Privacy Policy

Changes to this Policy

Myri may periodically update this Policy by posting a revised version. For any significant changes, we'll notify users via email or through in-app alerts.

Last updated: Sept 17, 2024

The key changes in this update include:

  • Providing a more comprehensive explanation of users' data sharing preferences and retention policies, including specific details on how long data is kept for different account types and the process for data deletion

Introduction and Scope

This Myri Health App Privacy Policy ("Policy") outlines how Myri Health Inc. ("Myri") collects, uses, and shares personal data. The data is gathered through Myri apps, high-risk pregnancy prediction and management, health coaching, personalized care services, surveys, and related social media and marketing activities (collectively referred to as the "Services").

This Policy applies differently to Myri's free consumer version and the enhanced paid versions provided through employers, health plans, and healthcare providers. We refer to these as the "Consumer", "Myri Premium" and “Myri Premium Plus” versions of the Services, respectively. The "Notice of Collection" is a condensed version required by California law.

This Policy does not cover personal data collected outside the scope of our Services. For information on how Myri handles personal data from business contacts or through our corporate website, please refer to our separate Non-App Privacy Policy.

"Personal data" refers to information that identifies you, such as your name, telephone number, or any other details used to determine who you are. This includes both "direct identifiers" like your email address and "indirect identifiers" that could be used to identify you, such as your device's IP address or advertising ID.

Personal Data We Collect

We collect the following categories of personal data through our Services:

  • Identifiers - (Examples of data we collect in this category)

    Name, email address, street address, postal address, mobile phone number. Device identifiers such as IP address, AdID, IDFA. For Myri Premium and Myri Premium Plus members, employer ID, employee ID, health plan ID, health plan provider ID, group ID.

  • General personal information including health information -

    Date of birth, date of last period, due date, and other fertility, pregnancy, health, sex life, and life circumstances information you input into the apps or discuss as part of health coaching Services.

  • Legally protected classifications such as race, gender, disability, or pregnancy status -

    Race, gender, gender identity, age, ethnic group, nationality, sexual orientation, pregnancy status, disability, medical condition.

  • Purchase histories or interests -

    Product usage or interests based on your app usage or browsing history, purchases reimbursed through Myri Wallet.

  • Biometric information -

    Sleep, health, glucose, blood pressure and exercise data that you sync from a wearable device, Apple Health, Samsung Health, Health Connect or Google Fit to your Myri account. Myri does not collect biometric identifiers such as fingerprints or voiceprints.

  • Internet and app activity information -

    App usage, browsing history, email opens, and views. Device type, operating system, other device parameters.

  • Geolocation -

    Approximate location by country, state, city, zip code, and regional area.

  • Audio and visual information -

    Photos, audio and videos that you upload to your Myri account.

  • Inferences -

    Pregnancy trimester, fertile window, product interests based on browsing history, health issues that may be relevant to you.

  • Sensitive information -

    Racial or ethnic origin, health information, sex life, and sexual orientation information.

Where Do We Get the Information We Collect?

  • From direct input into our apps and Services (categories of sources) -

    (Examples of our use of these sources)

    We collect the data you input into Myri apps and Services and store it in our cloud computing environment.

  • From wearable devices, Apple Health, Health Connect, Samsung Health, Google Fit, Omron, Freestyle Libre, Dexcom, Whoop, Fitbit, Polar, Oura, Wahoo, MyFitnessPal, Withings and more -

    If you sync a device, Apple Health, Health Connect, Samsung Health or Google Fit with Myri, we collect the data you choose to share. Myri’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the limited Use requirements.

  • From our therapy Services and communications -

    We collect your communications with our care coordinators, health coaches, and in our community feature.

  • From our Myri Premium and Myri Premium Plus customers (employers, employer health plans, health insurers, providers and marketplace) -

    To verify your eligibility for Myri Premium and Myri Premium Plus Services, we receive identity information (such as name, date of birth, employee ID numbers, health plan id, group id etc) from your organization.

  • From your mobile device or computer and through tracking technologies -

    We automatically collect from your device information such as IP address and technical identifiers. We, and third-party analytics providers, advertising platforms, and adtech providers, also use cookies, tags, pixels, and other tracking technologies to collect information about your interaction with ads, content, and the Services generally.

  • From social networks and social media -

    If you download a Myri app after clicking on an ad, we collect device information to show how you found Myri.

  • From surveys and promotions -

    We collect data you submit to us through surveys and promotions.

  • From friends referrals and list purchases -

    We may receive email addresses and contact information from referrals, co-promotions, and list purchases.

