Information CureDAO Collects and Uses
The Platform is intended to facilitate your storage and transmission of patients’ medical information concerning your patients to physicians and certain others, and this medical information includes personally identifiable information of those patients, including protected health information (“PHI”). PHI includes but is not necessarily limited to information that may be used to identify your patients (such as name or address, patient or medical record number, and so on) and that relates to (a) the patient’s past, present, or future physical or mental health or condition, (b) the provision of health care to the patient or (c) the past, present or future payment for the provision of health care to the patient. In providing its service, CureDAO may receive and create records containing the PHI of your patients. CureDAO is required by law to take measures to protect the privacy and security of PHI and to comply with the terms and conditions of CureDAO’s Business Associate Contract with you. A copy of the Business Associate Contract is available at https://curedao.org/business-associate-agreement.
The Platform also collects accounts and other information about you, as a user of the Platform. This information includes personal information about you and your use of the Platform.
Use of Technologies by the Platform.
The Platform may use various user tracking mechanisms that monitor your describe your use of the Platform and your responses to communications from CureDAO and others through the Platform.
When CureDAO collects information, including PHI, directly from you through the Platform, it follows generally accepted industry standards to protect the submitted PHI and meets HIPAA privacy standards. CureDAO uses encryption techniques and authentication procedures, among others, to maintain the security of your information and to protect user accounts, devices, and systems from unauthorized access. We also protect information by placing it on a secure portion of our servers that is accessible only by certain qualified employees and other designees of CureDAO. Unfortunately, however, no data transmission over the Internet, and no data storage facility, is 100% secure. While we strive to protect your information, we cannot ensure or warrant the security of such information. If you have any questions about security you can contact CureDAO at email@example.com.
Disclosure of Information.
CureDAO does not disclose your information, including PHI, to any third party other than as permitted or required under the Business Associate Contract, or as you direct through your use of the Platform.
The laws and regulations in different countries impose different (and even conflicting) requirements on the Internet and data protection. The servers that make the Platform and CureDAO’s service available worldwide are located in the United States. All matters relating to the Platform and CureDAO’s service are governed by the laws of the State of California, without reference to its conflicts of law rules that would result in the Platform of the laws of another jurisdiction. Please note that any information you provide will be transferred to the United States, and by using the Platform and/or CureDAO’s service or providing CureDAO with information, including PHI, you authorize this transfer.
Sale of Information.
CureDAO does NOT sell or rent the PHI or any other information you provide and do not provide that information to third parties for commercial or any other purposes.
CureDAO is a dashboard to help you track and improve everything about your life. It is powered by data from your phone, wearables, and other connected accounts, so you rarely have to manually enter data.
The entire purpose of the service is to process and store information for you, much of which occurs on our servers. Most of our users find that health improvements and other benefits from the service far outweigh the slight reduction in privacy. However, if you are not comfortable with us processing and storing your information, then you should not use the service or send us any data.
Your privacy is critically important to us. At CureDAO, we have a few fundamental principles:
We are CureDAO Innovations, Inc. (collectively referred to herein as "CureDAO," "we," "us," or "our"). We provide Internet and mobile app-based services including, for example, the apps listed below ("Mobile Apps" or "Apps"):
"Personal Data" is information that can be used to identify you, directly or indirectly, alone or together with other information. This includes things such as your full name, email address, phone number, precise location, device IDs, certain cookie and network identifiers, and "Fitness and Wellness Data."
If you have any questions, comments, or concerns about how we handle your Personal Data, then you may contact us by sending a message to firstname.lastname@example.org
Within our Services, there are two sharing settings: Private, and Public. CureDAO apps are designed for your wellness and fitness benefit. As such, you are able to control what Personal Data you share and with whom you share it.
Adding friends to the service will allow them to see your private profile. Not approving friends and keeping your account private will keep your account completely private.
We encourage you to adjust the sharing settings to best meet your objectives and sharing comfort level.
You may delete your account at any time by visiting https://curedao.org/delete . Once deleted, your data, including your account, username, or any other related content, cannot be restored.
Note that content you have shared with others (for example, through saving photos), exported from the service, or that others have copied may also remain visible after you have deleted your account or deleted the information from your own profile. Your public profile may be displayed in search engine results until the search engine refreshes its cache.
When you sign up for an account, we start building your profile and adding data to it. A basic user account has details like your name, email address, profile photo, cover photo, date of birth, and gender. These can be prefilled by Facebook login, or manually entered.
