Privacy Policy – Core Wellness

Last Updated: January 1, 2020

Introduction

At Core Wellness, Inc. (“Core”, “we” or “us”), we want to give you the best possible experience to ensure that you enjoy our service. To do this we need to understand your meditation habits so we can deliver an exceptional and personalized service specifically for you. Your privacy and the security of your personal data is, and will always be, enormously important to us. So, we want to transparently explain how and why we gather, store, share and use your personal data - as well as outline the controls and choices you have around when and how you choose to share your personal data.

This Privacy Policy sets out how we will treat the personal information which you provide to us while using the websites located at hellocore.com, corewellness.io, and goodpillar.com (collectively the “Websites”), the Core downloadable application (the “App”), the Core meditation trainer device (the “Device”) and other interactions (e.g., customer service inquiries, user feedback, etc.) you may have with Core (collectively with the features and functions made available via the Websites, App, and Device, the “Services”).

If you do not agree with the terms, do not access or use the Websites or any other aspect of Core’s business.

Information We Collect

We may collect personal information from you in various ways. Below is a description of the types of information we collect from you.

-Personal Contact Information. We collect information from you when you purchase our Device or sign-up for an account on our App, which includes, your first and last name (“Identity Data”), email address, cell phone number, billing address and shipping address (collectively, “Contact Data”).

-Profile Information. We collection profile information you create on the App and Services, such as your user name, email and phone number that you use to establish an online account with us, and your meditation preferences to recommend additional meditations.

-Transaction Data. We collect information related to the products and services you purchase, such as any Services you’ve subscribed to, and/or Device(s) purchased (“Transaction Data”).

-Feedback or correspondence. We collect any information you provide to us when you contact use with questions, feedback or otherwise correspond with us online.

-Health Data. When you use the Device, we will collect your heart rate and related metrics related to your stress and calmness levels in order to provide the Services to you. This information includes your heart rate, electrocardiogram (ECG) data, and heart rate variability (HRV) data.

-Newsletter. When you sign up for our newsletter on the Website, we collect your email address.

-Cookies and Other Information Collected by Automated Means. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Service, including but not limited to, your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution (collectively, “Device Data”), IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; information to facilitate checkout, such as the quantity of the order and monthly or annual subscription; information about your use of and actions on the Service, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, meditation tracks reviewed or listened to, and length of access; and other personal information (collectively “Online Activity Data”). Our service providers may collect this type of information over time and across third-party websites and mobile applications.

On our webpages, this information is collected using cookies, web beacons, and similar technologies, and our emails may also contain web beacons. In our mobile application, we may collect this information directly or through our use of third-party software development kits (“SDKs”). SDKs may enable third parties to collect information directly from our App. A SDK is third-party computer code that we may incorporate into our mobile applications that may be used for a variety of purposes, including to provide us with analytics regarding the use of our mobile applications, to integrate with social media, add features or functionality to our app.

A “cookie” is a text file that websites send to a visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as a pixel tag or clear GIF, is typically used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of our websites.

How Core Uses Information We Collect

We use the personal information we collect as described below and elsewhere in this privacy policy.

To operate, provide and improve the Service. We use your personal information to provide, operate and improve the Service. For example, we use your:
- First and Last Name for billing and shipping;
- Email Address for subscription billing; responding to feedback requests; sending subscription billing reminders; and sending informational marketing messages (if you have signed up for our newsletter);
- Cell phone number to connect the Device with your unique cell phone and the App, and to authenticate your subscription if applicable;
- Billing Address to confirm your credit card payment for the Device and for your subscription payment.
  - Note: Related to billing, we will share your personal data with our payment processor, Stripe or Apple App Store, as necessary to enable them to process your payments, and for anti-fraud purposes.
  - Your credit card will not be stored by Core. It is provided directly to our third party payment processors and is not accessible by Core.
- Shipping Address to ship your Device;
- Health Data (Heart Rate, ECG, HRV) to analyze how your body responds to meditation while using the Device and App -- specifically the levels of Calm and Focus you achieve while meditating as shown in the Core App, and to further personalize the meditation experience to your needs; and
- System Diagnostics (Log files, crash reports, app usage, device information) to improve the Core App’s reliability and make personal recommendations to our customers.
For research and development. We analyze use of the Service to analyze and improve the Service and to develop new products and services.
To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from governmental authorities.
For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to, (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Service; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
To send you marketing and promotional communications. We may send you Core-related marketing communications as permitted by law. You will have the ability to opt-out of our marketing and promotional communications as described in our Opt out of marketing section below.
Support and requests. We use your personal information to respond to your requests for support, as well your other requests, questions and feedback.
With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
To create anonymous, aggregated or de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

How We Share your Personal Information

We do not share your personal information with third parties without your consent, except in the following circumstances or as described in this Privacy Policy:

Affiliates. We may share your personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
Service providers. We share your personal information with third party companies and individuals that provide services on our behalf or help us operate the Service (such as Zendesk customer support, Rush Order shipping, hosting, Google™ analytics, email delivery, Yotpo™ reviews, marketing, and database management services). These third parties may use your personal information only as directed or authorized by us and in a manner consistent with this Privacy Policy, and are prohibited from using or disclosing your information for any other purpose.
For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Your Choices

In this section, we describe the rights and choices available to all users.

