October 24, 2023

Updated: July 1, 2024

California Notice at Collection/State Law Privacy Rights: Please see the “US state privacy rights notice” section below for important information about your rights under applicable state privacy laws.

European Notice: Please see the “Notice to European Users” section below for additional information relevant to individuals located in the European Economic Area or United Kingdom (which we refer to as “Europe”, and “European” should be understood accordingly).

This Privacy Policy describes how Posit Science Corporation and, as applicable, our subsidiaries and affiliates, (collectively, "Posit Science," "we", “us” or "our") processes personal information that we collect through our digital or online properties or services that link to this Privacy Policy (including as applicable, our websites, mobile applications, social media pages, newsletter, marketing activities and other activities described in this Privacy Policy (collectively, our “Apps”)). Posit Science may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information.

Posit Science offers several different manners in which individuals can use its Apps. See the section titled “Does this Privacy Policy apply to my use of the Apps” to learn more about whether this Privacy Policy or another entity’s privacy policy (or perhaps multiple) apply to your use of the Apps. 

You can download a printable copy of this Privacy Policy here.

  1. Personal information we collect

    1. Information you provide to us or that we generate about you. Personal information you may provide to us through the Apps or otherwise or that we may generate about you includes:
    2. Contact data, such as your first and last name, salutation, email address, billing and mailing addresses, and phone number.
    3. Demographic data, such as your city, state or region, country of residence, postal code, and age.
    4. Profile data, such as the username and password that you may set to establish an online account on the App, date of birth, redemption code, biographical details, photograph or picture, links to your profiles on social networks, interests, preferences, information about your participation in our promotions or surveys, and any other information that you add to your account profile. 
    5. Communications data based on our exchanges with you, including when you contact us through the Apps, for customer support, when you fill out a survey, communicate with us via chat features, or when you leave a comment for us through social media. 
    6. Transactional data, such as information relating to or needed to complete your orders on or through the Apps, including order numbers and transaction history. 
    7. Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
    8. User-generated content data, such as photos, images, comments, questions, messages, and other content or information that you generate, transmit, or otherwise make available on the Apps, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data. 
    9. Financial data, such as your financial account numbers or payment card information which may be collected directly by our service providers.
    10. Payment data needed to complete transactions, including payment card information or bank account number which may be collected directly by our service providers.
    11. Exercise and assessment performance data such as your usage, progress, and performance on the App’s training exercises and assessments.
    12. Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
    13. Third-party sources. We may receive personal information about you from other sources, such as:
      1. Private sources, such as organizations (such as insurance companies, hospitals, sports teams, retirement communities, scientific organizations, libraries, cell phone companies and others) that provide access to our Apps to their constituents. If your access to our Apps is provided by such an organization, we may receive personal information about you from that organization, including your name, email address, member record number, or other customer identifier.
      2. Third-party services, such as other platform or software service providers (such as single sign on providers), that you use to log into, or otherwise link to, your Apps account. This data may include your email address, name, username, and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.
      3. Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and your interaction over time with the Apps, our communications and other online services, such as:
      4. Device data, such as your computer or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
      5. Online activity data, such as actions that you have taken (for example, what buttons you click); events that occur; pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Apps, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
      6. Communication interaction data such as your interactions with our email, text or other communications (e.g., whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as clear GIFs), which may be embedded invisibly in our emails.
    14. Cookies and similar technologies. Some of our automatic data collection is facilitated by cookies and similar technologies. For more information, see our Cookie Policy. We may store a record of your preferences in respect of the use of these technologies in connection with the Apps.
  2. How we use your personal information

    We may use your personal information for the following purposes or as otherwise described at the time of collection:

