Full Privacy Policy
We use privacy and security by design to build our services.
Effective date: March 8, 2024
Juli Inc ("us", "we", or "our") operates the https://www.juli.co website (hereinafter referred to as the "Website") and the juli chronic condition tracker mobile application (hereinafter referred to as the "Service").
This Privacy Policy (“Policy”) describes how we collect, use and disclose Personal Information we receive when you use our Service or our Website or otherwise interact with us, whether online or offline. It also tells you about your rights and choices with respect to your Personal Information, and how you can contact us if you have any questions, requests or concerns.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of your personal information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
Information Collection and Use
You may provide us with Personal Information, including when you:
register to receive our services;
use our Service;
use our Website; and
communicate with us (whether through the app or by email).
Types of Data Collected
Personal Data
While using our Service, we may ask you to provide us with certain personal information that can be used to contact or identify you ("Personal Data"). Personal Data collected by juli may include:
· Contact details, such as your name, email address, telephone number and home address;
· Basic profile information, such as demographic information including date of birth, gender, ethnicity;
· Account details, including username and password;
We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you, only if you have expressly opted-in to receiving such communications. Even if you have, you can always opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send, or by contacting us.
Health Data
Health data is a special category of Personal Data. It may include information relating to your exercise regime, health, smoking, drinking, lifestyle and wellbeing, diet, sleep patterns and body metrics and any other information relating to your health, lifestyle and fitness you choose to upload to juli;
We may use your Health Data for our internal operations, which include administration, planning and various activities that assess and improve the quality and cost effectiveness of the service that we deliver to you (e.g. using information about you to improve quality of medical care you receive). We may also use your Health Data to contact you as a reminder to interact with, or complete tasks relating to your use of our Service.
Usage Data
Identifiers and usage data, including your IP address, advertising identifiers, engagement metrics and information about your device, including model, version and operating system.
This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Correspondence Data
Correspondence and communications data,including any Personal Information contained in your correspondence and communications with us, including survey responses;
3rd Party Data
We may obtain Personal Information about you from the following third parties:
Third party apps, devices and wearables. If you choose to connect juli with a third-party health and fitness related application (such as Apple HealthKit, Google Health Connect, FitBit, Garmin and others) or device, we will receive additional health and lifestyle data from the third-party providers of those apps or devices. The use of information received from Health Connect will adhere to the Health Connect Permissions Policy, including the limited use requirements.
Your medical practitioner or other healthcare provider.If you choose to provide us with access to some or all of your medical records as part of juli, we will obtain these records directly from your medical practitioner or healthcare provider.
Other 3rd Party services. We collect data from the environment based on your geolocation through 3rd party services. We do not share any personal information with such third parties except for geolocation data which we anonymise effectively by reducing the accuracy. Services we use are: getAmbee (https://www.getambee.com) and OpenWeatherMap (https://openweathermap.org).
Aggregate Data
We also collect, use and share aggregated data such as statistical or demographic data for our purposes. Aggregated data may be derived from your Personal Information but is not Personal Information as this data will not directly or indirectly reveal your identity. For example, we may aggregate data about your use of juli to calculate the percentage of users accessing a specific feature. However, if we combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined data as Personal Information which will be used in accordance with this Policy.
Cookies
For more information about cookies, please click this link to our cookie policy.
Use of Data
Category of personal information
How we use it
Legal basis for processing
Contact details
Account details
Basic profile information
To register you with juli.
Administration of account (including sending you information regarding changes to our policies, other terms and other administrative information).
Performance of a contract
To the extent the processing concerns special categories of personal data, we will request your explicit consent.
Health data (including medical records and data from third party apps and devices (if applicable))
Basic profile information
To provide you with our services and carry out research to improve our services.
To carry out statistical and scientific research.
Performance of a contract
To the extent the processing concerns special categories of personal data, we will request your explicit consent.
Health data (including medical records and data from third party apps and devices (if applicable))
Contact details
To contact you in the event of abnormalities with your results and advise you to see your doctor.
Performance of a contract
Correspondence and communications data
Contact details
To respond to queries and complaints and provide you with information and materials that you request from us.
It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to maintain good customer relations.
Compliance with a legal obligation.
Transaction information
To maintain accounts and records as required under applicable law.
Compliance with a legal obligation.
Contact details
Marketing data
Marketing and advertising (including sending you newsletters and measuring the effectiveness of our marketing).
Either explicit consent (if required under applicable law) or, where consent is not required under applicable law, our legitimate interests, namely to develop and grow our business.
Identifiers and usage data
To administer juli, including resolving technical issues, troubleshooting, data analysis, testing and research and statistical purposes.
To analyse the use of juli, including for the purposes of improving juli to ensure that content is presented in the most effective manner for you.
It is in our legitimate interests to monitor our Website and Services to ensure that they function properly and are secure.It is in our legitimate interests to carry out analytics to understand how our users interact with juli and improve our services based on this information.
Retention of Data
juli Inc will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.
juli Inc will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods. juli Inc might also retain aggregated data for statistical purposes, but, as it is not considered Personal Data, the retention period for this kind of data would be unlimited.
