privacy Policy in Part Three.
Responsible Entity
Cix Health, LLC ("We", "Us", "the Company") is the controller of your Personal Data for our direct-to-consumer Services and may process this data in accordance with this Privacy Policy. If we are processing Personal Data on behalf of a Plan Sponsor as a service provider or business associate, the terms of this Privacy Policy do not apply. Instead, the terms of the Plan Sponsor's privacy policy and any applicable Business Associate Agreement will apply. If you leave our Applications via a link to a third party, we are no longer the controller, and you will be subject to that party's privacy policy. You can contact Us with any questions about our Privacy Policy and reach our Privacy Officer at privacy@cixhealth.com.
What information do We collect and why?
We collect "PERSONAL DATA", which includes any information that can be used on its own or with other information in combination to identify or contact an individual. For a description of the types of Personal Data we collect, review this section in the full Privacy Policy. In some cases, this Personal Data may be or may include healthcare information or "protected health information".
We may use Personal Data to (1) communicate with you about and manage your User Account; (2) store data; (3) comply with the law; (4) respond to requests from public and government authorities; (5) enforce our terms and conditions; (6) manage and improve our operations and Applications; (7) provide additional functionality; (8) protect our rights, privacy, safety or property, and/or that of you or others; and (9) allow us to pursue available remedies or limit the damages that we may sustain.
We only use or disclose your Personal Data when it is legally mandated or where it is necessary to fulfill the purposes described above. Where required by law, We will ask for your prior consent before doing so.
Failure to Provide Data. Providing your Personal Data is not statutorily or contractually mandated. However, if you choose not to provide this information, we cannot create a User Account, and you will be unable to use our Services.
SMS Marketing and Mobile Messaging
If you opt in to receive SMS or text messages from Cix Health, we will use your mobile number to send program updates, wellness reminders, engagement campaigns, account-related notifications, and other communications connected to your participation in your health plan's program. Key things to know:
• SMS opt-in is always voluntary and is never required to access your benefits, your account, or any Cix Health service.
• Message frequency varies by campaign and by the programs you participate in.
• Message and data rates may apply, depending on your mobile carrier plan.
• You can opt out at any time by replying STOP to any message. Reply HELP for assistance.
• We do not sell, rent, or share your mobile number, SMS opt-in information, or SMS message content with third parties or affiliates for their marketing purposes. Mobile information is shared only with service providers that help us deliver the messages you have requested, and those providers are contractually prohibited from using it for any other purpose.
For complete details, see the SMS Communications section in Part Three.
Your State Privacy Rights
Depending on where you live, you may have specific rights under state privacy laws, including the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Washington My Health My Data Act ("MHMDA"), the Nevada Consumer Health Data Privacy Law, the Connecticut Data Privacy Act, and similar laws in other states. These rights may include the right to know, access, correct, delete, port, and limit the sharing or sale of your personal information, the right to appeal a denied request, and additional rights specific to consumer health data. See the U.S. State Privacy Rights, California, and Consumer Health Data sections in Part Three for full details on these rights and how to exercise them.
Will We share your Personal Data with anyone else?
• Yes, with any individual with whom you choose to connect via the Application (for example, a caregiver or spouse)
• Yes, with third parties that help us power our Applications
• Yes, with your Plan Sponsor when Cix Health is providing services on their behalf
• Yes, with third parties and the government when legal or enforcement issues arise
• Yes, with third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Cix Health's corporate entity, assets, or stock (including in connection with any bankruptcy or similar proceedings)
For more details regarding the above, review this section in the full Privacy Policy.
We may use, disclose, license, or otherwise commercialize aggregated and de-identified data that does not identify and is not reasonably linkable to you. The purpose of this type of use is to provide better services to our users by (1) identifying trends and patterns to help deliver more accurate insights for our users; and (2) improving the accuracy and performance of our analytics engine, among other purposes. See the Anonymized Data section in Part Three for the safeguards that apply.
Where is your Personal Data stored, transmitted, and/or maintained?
Personal Data Cix Health collects through the Application will be stored on secure servers in the United States. Personal Data may be transmitted to third parties, which parties may store or maintain it on their secure servers. These third parties are not permitted to transfer your Personal Data outside of the United States.
How long will We maintain your Personal Data?
We retain your Personal Data for as long as you maintain an active User Account. After you close your account or submit a verified deletion request, we delete or de-identify your Personal Data within ninety (90) days, except for limited information we are required or permitted to retain by law. For more information on Personal Data retention, review this section of the full Privacy Policy.
How do We protect your Personal Data?
Cix Health uses a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of your Personal Data. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, we cannot ensure the security of information you transmit to us. For more information on the safeguards We have in place to protect your Personal Data, review this section of the full Privacy Policy.