    1. Apps delivery and operations. We may use your personal information to:
      1. provide, operate and improve the Apps and our business;
      2. personalize the Apps and our communications, including remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Apps as well as understand your needs and interests;
      3. establish and maintain your user profile on the Apps such as by conducting eligibility checks;
      4. facilitate your invitations to contacts who you want to invite to join the Apps;
      5. enable security features of the Apps, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
      6. communicate with you about the Apps, including by sending Apps-related announcements, updates, security alerts, and support and administrative messages; and
      7. provide support for the Apps, and respond to your requests, questions, and feedback.
    2. Apps improvement, analytics and development. We may use your personal information for Apps improvement, analytics and development purposes, including to analyze and improve the Apps and our business and to develop new products and services. As part of these activities, we use aggregated, de-identified and/or anonymized data derived from your personal information.
    3. Data aggregation, de-identification and/or anonymization. As part of these activities, we may create aggregated, de-identified and/or anonymized data from personal information we collect. We make personal information into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Apps and promote our business and will not attempt to reidentify any such data.
    4. Research. As a science-based company, we may use aggregated, de-identified and/or anonymized data derived from your personal information to conduct scientific research and analysis on our own or with other relevant parties. We may publish research-related findings.
    5. Marketing and advertising. We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:
    6. Direct marketing. We may send you direct marketing communications (including educational materials) and may personalize these messages based on your needs and interests. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
    7. Interest-based advertising. Our third-party advertising partners may use cookies and similar technologies to collect information about your interaction (including the data described in the automatic data collection section above) with the Apps, our communications and other online services over time, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the Manage Cookie Preferences section of our Cookie Policy.
    8. Compliance and protection. We may use your personal information to:
      1. comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
      2. protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
      3. audit our internal processes for compliance with legal and contractual requirements or our internal policies;
      4. enforce the terms and conditions that govern the Apps; and
      5. prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
    9. With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
  3. How we share your personal information

    We may share your personal information with the following parties and as otherwise described in this Privacy Policy, in other applicable notices, or at the time of collection.

    1. Affiliates. Our corporate parent, subsidiaries, and affiliates.
    2. Service providers. Third parties that provide services on our behalf or help us operate the Apps or our business (such as hosting, information technology, customer support, language translators, email/text/push notification delivery, marketing, consumer research, and website analytics).
    3. Payment processors. Any payment card information you use to make a purchase on the Apps is collected and processed directly by our payment processors, such as Braintree through PayPal. PayPal (and its corporate affiliates) may use your payment data in accordance with their respective privacy policies such as those available at Braintree Payments and PayPal.
    4. Advertising partners. Third-party advertising companies for the interest-based advertising purposes described above.
    5. Third parties designated by you. We may share your personal information with third parties where you have instructed us or provided your consent to do so.
      1. Eligibility Checks. If you ask us to check if you are eligible for no-cost access to our Apps from organizations that provide such access, we will disclose your personal information to those organizations in an effort to determine your eligibility for such services.
      2. Organizations that provide you with our Apps. If an organization provides you with access to our Apps, we may share your personal information with that organization. The manner in which and the nature of which we share your personal information depends upon the type of organization that has provided you with our Apps and the relevant agreement that we may have with that organization. At a high level, we explain here how and in what manner we may share your personal information with these organizations.
        1. Supervising Groups. We work with certain organizations that provide you with access to our Apps and also directly supervise your use of our Apps (for purposes of this Policy, we refer to them as “Supervising Groups”), such as hospitals, sports teams, retirement communities, and scientific organizations. If your access to our Apps is provided by a Supervising Group, then we may share all of your personal information with that Supervising Group so that they can offer their services to you.
        2. Non-supervising Groups. We work with certain organizations that provide you with access to our Apps but do not directly supervise your use of our Apps (for purposes of this Policy, we refer to them as “Non-supervising Groups”), such as insurance companies and libraries and cell phone providers. If your access to our Apps is provided by a Non-supervising Group, then we may share specific personal information (depending on our agreement with the Non-supervising Group) about you with that Non-supervising Group. For example, we may provide information about the frequency with which you use our Apps (for example, the number of times you used our Apps in a month, or that you did not use our Apps in that month) to a Non-supervising Group organization, so that the relevant organization can, for example, evaluate the usage of our Apps by its constituents and conduct analyses that relate the usage of our Apps for their own records (for example, to determine if people who frequently use our Apps also incur fewer insurance claims). As another example, if your Non-supervising Group organization provides you with an incentive (such as an insurance discount) for completing specific goals within our Apps, for example completing a specific number of exercises or assessments, then we will share with that Non-supervising Group organization the specific information required for them to offer the incentive to you (such as the date on which you completed the goal).
        3. When we disclose personal information about you to an organization that provides you with access to our Apps, the relevant privacy policy of that organization may apply to that organization’s use, disclosure and other processing of that personal information. Because we do not control the privacy practices of these organizations, you should read and understand the applicable privacy policy. You can contact us at support@brainhq.com and ask us if your access to our Apps is being provided by an organization, and if so, how to contact that organization. If you do not want your personal information to be shared with an organization that provides you with access to our Apps, you can contact us and ask us to remove you from that organization. We will do so, which will prevent the sharing of your personal information with that organization after the date you are removed from the organization, and will remove the access you have to our Apps provided by the organization.
      3. Business partners. Our business partners and collaborators (including any third-party collaborators working with us on our scientific research).
      4. Log-in third-party services. If you log into the Apps with, or otherwise link your Apps account to, a social media or other third-party service, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.
      5. Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
      6. Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the Compliance and protection purposes described above.
      7. Business transferees. We may disclose personal information in the context of actual or prospective business transactions (e.g., investments in or financing of Posit Science, or the sale, transfer or merger of all or part of our business, assets or shares). We will take commercially reasonably measures in an effort to protect your personal information in connection with the purposes of the actual or prospective business transaction with Posit Science. In the event of a merger or acquisition transaction or proceeding involving sale, transfer, or divestiture of all or a portion of our business or assets, we may share your personal information for the purpose of allowing your continued use of the Apps as managed by the merged or acquiring company. We may also disclose your personal information to an acquirer, successor, or assignee of Posit Science as part of any merger, acquisition, sale of assets, or similar transaction, and/or in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.
      8. Other users and the public. If you choose to use certain social features of our Apps, certain personal data will be shared with other users. When you choose to use a social feature, the App will show you data that will be shared with other users (for example, your profile picture or your use of a specific exercise), and who those users are (for example, a single person of your choice, or a group of people). This information can be seen, collected and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), and we are not responsible for any such use of this information.
  4. Your choices