Transfer of Data
We may transfer your Personal Information outside of the country where you are located, including to the US where we and certain of our service providers are based. For citizens in the EEA (“European Economic Area”), Switzerland or the UK, we store and process all Personal and Health data in one of our data centers in the EEA.
Regardless of where your Personal Information is transferred, we shall ensure that relevant safeguards are in place to provide adequate protection for your Personal Information (for example, by entering into standard contractual clauses with the recipients of your Personal Information). Further details regarding the relevant safeguards we implement can be obtained from us on request at privacy@juli.co.
Disclosure of Data
We only disclose Personal Information with the following recipients and in the following circumstances:
Vendors and service providers. We may share your Personal Information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing data hosting, customer relationship management, payment processing, health data analysis and analysis and analytics services.
Fitness and health applications or devices.If you choose to integrate third party applications (such as Apple HealthKit, FitBit, Garmin and others) and devices with juli, we may share certain integration information with these third parties, including username, device information and ID.
Healthcare professionals. We may share your Personal Information with healthcare professionals, such as qualified physicians, in certain circumstances, i.e. only if you explicitly request us to do so. We share certain contact information with these third parties, including name and contact information, and any data you explicitly choose to share.
Research partners. If you provide your explicit consent, we may share your Personal Information with third party research partners, such as universities and research institutions, for the purposes of carrying out statistical and scientific research.
Law enforcement, regulators, governmental authorities and other parties for legal reasons. We may share your Personal Information with third parties if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or our safety, or the safety of our users, a third party, or the public.
UCL (University City of London). The UCL, a University in the United Kingdom, is our main research partner for clinical trials and scientific research.
Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Mixpanel. Mixpanel is a mobile application analytics service which tracks mobile usage. This data is used to help us make improvements to our service. Mixpanel stores all data on GDPR compliant servers in the EEA. For more information on Mixpanel’s privacy practices, please visit the Mixpanel Privacy Hub: https://mixpanel.com/legal/privacy-hub/
Squarespace. Squarespace is a web hosting service where our website is hosted on. The service collects anonymous usage statistics which we use to enhance our online service offerings. For more information on the privacy practices of Squarespace, please visit the Squarespace’s Privacy & Terms web page: https://www.squarespace.com/privacy
Hubspot. Hubspot is a customer relationship management (CRM) platform which we use to interact with our business partners and potential business customers. We store information relating to potential sales transactions and inquiries, including personal contact information. For more information on the privacy practices of Hubspot, please visit the Hubspot Privacy & Terms web page: https://legal.hubspot.com/privacy-policy
Mailchimp. Mailchimp is a newsletter and mailing service from Intuit. We store customer contact data as well as newsletter interaction data which we use to improve our offerings. For more information on the privacy practices of Intuit, please visit the Intuit Privacy & Terms web page:Mailchimp Privacy Policy
Security of Data
All Personal Data you provide to us is sent in encrypted form and stored on secure servers with trusted 3rd party suppliers, Google Cloud Platform ('GCP') in the US. Data from citizens within the EEA, Switzerland and the UK is stored and processed on GCP servers within the EEA in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) , which sets out several data protection requirements, which apply when personal data is being processed. You can find out more about security policies and processes in the GCP Security Compliance page.
All passwords are stored in encrypted form and all traffic is transmitted securely via SSL by default.
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Your Data Protection Rights under the General Data Protection Regulation (GDPR)
This section is only valid for residents in the EEA, Switzerland and the UK.
As a resident of the EEA, Switzerland or the UK, you have certain data protection rights. juli Inc aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.
If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right to access, update or delete the information we have on you. Whenever possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
The right to object. You have the right to object to our processing of your Personal Data.
The right of restriction. You have the right to request that we restrict the processing of your personal information.
The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
The right to withdraw consent. You also have the right to withdraw your consent at any time where juli relied on your consent to process your Personal Data.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA.
Payments
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information will be governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are:
Apple Store In-App Payments
Their Privacy Policy can be viewed at https://www.apple.com/legal/privacy/en-ww/
Google Play In-App Payments
Their Privacy Policy can be viewed at https://www.google.com/policies/privacy/
Stripe
Their Privacy Policy can be viewed at https://stripe.com/us/privacy
PayPal
Their Privacy Hub is available at https://www.paypal.com/myaccount/privacy/privacyhub
Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Children's Privacy
Our Service does not address anyone under the age of 13 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take the necessary steps to remove that information from our servers.
Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Complaints
If you wish to lodge a complaint about how we process your Personal Information, please contact us at privacy@juli.co. We will endeavour to respond to your complaint as soon as possible.
If you are in the UK or EEA, you also have the right to lodge a complaint to your national data protection authority. The relevant data protection authority in the UK is the Information Commissioner's Office ("ICO").Information on how to make a complaint to the ICO is available at www.ico.org.uk. If you are resident in the EEA, you can find details regarding your local data protection regulator here.
Contact Us
juli Inc. is the entity responsible for the processing of your Personal Information, and for the purpose of the GDPR, is the data controller in respect of the processing of your Personal Information.
If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your Personal Information, please contact our Data Protection Officer by email at privacy@juli.co.