Data Breach Notification
If we experience a security incident that affects your Personal Data, we will notify you and applicable regulatory authorities in accordance with applicable law. Notification timing and method will depend on the nature of the incident and the jurisdiction in which you reside. For more details, see the Data Breach Notification section in Part Three.
Your Rights
You have certain rights relating to your Personal Data, subject to applicable data protection laws. These rights may include:
• to access your Personal Data held by us
• to erase or delete your Personal Data, to the extent permitted by applicable data protection laws
• to receive communications related to the processing of your Personal Data that are concise, transparent, intelligible, and easily accessible
• to restrict the processing of your Personal Data to the extent permitted by law
• to object to the further processing of your Personal Data, including the right to object to marketing
• to request that your Personal Data be transferred to a third party, if possible
• to receive your Personal Data in a structured, commonly used, and machine-readable format
• to lodge a complaint with the applicable data protection or regulatory authority
• to rectify inaccurate Personal Data and ensure it is complete
• to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making")
• to withdraw consent at any time where the collection, processing, and sharing of your Personal Data is based on your consent
• to opt out of allowing Cix Health to store, process, or share your Personal Data with a third party
To exercise any of these rights, please send an email to privacy@cixhealth.com with your request. State-specific rights for California, Virginia, Washington, Nevada, Connecticut, and other state residents are described in Part Three. For more details on your rights and choices and how to exercise them, please review the full Privacy Policy.
How do you contact Us with questions or concerns?
If you have any questions about this Privacy Policy, please contact us by email at privacy@cixhealth.com or write to: Cix Health, LLC, 2400 Old Brick Road, Suite 337, Glen Allen, VA 23060. Please note that email communications are not always secure, so please do not include sensitive information in your emails to us.
Part Three: Full Privacy Policy
WE AT CIX HEALTH VALUE YOUR PRIVACY AND ARE COMMITTED TO KEEPING YOUR PERSONAL DATA CONFIDENTIAL. WE USE YOUR DATA SOLELY IN THE CONTEXT OF HELPING YOU IMPROVE YOUR HEALTH OR HELPING YOU IMPROVE THE HEALTH OF ANOTHER.
THIS PRIVACY POLICY APPLIES TO PERSONAL DATA CIX HEALTH COLLECTS FROM USERS OF THE CIX HEALTH APPLICATION AND CIX HEALTH'S WEB SITE (THE "APPLICATIONS"). "PERSONAL DATA" INCLUDES ANY INFORMATION THAT CAN BE USED ON ITS OWN OR WITH OTHER INFORMATION IN COMBINATION TO IDENTIFY OR CONTACT ONE OF OUR USERS.
THE PERSONAL DATA WE COLLECT AND TRANSMIT MAY, IN SOME CIRCUMSTANCES, BE CONSIDERED "HEALTH DATA" OR "CONSUMER HEALTH DATA" (DATA RELATED TO A USER'S PHYSICAL OR MENTAL HEALTH). THEREFORE, OUR PRIVACY PRACTICES ARE INTENDED TO COMPLY WITH APPLICABLE STATE CONSUMER HEALTH DATA LAWS AND, WHERE WE ACT AS A BUSINESS ASSOCIATE, WITH HIPAA. FOR ADDITIONAL INFORMATION RELATED TO YOUR HEALTHCARE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER AT PRIVACY@CIXHEALTH.COM.
The data controller is:
Cix Health, LLC
2400 Old Brick Road, Suite 337
Glen Allen, VA 23060
BY SUBMITTING YOUR PERSONAL DATA THROUGH THIS APPLICATION, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT LOG INTO OR ACCESS THE APPLICATIONS AND DO NOT SUBMIT ANY PERSONAL DATA TO US.
CAPITALIZED TERMS, IF NOT DEFINED IN THIS PRIVACY POLICY, ARE DEFINED IN THE TERMS OF USE.
Responsible Entity
Cix Health, LLC ("We", "Us", "the Company") is the controller of your Personal Data for our direct-to-consumer Services. If we are processing Personal Data on behalf of a Plan Sponsor (such as a health plan, third-party administrator, or employer) as a service provider or business associate, the terms of this Privacy Policy do not apply. Instead, the terms of the Plan Sponsor's privacy policy and any applicable Business Associate Agreement will apply. You can contact Us with any questions about our Privacy Policy at privacy@cixhealth.com. You can reach our Privacy Officer at privacy@cixhealth.com.