    In this section, we describe the rights and choices available to all users. Users who are residents of certain states within the US or located within Europe can find additional information about their potential rights below.

    1. Access or update your information. If you have registered for an account with us through the Apps, you may review and update certain account information by logging into the account and using the tools provided.
    2. Opt-out of communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you will continue to receive service-related and other non-marketing emails you specifically request (e.g., password reset) and emails related to payments (e.g., subscription renewal). If you receive text messages from us, you may opt out of receiving further text messages from us by replying STOP to our message.
    3. Data subject requests. Certain laws may provide individuals with some or all of the data subject request rights listed below. However, these rights are not absolute and some jurisdictions do not provide these rights to their residents. Therefore, we may decline your request in certain cases as permitted by law.
      1. Information. You can request the following information about how we have collected and used your personal information during the past 12 months:
        1. The categories of personal information that we have collected.
        2. The categories of sources from which we collected personal information.
        3. The business or commercial purpose for collecting and/or selling personal information.
        4. The categories of third parties with which we share personal information.
        5. The categories of personal information that we sold or disclosed for a business purpose.
        6. The categories of third parties to whom the personal information was sold or disclosed for a business purpose.
      2. Access. You can request a copy of the personal information that we have collected about you during the past 12 months.
      3. Appeal. You can appeal our denial of any request validly submitted.
      4. Correction. You can ask us to correct inaccurate personal information that we have collected about you.
      5. Deletion. You can ask us to delete the personal information that we have collected from you.
      6. Opt-out.
        1. Opt-out of certain processing for targeted advertising purposes. You can opt-out of certain processing of personal information for targeted advertising purposes.
        2. Opt-out of profiling/automated decision making. You can opt-out of automated processing or profiling performed on personal information to evaluate, analyze, or predict personal aspects related to a person’s economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
        3. Opt-out of other sales of personal data. You can opt-out of other sales of your personal information.
      7. Opt-in. Certain US States permit a parent to opt-in a child in a certain age range (for example, between the ages of 13 and 15) for personal information data collection and processing. Because we do not knowingly collect personal information of individuals under the age of 16, we do not necessarily afford the right to opt-in under certain US state privacy laws.
      8. Limit processing of sensitive personal information. Because we do not use sensitive personal information (as defined under certain US state privacy laws for purposes other than providing the Apps, we do not offer individuals’ the right to limit our processing of such information.
      9. Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the applicable laws.
    4. Exercising your data subject request rights to information/know, access, appeal, correction, deletion, and limit processing of sensitive personal information. You may submit data subject requests to exercise your rights to information/know, access, appeal, correction, or deletion by calling us toll free at +1 (800) 514-3975 or via email to support@brainhq.com.
    5. Exercising your data subject request rights to opt-out of the “sale” or “sharing” of your personal information. While we do not sell personal information in exchange for money, like many companies, we use services that help deliver interest-based ads to you as described above. Certain laws may classify our use of some of these services as “selling” or “sharing” your personal information with the advertising partners that provide the services. You can opt-out of tracking for targeted advertising purposes or other sales of personal information by clicking on the “Do Not Sell” link in our Apps, or by clicking here.
    6. Verifying your identity and how your authorized agents may make requests on your behalf. We may need to verify your identity in order to process your information/know, access, appeal, correction, or deletion requests or otherwise process a request that you make and reserve the right to confirm your residency. To verify your identity, we may require government identification, a declaration under penalty of perjury, or other information, where permitted by law. Under some laws, you may enable an authorized agent to make a request on your behalf upon. However, we may need to verify your authorized agent’s identity and authority to act on your behalf. We may require a copy of a valid power of attorney given to your authorized agent pursuant to applicable law. If you have not provided your agent with such a power of attorney, we may ask you to take additional steps permitted by law to verify that your request is authorized, such as by providing your agent with written and signed permission to exercise your rights on your behalf, the information we request to verify your identity, and confirmation that you have given the authorized agent permission to submit the request.
    7. Cookies and other similar technologies. For information about cookies employed by the Apps and how to control them, see our Cookie Policy. In addition, most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Apps may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.
    8. Blocking images/clear gifs: Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your particular browser or device settings.
    9. Advertising choices. You may be able to limit use of your information for interest-based advertising. Please review the Online Tracking Opt-Out Guide to learn more about your choices. We cannot offer any assurances as to whether the companies we work with participate in the opt-out programs described above.
    10. Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
    11. Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
    12. Log-in third-party services. If you choose to connect to the Apps through your social media account or other third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.
    13. Delete your content. You can choose to delete certain of your content through your account, i.e., your profile picture.
    14. Remove your account from an organization. If your access to our Apps is provided by an organization, you can contact us to request that your account be removed from that organization. To the extent permitted by the applicable agreement we have with that organization, we will do so upon your request. The organization may have retained copies of your personal information that we had shared previously which will be governed by that organization’s privacy policy.
    15. Close your account. You can choose to close your account, by contacting us.
  5. Retention