- Delete your information. If you have registered for an account with us, you may request to delete your personal information in your account profile by emailing us at support@hellocore.com.

- Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.

- Cookies & Browser Web Storage. We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity over time and across the Service and third-party websites. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Sites may not work properly. Similarly, your browser settings may allow you to clear your browser web storage.

Security

We take security seriously at Core and we take measures that are designed to protect data against unauthorized access, disclosure and use. We utilize an HTTPS connection to communicate with our servers. We also do not store passwords as plain-text, but instead as an encrypted version of that text. It is important to note, however, that no data security measures taken are 100% safe.

Children’s Online Privacy Protection Act Compliance

We do not knowingly collect or maintain information from those who are under 13. No part of the Core service is structured or marketed to attract anyone under 13. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it.

Important Information for California Residents

This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.

Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information that we have collected.
- The categories of sources from which we collected Personal Information.
- The business or commercial purpose for collecting and/or selling Personal Information.
- The categories of third parties with whom we share Personal Information.
- Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third-party
- Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third-party
Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
Deletion. You can ask us to delete the Personal Information that we have collected from you.
Opt-in. If we know that you are younger than 16 years old, we will ask for your permission (or if you are younger than 13 years old, your parent’s or guardian’s permission) to sell your Personal Information before we do so.
Nondiscrimination. You are entitled to exercise the rights described above free from discrimination in the form of legally prohibited increases in the price or decreases in the quality of our Service.

How to exercise your rights

You can request to exercise your information, access and deletion rights by:

Email: support@hellocore.com

Mail: Core Wellness, Inc. -- Privacy & Data Protection, 660 4th St, Box 645, San Francisco, CA 94107

Personal information that we collect, use and share

The chart below summarizes how we collect, use and share Personal Information by reference to the categories specified in the CCPA, and describes our practices during the 12 months preceding the effective date of this Privacy Policy.

We have not sold your personal information in the preceding 12 months.

Category of personal information (PI)	PI we collect		Source of PI	Business/ commercial purpose for collection	Categories of third parties to whom we “disclose” PI for a business purpose	Categories of third parties to whom we “sell” PI
Identifiers	· Contact data · Identity data		· You	· Service delivery · Marketing · Compliance & Operations	· Affiliates · Professional advisors · Authorities and others · Business transferees	None
Biometric Information	· Heart rate · Heart rate variation (HRV)		· You	· Service delivery	· None	None
Commercial Information	· Contact data · Identity data · Transaction data		· You	· Service delivery · Marketing · Compliance & Operations	· Affiliates · Professional advisors · Authorities and others · Business transferees	None
Online Identifiers	· Device data · Identity data		· Automatic collection	· Service delivery · Research & development · Marketing · Compliance & Operations	· Affiliates · Professional advisors · Authorities and others · Business transferees	None
Internet or Network Information	· Device data · Online activity data		· Automatic collection	· Service delivery · Research & development · Marketing · Compliance & Operations	· Affiliates · Professional advisors · Authorities and others · Business transferees	None
Inferences	May be derived from your:		Automatic collection	· Service delivery · Research & development	None	None

We describe: the sources from which we collect this information in the section above entitled Information We Collect; and the business and commercial purposes for which we collect this information in the section above entitled How Core Uses Information We Collect. the categories of third parties to whom we disclose this information in the section above entitled How We Share your Personal Information
Glossary
Statutory category		Definition (categories may overlap)
Commercial Information		Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Identifiers		Real name, alias, postal address, unique personal identifier, customer number, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Inferences		The derivation of information, data, assumptions, or conclusions from any other category of Personal Information to create a profile about a person reflecting the person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.
Internet or Network Information		Browsing history, search history, and information regarding a person’s interaction with an Internet website, application, or advertisement.
Online Identifiers		An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.
Protected Classification Characteristics		Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

Information for European Union Users

Core is currently only sold and available in the United States. However, if you use Core and provide your information, you authorize us to collect, use, and store your information outside of the European Union.

International Transfers of Information

Core is currently only sold and available in the United States. However, if you use Core and provide your information from outside the United States, your information may be processed, stored, and used outside of the country in which you are located. Data privacy laws vary across jurisdictions, and different laws may be applicable to your data depending on where it is processed, stored, or used.

Contacting Us

If you have questions regarding this privacy policy, you may email support@hellocore.com

Or write: Core -- Privacy & Data Protection, 660 4th St, Box 645, San Francisco, CA 94107

Changes to this Policy

Core reserves the right to make changes periodically to the Privacy Policy. If we ever decide to change our privacy policy, we will post changes on this page, and, if you have registered for an account with us, alert you by email prior to the changes taking effect. You are solely responsible for maintaining an up-to-date email address with your account.

Related articles