Links to Other Sites
Our Applications may contain links to websites and services that are owned or operated by third parties (each, a "Third-party Service"). Any information that you provide on or to a Third-party Service or that is collected by a Third-party Service is provided directly to the owner or operator of the Third-party Service and is subject to the owner's or operator's privacy policy. We are not responsible for the content, privacy, or security practices and policies of any Third-party Service. To protect your information, we recommend that you carefully review the privacy policies of all Third-party Services that you access.
What Personal Data do we collect?
We collect "PERSONAL DATA", which includes any information that can be used on its own or with other information in combination to identify or contact an individual. In some cases, this Personal Data may be or may include healthcare information or "protected health information". The types of Personal Data we collect are described below. If you are entering Personal Data of someone other than yourself, you MUST be legally authorized to share that information with Cix Health.
Demographic Data
We collect demographic information, such as your name, date of birth, gender, phone number, postal and email address. Primarily, the collection of your Personal Data assists us in creating your User Account, which you can use to securely manage your healthcare information. We also use your demographic data for the purposes of providing health and wellness related reminders.
Payment Data
If you make purchases via our Applications, We may require that you provide to Us your financial and billing information, such as billing name and address, credit card number, or bank account information.
Support Data
If you contact Cix Health for support or to lodge a complaint, We may collect technical or other information from you through log files and other technologies, some of which may qualify as Personal Data (for example, IP address). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Application and related services. Calls with Cix Health may be recorded or monitored for training, quality assurance, customer service, and reference purposes.
Device, Telephone, and ISP Data
We use common information-gathering tools, such as log files, cookies, web beacons, and similar technologies to automatically collect information from your computer or mobile device as you navigate our Applications or interact with emails We have sent you. The information We collect may include your Internet Protocol (IP) address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage.
Health Data
In addition to demographic information, We may collect information regarding your health conditions, medications, labs and vitals information, medical appointments, insurance provider, healthcare provider and care team information, and treatment plans. In some cases, this information is collected directly from you. In other cases, we receive claims data and medical or other related information from your Plan Sponsor (such as a health plan, third-party administrator, or employer-sponsored program) or from other third parties you have authorized to share information with Us. We use this information to help you store, manage, and coordinate your health information, and to connect you to data, solutions, and people you choose to engage with. Cix Health does not provide clinical or medical services and is not a system of record for medical treatment.
Third Party Data Sources
We collect information about you from other sources, including third parties with whom your User Account is associated ("Third Party User") and your Plan Sponsor. For instance, within a family, the parents and children may have associated accounts. We may also receive Personal Data from other third party sources and combine it with Personal Data provided by you. In particular, we may receive claims data and medical or other related information from your Plan Sponsor or other authorized third parties to help coordinate your care and present a more complete picture of your health history.
NOTE: If you believe your Personal Data has been shared with Cix Health without your permission, please contact us immediately at privacy@cixhealth.com.
How will We use Your Personal Data?
We process your Personal Data for purposes based on legitimate business interests, meeting our contractual obligations to you, complying with our legal obligations, and/or your consent. We only use or disclose your Personal Data when it is legally mandated or where it is necessary to fulfill the purposes described herein. Where required by law, We will ask for your prior consent before doing so. Specifically, we process your Personal Data for the following legitimate business purposes:
• To fulfill our obligations to you under the Terms of Use or another applicable services agreement
• To communicate with you about and manage your User Account
• To properly store and track your data within our system
• To respond to lawful requests from public and government authorities
• To protect our rights, privacy, safety, or property, and that of you or others
• To handle technical support and other requests from you
• To enforce and ensure your compliance with our Terms of Use
• To manage and improve our operations and the Applications
• To manage payment processing
• To evaluate the quality of service you receive, identify usage trends, and improve your user experience
• To keep our Applications safe and secure
• To send you product, service, and new feature information
• To provide access to a Third Party User with your consent
• To send you marketing communications, including newsletters, new product offerings, SMS and text messages (see the SMS Communications section below for full details), and push notifications about Cix Health and its affiliates and partners (with your consent, if required by law)
• To aggregate and de-identify your data for the purposes stated above
You can opt out of receiving promotional emails by changing the notification preferences in your account Settings or by unsubscribing via the "Unsubscribe" link in any Cix Health email. Opting out of these emails will not end transmission of important service-related emails that are necessary to your use of the Applications.
SMS Communications
Cix Health offers SMS and text messaging programs to support members enrolled in health plans and programs that use our Applications. This section explains how SMS messaging works, how we obtain your consent, what data we collect, how we use and protect that data, and how you can stop receiving messages at any time.
