General Privacy Policy

Updated: 14 March, 2025

Aduro, LLC (“Aduro,” “our,” “we” or “us”) is committed to protecting and respecting your privacy. This Privacy Policy (“Privacy Policy”) informs users (“you” or “your”) how we collect, use, and disclose your Personal Information, as defined below. This Privacy Policy applies to the Personal Information we collect about you in the context of operating our business, including when you use our websites or mobile apps that link to this Privacy Policy and any related services (collectively, the “Services”).

Information We Collect and Use

We collect your Personal Information. “Personal Information” includes any information that we collect about you that, alone or in combination with other information, can be used to identify you, such as a personal identifier, an identification number, online identifiers, biometrics, or inferences about your preferences. For the purpose of this Privacy Policy, Personal Information also includes “Personal Data,” as defined under GDPR. Certain Personal Information provided by you or collected by us through the Services or the sponsor of your wellness plan may include Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act (“HIPAA”). Personal Information does not include publicly available information or information that is de-identified or aggregated so that it cannot be used to identify individuals who use the Services.

Subscription and Account Profiles

We collect and process your name, employee identification number and/or social security number (if provided), date of birth, postal address, email address, and other contact or eligibility information received from your employer. This information is used to onboard you as a user, verify your identity, service or maintain your account, to send you messages or updates (including via email and text), communicate with you regarding your account, respond to your inquiries, process or fulfill your requests related to your account, and other activities as part of our Services. Further, we use the Personal Information that you provide through registration to send you administrative notices about your registration or account, deliver relevant content, provide account support, and respond to questions from you, inform you of material changes to this Privacy Policy, and to contact you if required by applicable law. You may also voluntarily submit certain Personal Information, such as your address, interest information, or a photo, in order to enhance your profile within the Services.

Use of Aduro Services

We may process your name, unique identifier(s), email, phone number, date of birth, and other applicable data you provide related to your activity or health information in order to provide Services that are associated with your wellness goals and use of the Service. Activity and health information may include specific information regarding medical conditions, health, lifestyle, diet, exercise habits, drug and alcohol usage, and workplace health data. We process and use this data in furtherance of providing you our Services, including, but not limited to, Personal Information offered through our coaching services, onsite events, screening forms and surveys, interactions with our digital platform, support calls, requests, and participation modules related to wellness program activities and goal tracking.

In addition to direct collection from you, we may collect this information through active or passive third-party data integrations with our Services. For example, you have the option to connect our Services with other technologies accessible through your mobile phone or desktop platforms, such as activity trackers. Depending on the brand and model of the activity tracker you use, the type of data that is collected may vary. Please review the privacy policy of the activity tracking device that you use to better understand the specific data that your activity tracking device collects about you. Please note that by voluntarily connecting our Services to such third-party technology or service, you consent to our processing the data provided to us by that third-party technology or service, as described in this Privacy Policy.

Automatically Collected Information

We collect information about devices you use to access the Services, such as device manufacturer, operating system, domain name, and IP address, from all website visitors and app users (“Automatically Collected Information”). We use Automatically Collected Information internally to help us improve your experience with the Services, including creating your profile, analyzing trends, administering the Services, and detecting, preventing, and addressing fraudulent and illegal activities.

Community Forums and Activity Feeds

Aduro may provide access to activity feeds and forums where users can share information or post questions for other community members to answer. Any information shared in these forums is public information and may be seen, disclosed to, or collected by third parties. Users should think carefully before posting Personal Information in community forums.

Job Candidate Information

We collect your identifiers, employment and education history, and other information included in your application. We may also collect supplemental information from third parties to evaluate your candidacy.

Business Visitors

We collect contact and employment information from business visitors to respond to inquiries, manage event registrations, and for internal business purposes.

Information We Share With Third Parties

We do not share or sell, your Personal Information with or to any third party not affiliated with or owned by Aduro for direct marketing purposes. We will only share your Personal Information at your direction, with your consent, or in the following circumstances.