  • From financial institutions, payment processors, and card issuers -

    We receive information about your Myri account and your usage of it, including your claims and your debit or credit card use for Myri related Services.

Purpose of Collection and Use of Personal Data

We use your personal data to:

  • Provide the Services to you

  • Analyze your usage patterns of the Services, including which content you engage with and which features you frequently access in the Myri App

  • Personalize the Services by providing content relevant to your health, interests, and fertility, pregnancy, or parenting journey. For instance, if you share personal data about a specific health condition, we may offer editorial content related to that condition

  • Display relevant promotional ads and sponsored content in the free consumer version of the Services only. We create an advertising profile using a limited selection of your personal data, subject to your opt-in consent where required by law

  • Send you advertising and marketing communications, with your opt-in consent where required by law

  • Provide support and troubleshooting

  • Provide you with health coaching if you are a Myri Premium or Myri Premium Plus member

  • Send you email communications about the Services

  • Invite you to participate in surveys and conduct them

  • Ensure the security of our Services and analyze app and ad performance

  • Enhance and promote our products and Services

  • Perform clinical and scientific research, with your informed consent where required by law

  • Generate deidentified and aggregated data and statistics, as detailed elsewhere

  • Adhere to legal requirements, manage security, conduct investigations, handle litigation, and protect the rights or property of Myri and third parties

Lawful Processing

Our processing of your personal data is based on one or more of the following:

  • The consent you provide to us at the point of collection of your personal information;

  • The performance of the contract we have with you;

  • The compliance of a legal obligation to which we are subject;

  • The performance of scientific research, preparation of statistics, or public health activities;

  • The legitimate interests of Myri, you, or a third party, where not overridden by your interests, fundamental rights, or freedoms. Myri’s legitimate interests include the lawful conduct of its business.

When We Share Personal Information, What Categories of Recipients Do We Share With?

  • Service Providers and Contractors (Categories of Recipients) -

    (Examples of Recipients We Share With) Myri’s data is processed and stored by service providers and contractors working on Myri’s behalf, including our cloud services provider Amazon Web Services and Google Cloud Platform, Intercom for support services platform, Alchemer (survey platform).

  • Myri Premium Customers and their Business Associates and Health Benefit Providers

    If you are a Myri Premium or Myri Premium Plus user, we may share data with your health insurer, health plan, employer, or their business associates and benefits management providers, as described below under the heading “Myri Premium Data Sharing,” provided that we share information with your employer only for specific uses and only if you expressly consent.

  • Sponsors of Competitions and Giveaways

    If you enter a competition or giveaway that includes an opt-in to share data with the sponsor, we share the data you agree to share.

  • Analytics providers

    We share technical information from your mobile device with analytics companies to understand the performance of the Services, including what content and services you view and how you found Myri.

  • Social media platforms and networks

    We may share device data with social media networks to measure the effectiveness of advertising on those networks.

  • People You Invite

    The Myri apps may allow you to invite others, such as your partner, to share your Myri fertility, pregnancy, and parenting journey. If you invite someone, they will be able to see all of your personal data in the Myri apps. The people you invite are also able to add others to your account. If you add personal data or other content to a Myri account, everyone who is following that Myri account will see it.

  • You and Your Requested Followers

    If you enroll in Myri, Myri may send you regular email updates relevant to your Myri journey. These emails are subject to opt-in consent where required by law. If you include a profile image or name for yourself or a child in your care, this profile image and name will be shared in emails to you and everyone who has been invited to follow your account. The name and image will be visible even before the invitation is accepted. If you do not want the image or name to be shared, you should not enter a profile picture or a profile name.

  • Affiliates and Successors

    We may share data with companies under common control, and with any successors in the event of merger, acquisition, asset sale, or similar transaction.

  • Government Authorities and Recipients of Compelled Disclosures

    Myri may provide personal data to courts, law enforcement, and governmental authorities, and other third parties if required by law, subpoena, directive from a regulatory authority, or as otherwise necessary to comply with legal requirements or to protect the rights or property of Myri or third parties.

Myri Premium Data Sharing

If you receive the premium “Myri Premium” or “Myri Premium Plus” version of Myri through your health insurer, employer, or employer health plan, we may share data with your insurer, employer health plan, employer, or vendors working on their behalf in accordance with HIPAA and other privacy laws.

Data sharing does not occur for all Myri Premium clients. If you would like definitive information on the data sharing for your account, please contact support@myrihealth.com. Our Myri Premium data sharing policy is as follows:

  • If you receive Myri as a benefit from your health insurer or healthcare provider, Myri is part of your care package, and we share your personal data with your health insurer or provider, or their business associates, under HIPAA, for care and benefits management.