Program description. When you opt in, Cix Health may send you SMS messages related to your participation in your health plan's program. These messages may include:
• Wellness reminders and engagement nudges tied to monthly health awareness themes
• Notifications about new features, tools, or resources available in the Cix Health app
• Reminders to complete activities in programs such as the Recovery Tracker or other condition-management tools
• Announcements about events, surveys, or opportunities relevant to your benefit
• Account-related notifications, including security alerts and service updates
Consent. You will only receive SMS messages from Cix Health if you have given us your prior express written consent to do so. The messages we send are primarily transactional and informational and may, where applicable, include promotional content. Consent is collected through one of the following methods:
• Checking an opt-in box on a Cix Health digital form, web page, or in-app screen
• Texting a keyword to a Cix Health short code or long code
• Providing your mobile number and opting in during account setup
• Submitting a paper or digital enrollment form that includes a clearly labeled SMS opt-in field
Your consent to receive SMS messages from Cix Health is never required as a condition of using our Applications, accessing your benefits, or purchasing any product or service. You may use any other Cix Health service without opting in to text messages.
Message frequency. Message frequency varies. The number of messages you receive depends on the programs you participate in, the campaigns active during a given month, and your engagement with our Applications. Frequency is disclosed at the point of opt-in for each specific program.
Message and data rates. Standard message and data rates may apply to each message you send or receive, depending on the terms of your mobile carrier plan. Cix Health does not charge a fee for sending or receiving SMS messages, but your carrier may.
How to opt out. You can stop receiving SMS messages at any time by replying STOP to any message you receive from us. After you reply STOP, you will receive one final confirmation message and no further SMS messages will be sent to your number. To opt out of a specific program while continuing to receive others, follow the program-specific opt-out instructions provided at enrollment, or contact us at privacy@cixhealth.com.
How to get help. Reply HELP to any Cix Health SMS message for assistance, or contact us at info@cixhealth.com. Help messages will include the program name and a way to reach customer support.
Supported carriers. Cix Health SMS programs are compatible with most major U.S. carriers. Carriers are not liable for delayed or undelivered messages.
What information we collect through SMS. When you opt in to an SMS program, we collect:
• Your mobile phone number
• The date, time, and source of your opt-in (for compliance recordkeeping)
• The content of messages you send to us and that we send to you
• Delivery and engagement data (for example, whether a message was delivered, whether you replied, whether you clicked a link in the message)
• The keyword or campaign associated with your opt-in
How we use SMS information. We use the information collected through SMS to deliver the messages you have requested, to operate and improve our messaging programs, to maintain records required by applicable telecommunications and consumer protection laws, to respond to your replies and support requests, and to measure program effectiveness in aggregate.
How we share SMS information. Cix Health does not sell, rent, lease, or share your mobile phone number, SMS opt-in information, or SMS message content with third parties or affiliates for their marketing or promotional purposes. Mobile information collected through SMS is shared only in the following limited circumstances:
• With service providers (such as our SMS messaging platform and aggregators) that help us deliver messages on our behalf. These providers are contractually bound to protect your information, to use it only to provide services to Cix Health, and not to use, sell, rent, or share it for any other purpose.
• With your health plan, employer-sponsored plan, or third-party administrator, but only to the extent necessary to administer the program in which you are enrolled and only consistent with the agreements governing that program.
• When required by law, court order, or to respond to a lawful government request.
• In connection with a corporate transaction, as described elsewhere in this Privacy Policy.
No third-party marketing. Under no circumstance will Cix Health share your mobile information, SMS opt-in data, or message content with third parties or affiliates so that those parties can market their own products or services to you.
Data retention. We retain SMS opt-in records, message logs, and related compliance data for as long as you remain opted in, plus a period required by applicable telecommunications, consumer protection, and recordkeeping laws (typically four years after opt-out). After that period, the data is deleted or de-identified in accordance with our standard retention practices.
Security. SMS messages are transmitted over public mobile networks and, while we apply reasonable safeguards on our side, the security of messages in transit is governed by your carrier and your device. To protect your privacy, Cix Health SMS messages will not include sensitive health information, full account numbers, passwords, or other confidential identifiers. Do not reply to any Cix Health message with sensitive personal or health information.
Eligibility. Cix Health SMS programs are available to U.S. residents who are 18 years of age or older. Do not opt in to Cix Health SMS messages if you are under 18.
Changes. We may update the terms of our SMS programs from time to time. Material changes will be communicated through an SMS notification, an in-app notice, or an email to the address on file.
Contact. For questions about our SMS programs, contact us at info@cixhealth.com or write to: Cix Health, LLC, 2400 Old Brick Road, Suite 337, Glen Allen, VA 23060.
Where is your Personal Data processed?