Provision of Services

In order to provide you with the services on the websites, we may disclose your Personal Information to our agents, contractors, or other service providers who perform services on our behalf, such as incentive fulfilment, web hosting, translation, evaluation and processing of job applications, or data storage. These third parties may also collect Personal Information on our behalf. In addition, Aduro may disclose your Personal Information to third parties that enable us to provide you with a product or service that you have requested from us, subject to contractual restrictions and conditions between Aduro and the third parties that obligate them to safeguard the Personal Information. Some of our service providers may be located outside of your country of residence and as a result, your Personal Information may be subject to applicable foreign laws regarding the collection, processing, and storage of your Personal Information.

HIPAA

Aduro acts as a Business Associate to your employer-sponsored health plan when we handle PHI.  Aduro may disclose your Personal Information to entities subject to HIPAA (called “covered entities”) in certain instances. Covered entities include, for example, health care providers such as doctors and dentists. Covered entities also include health plans, such as group health plans sponsored by your employer and which may be administered by other employees of your employer. HIPAA and other laws prohibit these employees from further disclosing your Personal Information to the employer-sponsors or others for reasons other than administering the group health plan or as otherwise permitted by law.

Participation, Incentives and Rewards

Aduro may disclose your Personal Information to your employer-administered health plan, health care providers, or your employer, in order for your employer or health plan to operate and maintain their wellness program, to provide you or your partner with incentives and rewards for your participation in the Services, and to use as otherwise permitted by law. At the direction and request of your employer, we may also share your Personal Information with third party wellness providers and other wellness program-related vendors selected and designated by your employer.

De-Identified and Aggregated Information

Aduro may disclose aggregated and/or de-identified information derived from your Personal Information to third parties, including to our vendors, customers, and potential customers. Our de-identification process follows recognized standards (such as HIPAA Safe Harbor guidelines), ensuring such information cannot reasonably be linked back to you.

Automatically Collected Information

Aduro may disclose automatically collected information (e.g., IP addresses, browser types, product usage) obtained from your use of the Services to our service providers to provide services to Aduro.

Business Transactions

In the event Aduro goes through a business transition, such as a merger, acquisition by another company, reorganization, or sale of a portion of its assets, your Personal Information may be transferred in connection with the proposed transaction. We will provide you with the option to opt out of the transfer of your Personal Information to the successor entity if that entity has not committed to comply with this Privacy Policy or a Privacy Policy that is, in all material respects, as protective of your Personal Information as this Privacy Policy.

Events & Business/Employment Inquiries

If you have registered for an event involving Aduro or requested that we contact you or provide you with information regarding a potential business relationship with Aduro, we may disclose your information to third parties involved in such event and/or who provide Aduro with services for its internal business operations.

Legal Obligations

Aduro may process your Personal Information in certain circumstances where it may be necessary to satisfy our legal obligations. This includes records containing your Personal Information that we may be required to retain for a period of time or may be legally required to disclose to a government authority or third party pursuant to governmental or regulatory investigation, court order, subpoena, or litigation.

Cookies

We utilize cookies to help us keep our Services secure, measure the performance of our websites and understand how visitors interact with them, and count numbers of visitors. Cookies help us understand how our websites are being used and improve your user experience. At any time, you may control how we use cookies and other similar technologies on our websites. Most browsers are set to accept cookies by default, but you can control and manage the use of cookies on your browser or device by deleting them from your browser history when you leave our site. If you do not wish to receive cookies, you may set your browser to reject cookies or alert you when a cookie is dropped on your computer. You can limit how cookies interact with your device or browser by enabling ad tracking functionality on both android and iOS devices. If you use a device to access our website(s), your device identification may be collected and used for purposes similar to other cookies. Please be aware, if you disable certain cookies, some of the features of our Services may not function properly or be available to you, such as those which require identification.

Web Beacons: web beacons are tiny graphic image files embedded in a web page or email that allow website operators to check whether you have viewed a particular web page or email communication. We use the information collected by web beacons to statistically monitor how many people are using our Services or opening our emails.