  • If you receive Myri as a benefit from your employer or your health plan:

    • We do not share your health data with your employer without your express consent for a specific purpose. This might occur, for example, if your employer or health plan offers you access to an in-house care management team. In such cases, we limit the sharing to only what's necessary for the specific purpose you've consented to.

    • However, we may share personal data with your employer, health plan, and their business associates (including your health insurer), as well as with employee benefits management vendors, in accordance with HIPAA or other applicable privacy laws.

    • When we share your data with your health insurer, nurse care managers and care coordinators from your health plan may access your personal data. As a result, they might contact you for care management purposes.

    • If you apply for Myri Premium services offered by a health plan or employer, we may share limited identifying information—such as your name and date of birth—with the health plan or employer to verify your eligibility for Myri Premium benefits.

    • When sharing health data for care and benefits management as described in this section, we provide a summary snapshot of your health information. We do not share any details you've recorded in the Myri apps about sexual activity, responses to questions, or submissions to our Community feature.

What Categories of Personal Information Do We Sell or Share for Advertising?

Nothing.

Categories of Personal Information Disclosed for Business Purposes

  1. Category

    • Identifiers

    Categories of Recipients

    • Cloud computing providers, data analytics providers, vendors who provide email, support, admin, marketing, survey, and scheduling systems

    Business Purpose for Sharing

    • For internal operations (hosting, support, admin, marketing, analytics)

  2. Category

    • General personal information including health information

    Categories of Recipients

    • Cloud computing providers, data analytics providers, vendors who provide email, support, admin, marketing, survey, and scheduling systems. Myri Premium customers and their vendors as described under the “Myri Premium Data Sharing” heading above.

    Business Purpose for Sharing

    • For internal operations (hosting, support, admin, marketing, analytics). To provide our digital health solutions to Myri Premium customers.

  3. Category

    • Legally protected classifications including race, gender, pregnancy status

    Categories of Recipients

    • Cloud computing providers, data analytics providers, and vendors who provide email, support, admin, marketing, survey, and scheduling systems. Myri Premium customers and their vendors as described under the “Myri Premium Data Sharing” heading above.

    Business Purpose for Sharing

    • For internal operations (hosting, support, admin, marketing, analytics). To provide our digital health solutions to Myri Premium customers.

  4. Category

    • Purchase histories or interests

    Categories of Recipients

    • Cloud computing providers, data analytics providers, and vendors who provide email, support, admin, marketing, survey, and scheduling systems.

    Business Purpose for Sharing

    • For internal operations (hosting, support, admin, marketing, analytics)

  5. Category

    • Biometric information

    Categories of Recipients

    • Cloud computing providers, and vendors who provide email, support, admin, marketing, survey, and scheduling systems. If you elect to share your Myri data with a device provider (such as Apple or Google), we share the data you elect to share. Myri Premium customers and their vendors as described under the “Myri Premium Data Sharing” heading above.

    Business Purpose for Sharing

    • For internal operations (hosting, support, admin, marketing, analytics), and to provide our digital health solutions to Myri Premium customers. If you elect to share your Myri data with a device provider (such as Apple or Google), to provide that sharing service to you.

  6. Category

    • Internet and app activity information

    Categories of Recipients

    • Cloud computing providers, data analytics providers, and vendors who provide email, support, admin, marketing, survey, and scheduling systems. Myri Premium customers and their vendors as described under the “Myri Premium Data Sharing” heading above.

    Business Purpose for Sharing

    • For internal operations (hosting, support, admin, marketing, analytics), to provide our digital health solutions to Myri Premium customers.

  7. Category

    • Geolocation

    Categories of Recipients

    • Cloud computing providers, data analytics providers, and vendors who provide email, support, admin, marketing, survey, and scheduling systems.

    Business Purpose for Sharing

    • For internal operations (hosting, support, admin, marketing, analytics)

  8. Category

    • Audio and visual information

    Categories of Recipients

    • Cloud computing providers.

    Business Purpose for Sharing

    • For internal operations (hosting and support)

  9. Category

    • Professional and employment related

    Categories of Recipients

    • Cloud computing providers, data analytics providers, and vendors who provide email, support, admin, marketing, survey, and scheduling systems.

    Business Purpose for Sharing

    • For internal operations (hosting, support, admin, marketing, analytics).

  10. Category

    • Inferences

    Categories of Recipients

    • Cloud computing providers, data analytics providers, and vendors who provide email, support, admin, marketing, survey, and scheduling systems. Myri Premium customers and their vendors as described under the “Myri Premium Data Sharing” heading above.