The CureDAO app tracks some basic stats like steps and sleep, but it is mostly powered by the other services and devices you connect to it. We have many integrations and are constantly adding more. We will update this list as the data we collect evolves. The more services you connect to your account, the more data you will be able to see on your profile and in the app. What you feel comfortable connecting and sharing is up to you.
Each type of account has different content and various amounts of personally-identifiable information, so you may be comfortable with connecting some and not others. For example, you might be comfortable connecting your public photos from Instagram, but not the locations you've been to on Foursquare.
We use our access to your accounts only to load the information we need, never to write or modify your data in any way. For example, if you connect your Twitter account we will never post anything on your behalf. In most cases, we only ask for read-only access to your accounts.
We load data once when your account is first connected, and then periodically to keep your account up to date. This data is processed and stored on CureDAO servers so it can be accessed through the website, mobile app, and other platforms. When you disconnect an account, we also delete all of the associated data that was imported from that account.
The following are some of the commonly used services we integrate with, and the data that can come from them.
We load your count of daily steps from a variety of sources. You can select which is the primary source in settings. The common sources for steps include Apple Health, Google Fit, Fitbit, Garmin, and others.
From the iPhone app, we load various data points from HealthKit (aka Apple Health) during the initial install and keep them synced occasionally throughout the day. When installing the app, you will be able to choose which data types you want to sync. The possible options include steps, workouts, sleep, heart rate, weight, body fat percentage, blood pressure, blood glucose, and menstrual cycles. Pro users can also use details like calories, carbs/protein/fat intake, mindfulness time, and more if it is available in HealthKit.
Setting up CureDAO syncing will upload the data from your phone to our servers.
Runs, swims, walks, biking, and other types of physical activity. The details we get include the start time, duration, pace, calories, etc. If available, we also load the latitude/longitude coordinates to plot it on a map. We also load your heart rate information if available.
We sync with Withings to retrieve bodyweight measurements taken with their wireless scales. We also load blood pressure and heart rates. If you use the Withings sleep tracker, we also load your sleep data.
We load a list of the places you've been to. From Moves, these contain Foursquare or Facebook locations and the start and end times. From Foursquare, these consist of check-ins at a point in time. These can contain latitude/longitude coordinates and addresses of locations. If both Moves and Foursquare are connected at the same time, we prioritize the data from Moves because it has more details about the time spent—for example, that you were at a restaurant for an hour and a half, rather than just that you were there at a specific time of day. From Foursquare, we may also load photos that were associated with your check-ins.
We use RescueTime to calculate your productivity for each day and show your top apps and websites. We load an hourly list of what apps and websites you used. Pages visited in incognito mode are not tracked by RescueTime and are not loaded by us. We understand that this data is potentially very sensitive, and only shows basic averages of productivity and a few of the top apps, and not individual websites or applications.
We connect to Twitter to load your latest shared photos. We look at the favorite counts to feature the top photos you've shared on Twitter. We get read-only access and never will write to your Twitter—we only use it to get your latest shared content.
Especially for users on the Android platform, we use Google Fit to load stats like step counts and heart rate.
Similar to Twitter, we connect to Instagram to load all of the photos you have posted. This happens whether or not the Instagram account was set to private, so if you don't want to load your Instagram photos it is recommended to not connect your account.
Pro members can upload an export of their 23&me data, and we will load relevant reports to show in the Vault. These include stats like your muscle fiber composition, lactose intolerance, and other simple traits. The raw data is stored for further analysis and correlation, and tailoring of your CureDAO experience in the future. Once you have added the DNA integration, you can always delete it through the website later. The DNA stats are only accessible by you in the Vault, and not shared with friends or visible on your profile. DNA data can be deleted at any time from the Vault.
In addition to the integrations, info can be manually entered into CureDAO.
Members can take a simple quiz in the app to track their mood, and also manually enter other details like symptoms, sports injuries, and blood sugar measurements or ketone levels for those on a ketogenic diet. These are only for your own easy reference, and potential correlations in the future, and should not be considered medical data.
CureDAO cannot provide any medical recommendations or analysis of your medical data, and you should always consult with your doctor before making any changes to your behavior or following anything that the app may suggest.
Data stored in the Vault will remain private and not be revealed to any friends. However, it may be used to find correlations or for large-scale studies in aggregate across the platform — ie. researching why users get sick or how to prevent injuries.