“Do Not Track” signals: some web browsers have “Do Not Track” or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked. Currently, our websites do not respond to “Do Not Track” signals and will continue to collect information about you even if your browser’s “Do Not Track” functionality is activated. Your selection of the “Do Not Track” option provided by your browser may not have any effect on our collection of cookie information.

Data Security

Aduro maintains administrative, physical, and technical safeguards aimed at protecting your Personal Information. While we implement reasonable safeguards, no internet transmission is entirely secure. If a security breach occurs involving your Personal Information, Aduro will respond promptly in accordance with applicable law, including notifying relevant parties or authorities as legally required.

Data Retention

Aduro stores your Personal Information for no longer than necessary for the purposes for which it is collected and processed in order to perform the Services, subject to our legal obligations under our contracts with our customers and applicable laws. Unless as otherwise required by applicable law, upon termination or expiration of the agreement with our customer, we will delete your Personal Information from our systems or return to it to your employer. However, please note that when we delete your Personal Information from our systems, copies of your Personal Information may exist on Aduro’s backup or archive media.

Third-Party Websites

Please note that your use of the Services may contain links to other third-party apps and sites, including links to sponsors and partners, including our corporate customers. Aduro is not responsible for the privacy practices or content of these other apps and websites. To the extent that you are accessing Services through an employer or health plan portal or other third party website, we strongly encourage you to review and understand the privacy policies of your employer or third party organization before providing sensitive personal information through the Services.

User Choices

We offer you the ability to opt-out of certain uses of your Personal Information. During account registration and throughout your use of the Services, you may have the option of receiving emails, SMS texts, in-app messages, voice IVR messages and/or newsletters directly from Aduro. You may elect to opt-out of in-app communications by adjusting your settings in the app. You may opt-out of other communications (e.g., those that are necessary for your participation in your wellness program) by withdrawing from the Aduro Services or contacting your wellness program administrator.

Minors

Our Services are not intended for minors younger than 18 years of age, and we do not knowingly collect any Personal Information of minors through our Services. If you believe we have collected Personal Information from a minor younger than 18 years of age through the use of our Services, please contact us at the notice address provided below.

Notice to California Residents

If you are a California resident, you have certain rights with respect to your Personal Information under the California Consumer Privacy Act (“CCPA”). You have the right to request to know the specific pieces and categories of personal information that we collect about you and the right to request deletion of your Personal Information under certain circumstances. To honor your requests, we will verify your identity by asking you or your authorized agent to provide information necessary to verify your account. If you have an account with us, we may use existing account verification practices to verify your request. We will only use the Personal Information provided in the verification process for identity verification purposes. Please note that Aduro does not sell your Personal Information.

Please be advised that we limit the collection and processing of Personal Information of participants in our customers’ wellness programs at the request and direction of our customers, who maintain a business relationship with Aduro, and in accordance with our customer contracts. Aduro, acting as a service provider to its customers, collects health data and business contact information in order to perform contracted Services. As such, we may refer your CCPA request to your employer or provide you with information to contact your employer directly to exercise your consumer rights under the CCPA.

Under the California Privacy Rights Act (CPRA), you have additional rights regarding Sensitive Personal Information, including the right to limit its use and disclosure. Aduro collects and uses Sensitive Personal Information only as necessary to perform services or as otherwise permitted by law, and we do not use or disclose Sensitive Personal Information beyond the purposes clearly stated in this Privacy Policy or as permitted by law.

Other U.S. State Privacy Rights

Certain other states, including but not limited to Colorado, Connecticut, Utah, and Virginia, have enacted comprehensive privacy laws granting residents rights similar to those under the California Consumer Privacy Act (CCPA). If you reside in these states and would like to exercise your privacy rights or have questions about how we handle your Personal Information, please contact us using the contact information below.

International Users

Aduro’s Services are operated from and intended for users located within the United States. We do not actively offer or market the Services internationally. If you access our Services from outside the U.S., please be aware that your Personal Information will be transferred to, stored, and processed in the United States. By voluntarily providing us your Personal Information, you consent to such transfers and processing as described in this Privacy Policy. We will handle your Personal Information in accordance with this Privacy Policy and applicable laws.