    Business Purpose for Sharing

    • For internal operations (hosting, support, admin, marketing, analytics) and to provide our digital health solutions to Myri Premium customers.

  11. Category

    • Sensitive information

    Categories of Recipients

    • Cloud computing providers, data analytics providers, and vendors who provide email, support, admin, marketing, survey, and scheduling systems. Myri Premium customers and their vendors as described under the “Myri Premium Data Sharing” heading above.

    Business Purpose for Sharing

    • For internal operations (hosting, support, admin, marketing, analytics). To provide our digital health solutions to Myri Premium customers.

Myri may also share personal data for business purposes across all the categories mentioned above. This sharing occurs with specific recipient groups listed in the table "When We Share Personal Information, What Categories of Recipients Do We Share With?" These groups include: People You Invite, You and Your Requested Followers, Affiliates and Successors, and Government Authorities and Recipients of Compelled Disclosures.

Third Parties Controlling the Collection of Personal Information

When Myri discloses personal data to third parties, we may share it with two types of entities: processors who act on Myri's behalf (our main processors are listed on our Subprocessors Page), and controllers—third parties who act independently, even if they also provide services to Myri. The controllers with whom we share personal data include:

  • Google: We use Google technology and services to provide Consumer users with tailored Myri content. Consequently, Google obtains and uses personal data of Consumer users as described here.

  • Third-Party Advertising Platforms (e.g., Instagram, Pinterest or TikTok): We may advertise on these platforms. As a result, they may acquire data indicating you've downloaded a Myri app, which they might use for their own personalized advertising purposes.

  • Alchemer: Our marketing analytics vendor, Alchemer, primarily acts as a processor for Myri. However, it may function as a controller when using personal data for its internal security, error correction, and compliance purposes.

Some of the controllers mentioned above may not always act as controllers. This is particularly true when Myri has implemented a "limited service provider" or "processor" level of service offered by the controller for compliance purposes in certain jurisdictions.

Data Security

Myri safeguards personal data using industry-standard security measures. These include conducting background checks on all employees and implementing data encryption both in transit and at rest. We host our main database on Amazon Web Services, which maintains numerous security certifications. In the event of a security incident, we'll notify you as required by law. You agree that, when legally permissible, we may send such notifications via email address linked to your Myri account.

Data Retention

For Consumer users, we retain your data (all categories) while your account is active and for 7 years after deactivation. Following this period, we automatically delete your data.

For Myri Premium or Myri Premium Plus users enrolled through a health plan, employer, or public health initiative, we retain your data (all categories) for the duration of your Myri Premium benefits. Typically, we're required to delete your data within 90 days after your benefits end. We'll notify you before deletion and, when possible, offer you the option to convert your account to a Consumer account, allowing you to keep your data.

While these are our standard retention periods, you can delete your data at any time as described in the next section.

What Are Your Choices?

Within the Myri App

You can use self-service controls within the Myri apps to exercise your data subject rights to:

  • Correct your data:

    • Go to the "Settings" screen in your Myri app, then select "Account" to modify your profile and health information.

  • Opt out of marketing emails and push notifications:

    • Navigate to "Settings" in your Myri app, then select "Notifications" to manage your email subscriptions and opt out of email and push notifications.

    • You can also opt out of marketing emails by using the unsubscribe link in the emails.

  • Opt out of using your sensitive information for Myri's advertising personalization ("Limit the Use of My Sensitive Personal Information" for California users), where applicable and if you have previously opted in to this use

    • Navigate to the "Settings" screen in your Myri app, then select "Account Details". In the “Account Details” under the "Data Privacy" section, choose "Limit the Use of My Sensitive Personal Information."

  • Delete your data and account, subject to certain exceptions

    • Navigate to the "Settings" screen in your Myri app, then select "Account Details." Under the "Data Privacy" section in Account Details, choose "Delete my account."

  • Obtain a copy of your data

    • Navigate to the "Settings" screen in your Myri app, then select "Account Details." Under the "Data Privacy" section in Account Details, choose "Export my data."

  • Obtain a summary statement of Myri’s data processing

    • Navigate to the "Settings" screen in your Myri app, then select "Account Details." Under the "Data Privacy" section in Account Details, choose "How is my data used?"