Cards from the mobile app can be added to your account via the Saved Cards feature. When saving a card to share, you can also add it to your friend's feed which will make it viewable by your friends and coworkers on CureDAO.
Cards that are saved to your saved cards are part of your profile and can be viewed in the app, and by your friends. An image can be removed right after it is added, or at any time later with the delete button in your highlights tab.
Cards from all your friends can be aggregated and shown in a feed, for motivating your friends and allowing liking/commenting. If you like or comment on someone's card, they may be notified about it.
We offer free and paid accounts. Those who upgrade to CureDAO Pro will be charged a monthly or annual fee, depending on the plan selected. Refunds will not be granted.
Through the website, you can upgrade with Stripe Checkout. In the app, you can upgrade with In App Purchase. You get the same features, on all platforms, but are just charged in different ways.
Upgrades are done on the website use Stripe to store credit cards and do recurring billing. Credit card details are stored entirely by Stripe and not by CureDAO. We only store a token linked to that credit card and none of your actual credit card information. If you subscribed with Stripe and entered your credit card, you can manage your subscription or edit your card information from the billing page
Subscriptions through iTunes can be managed through your Apple ID — Learn more about iTunes subscriptions.
Subscriptions through the Google Play Store can be managed in the Google Play Store settings — Learn more about Google Play subscriptions.
CureDAO Pro can be purchased directly with a card on the website or subscribed through the iPhone and Android apps.
You can do a monthly or yearly subscription, and the exact price will depend on your App Store region—since the prices are converted to local currency in different places. In the US, the price is $9.99/month or $69.99/year with the annual discount
Payment will be charged to the iTunes Account or Google Play account at confirmation of purchase. Subscription automatically renews unless auto-renew is turned off at least 24-hours before the end of the current period. Account will be charged for renewal within 24-hours prior to the end of the current period.
Subscriptions may be managed by the user and auto-renewal may be turned off by going to iTunes or Google Play subscription settings after purchase.
These are required to log in to your account and for basic web browsing features. When you visit the Services, a cookie will be stored on your computer.
The Services use log files. Stored information includes IP addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and a number of clicks. This information is used to analyze trends, administer, protect and secure the Services, track member movement in the aggregate, and gather broad demographic information for aggregate use. These files may be stored on our servers or on the analytics platforms that we use.
By default, your account is set to private and you are the only one who can see your profile. Everyone else will see a screen with your profile photo, name, and the fact that your account is private and you must be friends to view the page.
There are two simple visibility options: Private (Friends only) or Public.
The default is Friends Only, and you will have no friends until you accept some requests or send requests to add people, so your account starts off as completely private.
If people add you as a friend (and you accept), or you request that someone be your friend, they will be able to see your profile and all your weekly reports. Be careful when adding friends on CureDAO, and only accept people that you know and trust. If you do not wish to give them access to view your complete CureDAO profile, then you should not accept their friend request.
That said, some people (including everyone on the CureDAO team) may choose to make their page completely public and transparently share it with the world. We have designed most of the views CureDAO with this in mind, to analyze and share your stats in a way that is not embarrassing or dangerous. Public profiles can be viewed by anyone, and may occasionally be featured on our homepage and other parts of CureDAO.
CureDAO staff can also view your profile for testing or support purposes, but will never share anything not made public.
We only use your data to power your profile page, and will never share or sell your details to any 3rd parties. Data in your account can also be used to order print goods like posters and books for your own personal usage, which may require more access by CureDAO staff to generate.
If you don’t want a constant reminder of your age or weight, you can choose to hide them from settings. That will put them "out of sight & out of mind" but isn't intended to make them completely inaccessible. Hiding in settings isn’t a guarantee that the data is gone, but just a preference to not show it prominently and remind you about it.
A Pro feature called the Vault gives you additional granularity over what gets shared. For example, you can add friends but move your locations or weight to the Vault if you don’t want them to be able to see it. Otherwise by default, adding friends will let them see the same view of your profile as yourself.
The Vault doesn't add encryption or significantly change how the information is stored but changes the access control to ensure that you have maximum privacy and no other members on the service can access the info. From user research, we've found that the main risk in tracking your weight or productivity is not in some Russian adversary gaining access to the data, but in being embarrassed by it with your friends. The Vault is designed to protect against these scenarios.