Personal Data Cix Health collects through the Application will be stored on secure servers in the United States, even if you are accessing the Applications from outside the United States. Personal Data may be transmitted to third parties, which parties may store or maintain the data on their secure servers. These third parties are not permitted to transfer your Personal Data outside of the United States. If you access the Applications from outside the United States, including as an employee of a U.S. company working abroad, you do so on the basis that your Personal Data is collected, stored, and processed in the United States under United States law.
Will We share your Personal Data with anyone else?
Yes, with any third party with whom your User Account is connected via the Application ("Third Party User").
We will share information you enter into the Applications, as well as any reports generated by the Applications based on the information you enter, with the Third Party User with whom your User Account is connected via the Applications. If your User Account is linked with a Third Party User's account, that user will also have access to the information you choose to share with them. If, at any point, you want to deny access to one or more Third Party Users, you can do so by removing or modifying sharing permissions and access controls via Settings within the Application. If a Third Party User has created a User Account for you which includes your Personal Data, and that Third Party User does NOT have permission to share this data, please email privacy@cixhealth.com immediately.
Yes, with third parties that help us power our Application.
Cix Health has a limited number of service providers and other third parties ("Business Partners") that help us run various aspects of our business. These Business Partners are contractually bound to protect your Personal Data and to use it only for the limited purpose(s) for which it is shared. Business Partners' use of Personal Data may include, but is not limited to, the provision of services such as data hosting, IT services, customer service, billing management, and SMS messaging delivery.
Yes, with your Plan Sponsor.
If you are enrolled in a health plan, employer-sponsored program, or third-party administrator program that uses Cix Health, we will share your information with that Plan Sponsor as necessary to administer the program. The terms of our agreement with the Plan Sponsor, including any Business Associate Agreement, govern how the Plan Sponsor may use your information.
Yes, with third parties and the government when legal or enforcement issues arise.
We may share your Personal Data, if reasonable and necessary, to (i) comply with legal processes or enforceable governmental requests, or as otherwise required by law; (ii) cooperate with third parties in investigating acts in violation of this Agreement; or (iii) bring legal action against someone who may be violating the Terms of Use.
Yes, with third parties that provide advisory services.
We may share your Personal Data with our lawyers, auditors, accountants, or banks, when We have a legitimate business interest in doing so.
Yes, with third parties in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Cix Health's corporate entity, assets, or stock.
If We share your Personal Data with a third party other than as provided above, you will be notified at the time of data collection or transfer, and you will have the option of not permitting the transfer.
Note on mobile and SMS information: As described in the SMS Communications section above, mobile phone numbers, SMS opt-in data, and SMS message content are subject to additional restrictions. We do not share that information with third parties or affiliates for their marketing purposes under any circumstance.
Anonymized Data
We may use, disclose, license, or otherwise commercialize aggregated data and de-identified data, meaning information that does not identify and is not reasonably linkable to you (for example, information from which identifiers such as name, address, and phone number have been removed). We use and disclose such data to identify trends and patterns that help deliver more accurate insights for our users, to improve the accuracy and performance of our analytics engine, and for other purposes. When we create de-identified data, we take reasonable measures to ensure the data cannot be re-identified, we publicly commit to maintain and use it only in de-identified form and not to attempt to re-identify it, and we contractually require any recipient to do the same. Once data is aggregated or de-identified in this manner, it is no longer Personal Data or consumer health data, and We are not restricted in our use of that data except as required by applicable law.
How long do We retain Personal Data?
We retain your Personal Data for as long as you maintain an active User Account. After you close your account or submit a verified deletion request, we will delete or de-identify your Personal Data in our active systems within ninety (90) days, except for limited information we are required or permitted to retain. Examples of information we may retain for longer include: SMS and other consent records, retained for the period required by applicable telecommunications and consumer protection laws (typically four (4) years after opt-out); records we must keep for tax, accounting, or other legal obligations; and information needed to resolve disputes, prevent fraud, enforce our agreements, or maintain security, retained only for as long as necessary for those purposes and then deleted or de-identified. Residual copies may persist in routine backups for a limited period and are deleted on our standard backup cycle. Where Cix Health processes Personal Data as a business associate or service provider to a Plan Sponsor, we retain, return, or destroy that data in accordance with the applicable Business Associate Agreement and the Plan Sponsor's instructions. We retain aggregated and de-identified data indefinitely. Contact Us at privacy@cixhealth.com with questions about the retention period applicable to your Personal Data.
What is your cookie policy?
Cookies are small files that a web server sends to your computer or device when you visit a web site that uses cookies to keep track of your activity on that site. They hold a small amount of data specific to that web site, which can later be used to help remember information you enter into the site, preferences selected, and movement within the site.