    1. We retain personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, or to establish or defend legal claims, or for other ‘Compliance and Protection’ purposes noted above in the “How we use your personal information” section.
    2. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
    3. When we no longer require the personal information, which we have collected about you, we may either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. If we anonymize your personal information (so that it can no longer be associated with you), we may use this information indefinitely and for any reason without further notice to you.
  6. Other sites and services

    The Apps may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

  7. Security

    We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. To learn more about our security measures, please see our security website. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

  8. International data transfer

    We are headquartered in the United States and use service providers that are based in the United States. Your personal information may be transferred to the United States or other locations where privacy laws may be different from those in your state, province, or country. Users in Europe should read the important information provided below about transfer of personal information outside of Europe.

  9. Children

    The Apps are not intended for use by anyone under 16 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Apps from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

  10. Changes to this Privacy Policy

    We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Apps or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Apps after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Apps and our business.

  11. How to contact us

    1. Email: support@brainhq.com
    2. Mail: 160 Pine Street, Suite 200, San Francisco, CA 94111
    3. Phone: +1 (800) 514-3975
  12. Does this Privacy Policy apply to my use of the Apps?

    1. Depending on whether Posit Science or another entity provisions your access to the Apps, this Privacy Policy may or may not apply to you.
    2. We work with certain health care providers where, by contractual agreement with Posit Science, that organization owns and manages the data of its constituents in BrainHQ (a “Controlling Group”). If your access to our Apps is provided by such a Controlling Group, this Privacy Policy does not apply to personal information that we process on behalf of the Controlling Group that provides you with such access. Instead, our use of such personal information is governed by the relevant agreement between that Controlling Group and Posit Science. You can contact us at support@brainhq.com and ask us if your access to our Apps is being provided by a Controlling Group, and if so, how to contact that Controlling Group. If you have questions regarding your personal information that we process on behalf of such a Controlling Group, please direct your questions to that Controlling Group. The respective Controlling Group is responsible for providing you with an appropriate privacy notice that describes how we may use your personal information in connection with your use of our Apps.
    3. If you use Posit Science Apps directly from us or through any other organization (in other words, a Non-supervising Group that does not own the data of its constituents in relation to use of our Apps), this Privacy Policy applies to your personal information.
  13. Notices for US and European Users

    1. If you are a resident of the United States, please note the attached US State Privacy Rights Notice which is considered part of this Privacy Policy and contains information specific to residents of the United States.
    2. If you are a resident of the United Kingdom and the European Economic Area, please note the attached Notice to European Users, which is considered part of this Privacy Policy and contains information specific to residents of the United Kingdom and the European Economic Area.