Separate from the Vault, all users have the option to hide common things like weight and age from the account settings. Those are common items that people may not want to be reminded of or see on their profile, so we have made those easy to hide.
The difference between hiding something or moving it to the Vault is whether you want to hide it from everyone including yourself, or just from everyone else but keep seeing it yourself. The Vault also allows the hiding of other data types like location and computer usage.
There is currently no public API to get data out of CureDAO. Your account data can be exported at https://curedao.org/export/
If your company has a CureDAO membership, you may be able to join your company on CureDAO. Joining will give you a Pro membership, and it will also give other members in the company access to certain details from your account—including things like your steps or recent workouts. Information stored in the Vault or set to be hidden will still be kept private from other members.
We collect your Personal Data in a number of ways and for various purposes, including:
Subject to your privacy settings, some of your information and content may be publicly accessible. Having an account on the service will make your name, profile photo, and cover photo viewable so people can send a friend request. More sensitive details like your recent activity will remain private unless made public, or a friend request is accepted.
The Personal Data CureDAO processes, and all associated Services and systems, including registration, are housed on servers in the United States. If you are located outside of the United States, please be aware that Personal Data we collect will be processed and stored in the United States (the data protection and privacy laws in the United States may offer a lower level of protection than in your country/region).
If you are habitually located in the European Union, you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances. We describe these rights below:
You can access much of your information by logging into your account. People in the EU can find export their history as CSVs from https://curedao.org/export/
You can also rectify, restrict, limit or delete much of your information by logging into your account and deleting particular integrations, data points, or the entire account.
Where we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
Where you have previously provided your consent, such as to permit us to process health-related data about you, you have the right to withdraw your consent to the processing of your information at any time. For example, you can withdraw your consent by updating your settings or disconnecting an integration. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.
In some cases, we will ask for your consent to process your Personal Data. You may indicate your consent in a number of ways, including, as permitted by law, ticking a box or connecting an integration, to indicate your consent when (i) providing us with your Personal Data through our Services or a form (including enrolling in Promotions); or (ii) registering or creating an account with us. Due to different countries' laws governing consent for the collection and use of Personal Data, the requirements for consent will differ across regions. We may request your consent for a number of activities including:
You may at any time withdraw your consent with future effect and without affecting the lawfulness of processing of your Personal Data based on the consent you provided before you withdrew it, and exercise other controls regarding website and online data collection, interest-based advertising, your communication settings, and app preferences. Depending on the Service, collection and use of Personal Data may be required for the Services to work. To withdraw your consent, you can delete your account at https://curedao.org /delete/ which will stop the future processing of data.
We do very little advertising and mostly rely on word of mouth for growth. Occasionally we will do advertisements to get more users for the service. Interest-based advertising is advertising that is targeted to you based on your web browsing and app usage over time and across websites or apps.
We will retain your Personal Data for as long as you maintain an account or as otherwise necessary to provide you the Services. Since part of the service is keeping your history for you to view later, we will generally retain data as much as possible. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where permissible, we will also delete your Personal Data upon your request. If you have questions about our data retention practices, please contact us through our Support Team.
We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
Although we strive to employ reasonable protections for your information that are appropriate to its sensitivity, we do not guarantee or warrant the security of the information you share with us and we are not responsible for the theft, destruction, loss or inadvertent disclosure of your information or content.
We do not knowingly collect Personal Data online from children under 13 (note that the minimum age may vary based on country/region, and on local law). If you become aware that a child has provided us with Personal Data without parental consent, please contact us through our Support Team. If we become aware that a child under 13 has provided us with Personal Data without parental consent, we will take steps to remove the data and cancel the child's account.
Collect data regarding mood, symptoms, diet, exercise, and interventions in order to identify hidden factors improving or exacerbating chronic illnesses.
Tabs permission is necessary to identify if a tracking reminder tab has already been created to avoid opening additional unnecessary tabs.
Host permission is any match pattern specified in the "permissions" and "content_scripts" fields of the extension manifest.
Data is fetched from multiple APIs and stored for the user in a database in order to perform advanced analysis to tell the user which factors correlate most strongly with their symptoms.
Remote code is any JS, Wasm, or CSS that is not included in the extension's package. This includes references to external files in script tags, modules pointing to external files, and strings evaluated through eval().
Google fonts are referenced, a Drift chat widget is included for user communication, and the Stripe library is included for subscription services.
That’s it! Thanks for reading.