We use cookies and other technologies to better serve you with more tailored information and to facilitate efficient and secure access to the Applications. We use two types of cookies: essential and non-essential cookies. Essential cookies are those necessary to provide services to you. Non-essential cookies include (1) cookies used to analyze your behavior on a website ("Analytics Cookies"); and (2) cookies used to provide you enhanced functionality ("Functional Cookies").
We may also collect information using pixel tags, web beacons, clear GIFs, or other similar technologies. These may be used in connection with some Site pages and HTML formatted email messages to track the actions of Site users and email recipients and to compile statistics about Site usage and response rates.
Essential Cookies
Cookie / Controller / Duration
Purpose
Information Collected
How to Withdraw Consent
auth-tokens-token / Cix Health / 8 weeks
To authenticate you when you sign into the service.
A generated token that allows the server to identify you.
Do not use our Service if you do not want to receive this cookie.
auth-tokens-refresh / Cix Health / 16 weeks
To refresh your authentication token when it expires.
A generated token that lets you stay logged in.
Do not use our Service if you do not want to receive this cookie.
Unsubscribe-token / Cix Health / 8 weeks
Used to temporarily store information needed to unsubscribe a user from Cix Health emails.
A generated token that lets you unsubscribe from emails.
Do not use our Service and do not unsubscribe from automated emails if you do not want this cookie.
Analytics Cookies
Cookie / Controller / Duration
Purpose
Information Collected
How to Withdraw Consent
analytics / Cix Health / Persistent
For correlating website visitors before and after they log in or register for Cix Health.
A randomly generated identifier used to associate your visits.
Manage cookies through your browser settings, or do not use Cix Health if you do not wish to receive this cookie.
UTM_ / Cix Health / Session
For tracking which marketing campaign a visitor to the site came from.
Campaign parameters from the referring URL.
Manage cookies through your browser settings, or do not use Cix Health if you do not wish to receive this cookie.
Analytics and Marketing Technologies
We and our service providers may also use analytics and advertising technologies, which may include web analytics services (such as Google Analytics) and social media advertising pixels (such as those offered by Meta and LinkedIn), to understand how our Web Site is used and to measure the effectiveness of our communications. The specific technologies in use are maintained in our current cookie inventory and may change over time. You can limit many of these technologies through your browser settings and through the opt-out tools offered by the relevant providers.
How can You Opt Out of Cookies
If you prefer, you can usually choose to set your browser to remove cookies and reject cookies. If you enable a do not track ("DNT") signal or otherwise configure your browser to prevent Cix Health from collecting cookies, you will need to re-enter your user name each time you visit the login page. Such action could also affect certain features or services of our Applications.
You may opt out from the collection of non-essential device and usage data on the web by managing your cookies at the individual browser level. Please note, however, that by blocking or deleting cookies and similar technologies used on our websites, you may not be able to take full advantage of the websites.
How do We protect Your Personal Data?
Cix Health is committed to protecting the security and confidentiality of your Personal Data. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of your Personal Data, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to you. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, we cannot ensure the security of information you transmit to us. By using the Applications, you are assuming this risk.
Safeguards
The information collected by Cix Health and stored on secure servers is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls.
You are solely responsible for protecting information entered or generated via the Applications that is stored on your device and/or removable device storage. Cix Health has no access to or control over your device's security settings, and it is up to you to implement any device-level security features and protections you feel are appropriate (for example, password protection, encryption, remote wipe capability). We recommend that you take any and all appropriate steps to secure any device that you use to access our Application.
NOTWITHSTANDING ANY OF THE STEPS TAKEN BY US, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS.
Data Breach Notification
If we discover a security incident that has resulted in the unauthorized access, acquisition, use, or disclosure of your Personal Data, we will:
• Notify you without unreasonable delay following discovery of the incident, consistent with the timing requirements of applicable state and federal law
• Provide the information required by applicable law, including a description of the incident, the types of information involved, steps we are taking to investigate and remediate, and steps you can take to protect yourself
• Notify applicable regulatory authorities, attorneys general, and credit reporting agencies as required by applicable law
• Where Cix Health is acting as a business associate, notify the relevant Covered Entity in accordance with HIPAA and the applicable Business Associate Agreement
How can You Protect Your Personal Data?
In addition to securing your device, We will NEVER send you an email or SMS message requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any email or text message requesting such information. If you receive such a message purportedly from Cix Health, DO NOT RESPOND, DO NOT click on any links or open any attachments, and notify Cix Health at privacy@cixhealth.com or 2400 Old Brick Road, Suite 337, Glen Allen, VA 23060.
You are responsible for taking reasonable precautions to protect your user ID, password, and other User Account information from disclosure to third parties. You should immediately notify Cix Health at privacy@cixhealth.com if you know of or suspect any unauthorized use or disclosure of your user ID, password, and/or other User Account information, or any other security concern.