Notice to Canadian Residents

Your Personal Information may be transferred to and processed in the United States, where privacy laws may differ from Canadian laws. We process and protect your information as described in this Privacy Policy. Since Aduro provides services under contracts with your employer or wellness plan sponsor, we may, when permitted or required by law, direct your inquiries regarding your Personal Information to your employer or provide you with information to contact your employer directly.

Notice to European Economic Area (“EEA”) and United Kingdom (“UK”) Residents

We do not actively offer or market the Services to EEA/UK residents. However, if Personal Information of such individuals is provided—either directly by you or through your employer or wellness plan sponsor—we will protect it consistent with this Privacy Policy. We process your Personal Information according to agreements with the relevant data controller (typically your employer or wellness plan sponsor) and will coordinate with them to apply appropriate mechanisms for cross-border transfers (such as Standard Contractual Clauses). For questions regarding how your information is processed, please contact your employer or wellness plan sponsor, as they are responsible for determining the purposes and means of processing your Personal Information.

Aduro as a Data Processor

Aduro processes Personal Information as a Data Processor for the purpose of providing services to our Data Controller customers (e.g., your employer). Our customers determine why and how the Personal Information submitted to our Services is processed. As such, it is necessary for us to process your Personal Information in order to provide the Services to you in accordance with both the applicable data processing terms under the contract between your employer and/or wellness plan sponsor and us and our Terms of Service, which may be reviewed at: https://adurolife.com/aduro-terms-of-service/.

Special Categories of Data

We process special categories of Personal Information that you have provided to us where necessary for us to perform a contract with your employer or wellness plan sponsor to provide you with Services, and where you have given explicit consent for us to engage in such processing. Special categories of Personal Information may include information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health, sex life, or sexual orientation.

Withdrawal of Consent

Where you have given us valid consent to use your Personal Information in certain ways, we will rely on your consent. In instances in which we have based our processing of your Personal Information on your consent, you have the right to withdraw your consent in two ways. You may de-activate your account by managing your account settings and email [email protected] to request that your Personal Information be deleted from our systems. Please note that when you withdraw consent, we might not be able to provide you with the Services we offer. Also, please note that in certain situations, we may continue to process your Personal Information after you have withdrawn consent and requested that we delete your Personal Information, if we have a legal basis to do so. For example, we may retain certain information if we need to do so to comply with a legal obligation or if it is necessary to do so to pursue our legitimate interest in keeping the Services safe and secure.

Data Subject Rights

If you are a resident of the EEA or the UK, you have the right to request access to Personal Information we hold and to ask that your Personal Information be corrected, erased, or transferred. Please contact your employer to exercise these rights.

Data Transfers to Countries Outside the EEA and UK

If your Personal Information is transferred from the EEA or UK to the United States, Aduro will work with your employer or wellness plan sponsor, as the data controller, to ensure valid transfer mechanisms (such as Standard Contractual Clauses) are in place, as required by applicable laws.

Questions or Complaints

If you are a resident of the EEA or the UK and have a concern about our processing of your Personal Information that we are not able to resolve, we will forward your complaint to the Aduro customer associated with your account, usually your employer or wellness plan sponsor, and work with the customer to address your concerns. You may choose to reach out to the customer (e.g., your employer), who is the data controller, first before contacting Aduro. Additionally, you have the right to lodge a complaint with the data protection authority where you reside.

Notification of Changes

We may change this Privacy Policy from time to time. If we make a material change to the way we intend to use your Personal Information, we will notify you by modifying the date updated at the beginning of this Privacy Policy. We encourage you to review the Privacy Policy whenever you access the Services or otherwise interact with us to stay informed about our privacy practices.

Contact Us

If you have questions regarding our Privacy Policy, please contact us:

By mail:

Aduro, LLC

PO Box 2734

Redmond, WA 98073

Attention: Privacy Team

By email:

[email protected]