  • Withdraw your consent to Myri’s data processing by deleting your data

    • Navigate to the "Settings" screen in your Myri app, then select "Account Details." Under the "Data Privacy" section in Account Details, choose "Delete my account"

Opting Out Through Browser-Based Global Privacy Controls

Although Myri does not sell any data, we respect "do not sell" Global Privacy Control (GPC) signals received on our corporate website at www.myrihealth.com. Please note that the corporate website is governed by Myri's Non-App Privacy Policy.

Contacting Our Helpdesk, and Use of Authorized Agents

You may email Myri at support@myrihealth.com to exercise any of the rights listed above and any other data subject rights provided by law. Any authorized agents seeking to exercise data subject rights on behalf of any Myri users should contact support@myrihealth.com with their request. Myri may require you to verify your identity by entering your username and password in order to exercise data subject rights.

You have the right not to be discriminated against for exercising your privacy rights. Contact our helpdesk if you are concerned that this has happened to you.

Appeal Rights

If your request to exercise any of your rights is refused, you may send your notice of appeal by email to legal@myrihealth.com, for review by Myri’s Legal Department. We will resolve your appeal within 30 days of the date of receipt of your email.

Exceptions to Deletion

Even if you exercise your rights described above, Myri may retain personal data to maintain proper business records, comply with applicable laws, manage security and investigations, handle litigation, or protect the rights or property of Myri or third parties. For more information, please refer to "How Does Myri Respond to Data Requests."

Other Relevant Information

Even if you opt out of marketing emails and push notifications, you'll still receive account management notices. To stop all communications, you must delete your account and data. Note that deleting your data won't remove posts or comments you've shared publicly on Myri's social media, community, or chat features. If you've consented to participate in a research study and later request data deletion, we may delay this until the study's completion. Additionally, Myri may retain some personal data even after you exercise your rights. This is necessary to maintain proper business records, comply with laws, manage security and investigations, handle litigation, or protect the rights or property of Myri or third parties. For more details, please refer to "How Does Myri Respond to Data Requests."

Your mobile device may include options where you can choose to opt out of third-party personalized advertising. Please note that this does not opt you out of Myri’s personalization of the ads and content you see within our apps.

How to Contact Myri with Comments or Complaints?

To contact Myri to exercise your privacy choices, please see “What Are Your Choices?” above.

Myri has designated a Data Protection Officer. To contact our Data Protection Officer or for questions or complaints about Myri’s processing of personal data, contact us at:

Data Protection Officer

Myri Health Inc.

4601 Isabella Rd

Norman, OK 73072

legal@myrihealth.com

Data subjects located in the EEA or UK may contact the Data Protection Officer at the address above or Myri’s EU and UK representative at legal@myrihealth.com.

You may also have the legal right to lodge a complaint about Myri’s data processing with your local consumer protection or data protection authority.

Additional Information

Third-Party Websites or Apps: Some ads or links within the Services may interface with or take you to websites or apps that are operated by other companies. Myri is not responsible for the privacy practices of its advertisers or others. You should review the privacy policies of those sites and apps.

US Location: The data we collect is transferred to servers in the United States, operated by our cloud computing provider, Amazon Web Services (AWS). Some personal data may also be transferred to other US-based vendors who provide services to Myri, including our principal vendors listed elsewhere. If you reside outside the US, your data may become subject to US jurisdiction, which might offer weaker data protection safeguards and rights compared to your home jurisdiction. By accepting this Privacy Policy, using our Services, or providing us with your personal data, you acknowledge and consent to the transfer and processing of your personal data as described in this Policy.

Children: The Services are not available to individuals under 18 or those who require parental consent under applicable law to use the Services or provide personal information to Myri. Parents and guardians may include personal data about their baby or child in their Myri account; however, they are responsible for ensuring they have the legal right to do so.

Deidentified Data and Aggregated Data: Myri may use personal data to create deidentified data for research and development. This data is no longer considered personal as it can't be linked back to you. Once we create a deidentified dataset, we maintain it as such and won't re-identify it. We may share this data with research partners, like universities and medical research institutions, and other businesses for research services. Myri may also disclose deidentified data derived from patient information (as defined by the California Consumer Privacy Act). In such cases, we deidentify the information following HIPAA safe harbor or expert determination requirements. Additionally, we may use personal data to create aggregated analytics and statistics for internal use or to share with third parties. Myri might receive compensation for sharing deidentified or aggregate data.

Social Media: Myri content may appear on our social media channels including Instagram, X, YouTube, and LinkedIn. We don't collect personal data through these channels, and the respective privacy policies of each social media provider apply to your usage. However, if we request personal data (such as your Instagram handle, email address, or name) via social media messaging—perhaps for a giveaway or competition—this Privacy Policy will apply.