Your Rights
You have certain rights relating to your Personal Data, subject to applicable data protection laws. These rights may include:
• to access your Personal Data held by us
• to erase or delete your Personal Data, to the extent permitted by applicable data protection laws
• to receive communications related to the processing of your Personal Data that are concise, transparent, intelligible, and easily accessible
• to restrict the processing of your Personal Data to the extent permitted by law
• to object to the further processing of your Personal Data, including the right to object to marketing
• to request that your Personal Data be transferred to a third party, if possible
• to receive your Personal Data in a structured, commonly used, and machine-readable format
• to lodge a complaint with the applicable data protection or regulatory authority
• to rectify inaccurate Personal Data and ensure it is complete
• to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making")
• to opt out of allowing Cix Health to store, process, or disclose your Personal Data with third parties
To exercise any of these rights, please send an email to privacy@cixhealth.com with your request.
Where the processing of your Personal Data by Cix Health is based on consent, you have the right to withdraw that consent at any time by emailing Us at privacy@cixhealth.com. To withdraw consent specifically for SMS messaging, reply STOP to any Cix Health text message or contact privacy@cixhealth.com.
U.S. State Privacy Rights
Depending on the state in which you reside, you may have rights under a comprehensive state privacy law (such as those in California, Virginia, Colorado, Connecticut, Utah, and a growing number of other states) or under a consumer health data law (such as those in Washington, Nevada, and Connecticut). The specific rights available to you depend on your state of residence and whether the applicable law applies to Cix Health. Subject to your state's law and certain exceptions, these rights may include the right to:
• confirm whether we process your personal information and access that information
• correct inaccurate personal information
• delete personal information you provided or that we collected
• obtain a portable copy of your personal information
• opt out of the sale of your personal information, targeted advertising, and certain profiling
• appeal a denial of any of the above requests
Cix Health does not sell your personal information for money, and we do not use or disclose your personal information for cross-context behavioral advertising or targeted advertising. We do not use or disclose your sensitive personal information (including health information) except for the purposes permitted under applicable law and described in this Privacy Policy.
How to exercise your rights. To submit a request, email privacy@cixhealth.com with the nature of your request and your state of residence, or write to us at the address in the Contact Us section. We will verify your request before fulfilling it and may ask for information to confirm your identity. You may use an authorized agent to submit a request on your behalf, subject to verification.
How to appeal. If we deny your request, you may appeal by replying to our decision or by emailing privacy@cixhealth.com with "Privacy Appeal" in the subject line. We will respond to your appeal within the time required by applicable law. If your appeal is denied, you may contact your state attorney general.
California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. This section describes those rights and how to exercise them.
Categories of personal information we collect
In the preceding 12 months, we have collected the following categories of personal information about California consumers, as defined by the CCPA:
• Identifiers (name, postal address, email address, account name, phone number, IP address)
• Personal information categories listed in Cal. Civ. Code section 1798.80(e) (name, contact information, financial information)
• Protected classification characteristics (age, gender, where voluntarily provided)
• Commercial information (transaction and account history)
• Internet or other electronic network activity information (browsing history, search history, interaction with our Applications)
• Geolocation data (general location)
• Sensory data (audio recordings of support calls, where applicable)
• Professional or employment-related information (where voluntarily provided)
• Inferences drawn from the above to create a consumer profile
• Sensitive personal information, including health and medical information, account log-in credentials, and precise geolocation (where collected)
Your California rights
As a California resident, you have the right to:
• Know what personal information we collect, use, disclose, and sell or share about you
• Access the specific pieces of personal information we have collected about you
• Delete personal information we have collected from you, subject to certain exceptions
• Correct inaccurate personal information we maintain about you
• Opt out of the sale or sharing of your personal information
• Limit the use and disclosure of your sensitive personal information
• Not be discriminated against for exercising any of these rights
Sale and sharing of personal information
Cix Health does not sell your personal information for monetary or other valuable consideration, and we do not share your personal information for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA. De-identified and aggregated data is not "personal information" under the CCPA, and we may use and disclose such data as described in the Anonymized Data section above.
How to exercise your California rights
To exercise any of these rights, submit a verifiable consumer request by emailing privacy@cixhealth.com with "California Privacy Rights" in the subject line, or by writing to us at Cix Health, LLC, 2400 Old Brick Road, Suite 337, Glen Allen, VA 23060. You may also designate an authorized agent to make a request on your behalf, subject to verification. We will respond to verifiable consumer requests within the timeframes required by the CCPA.
California residents may also request, once a year, free of charge, a list of third parties to which we disclosed personal information for direct marketing purposes during the preceding calendar year and the categories of personal information shared with those third parties.
Consumer Health Data Rights (Washington, Nevada, Connecticut, and Other States)
Certain states, including Washington (My Health My Data Act), Nevada (Consumer Health Data Privacy Law), and Connecticut (Data Privacy Act), provide specific rights with respect to "consumer health data," which generally includes any personal information linked or reasonably linkable to a consumer that identifies the consumer's past, present, or future physical or mental health status. If you are a resident of one of these states, you may have the right to:
• Confirm whether we are collecting, sharing, or selling your consumer health data
• Access the consumer health data we have collected about you
• Withdraw consent for the collection, sharing, or use of your consumer health data
• Have your consumer health data deleted
• Be free from the sale of your consumer health data without your separate, valid authorization
• Appeal a denial of any of these requests
Cix Health does not sell consumer health data as that term is defined under applicable law. Where applicable law requires separate consent or authorization for the collection, sharing, or sale of consumer health data, we will obtain that consent or authorization before the collection or sharing occurs. We may use and disclose de-identified and aggregated data that does not identify and is not reasonably linkable to you, as described in the Anonymized Data section above.
For Washington residents: this section, together with the rest of this Privacy Policy, describes how we collect, use, and share consumer health data. Where required by the Washington My Health My Data Act, we will make available a separate, clearly labeled Consumer Health Data Privacy Policy.
To exercise these rights, submit a request by emailing privacy@cixhealth.com with the relevant state name in the subject line (for example, "Washington Health Data Request"), or by writing to us at the address above. We will respond to verifiable requests within the timeframes required by applicable state law.
How do you update, correct, or delete Personal Data?
You can change your email address and other contact information in Settings (within the Application). If you need to make changes or corrections to other information, you can do so by (1) navigating to the page containing the information you would like to modify or delete, (2) selecting "Edit", and (3) deleting, adding to, or modifying the text in the appropriate editing box.
Account deletion
You can request deletion of your account and associated Personal Data at any time by:
• Using the account deletion option within the Application Settings, or
• Emailing privacy@cixhealth.com with "Account Deletion Request" in the subject line, or
• Writing to us at Cix Health, LLC, 2400 Old Brick Road, Suite 337, Glen Allen, VA 23060.
Upon receipt of a verifiable deletion request, we will delete your Personal Data from our active systems within the timeframes described in the retention section above, except where retention is required for legal, accounting, security, or fraud prevention purposes. Please note that to comply with certain requests to limit use of your Personal Data, we may need to terminate your account and your ability to access and use the Services, and you agree that We will not be liable to you for such termination or for any refunds of prepaid fees paid by you.
Although We will use reasonable efforts to do so, you understand that it may not be technologically possible to remove from our systems every record of your Personal Data. The need to back up our systems to protect information from inadvertent loss means a copy of your Personal Data may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.
Can You opt out of receiving communications from Us?
We pledge not to market third-party services to you without your consent. You can opt out of receiving promotional emails by:
• Clicking the "Unsubscribe" link in any Cix Health promotional email, or
• Changing the notification preferences in your account Settings, or
• Emailing privacy@cixhealth.com with "Unsubscribe" in the subject line.
Please note that opting out of promotional emails will not end transmission of service-related and transactional emails that are necessary to your use of the Applications (such as account verification, password reset, and security notices).
To stop receiving SMS or text messages from Cix Health, reply STOP to any message at any time, or contact privacy@cixhealth.com. See the SMS Communications section above for full details.
Information submission by minors
You must be at least 18 years old to create a User Account, and the Applications are not directed to or intended for use by anyone under the age of 18. To the extent permitted by law, an adult account holder may enter and manage health and other information about a minor dependent or other care recipient for whom the account holder is legally authorized to act (for example, a parent managing information about a child). In that case, the data may relate to a minor, but the account holder must be an adult.
We do not knowingly allow anyone under the age of 18 to create a User Account, and we do not knowingly collect Personal Data directly from anyone under the age of 13. If we learn that an individual under the age of 18 has created a User Account, we will deactivate the account and take reasonable measures to promptly delete the associated Personal Data. If you believe a person under the age of 18 has created an account, or that we have collected information from a person under the age of 13, please contact us at privacy@cixhealth.com.
If you are a California resident under the age of 18 and have registered for an account with us, you may ask us to remove content or information that you have posted to our Web Site.
Contact Us
If you have any questions about this Privacy Policy, please contact us by email at privacy@cixhealth.com or write to: Cix Health, LLC, 2400 Old Brick Road, Suite 337, Glen Allen, VA 23060. Please note that email communications are not always secure, so please do not include sensitive information in y

