Coast to Coast Privacy Policy

External Links

To provide you greater value, Coast to Coast may include links to various third party websites. However, even if a third party affiliation exists between Coast to Coast and that site, Coast to Coast exercises no authority over linked sites; each maintains independent privacy and data collection policies/procedures. Coast to Coast assumes no responsibility or liability for linked sites’ independent methods, actions, or policies/procedures. Similarly, Coast to Coast cannot be responsible for the content of linked websites. These links are provided only for your convenience — you access them at your own risk.

Disclosures

We may disclose personal information:

• To any person performing audit, legal, operational, or other services for us. Whenever feasible, we will use information that does not identify the individual for these activities. Information disclosed to vendors or contractors for operational purposes may not be re-disclosed to others by such a vendor or contractor.
• When required to do so by a subpoena, court order, or search warrant.
• As we deem appropriate to protect the safety of an individual, for an investigation related to public safety, or to report an activity that appears to be in violation of law.
• To protect the security and reliability of this site and to take precautions against liability.

Email addresses may be used for internal communications.

Security

Coast to Coast employs strict security measures to safeguard personal information such as:

• HES services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Participant Data is encrypted at rest.
• Participant Data is stored redundantly in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures, which allow recovery from a major disaster. Participant Data and our source code are automatically backed up nightly.
• In addition to sophisticated system monitoring and logging, we have implemented two-factor authentication for all server access across our production environment. Firewalls are configured according to industry best practices and unnecessary ports are blocked by configuration with AWS Security Groups.
• We contract with respected external security firms who perform regular audits of HES services to verify that our security practices are sound and to monitor HES services for new vulnerabilities discovered by the security research community.

Third Parties

To support delivery of our Services HES may engage and use data processors with access to certain Participant Data (each, a “Subprocessor”). This section provides important information about the identity, location and role of each Subprocessor.

HES currently uses third party Subprocessors to provide infrastructure services, and to help us provide customer support and email notifications. Prior to engaging any third party Subprocessor, HES performs diligence to evaluate their privacy, security and confidentiality practices, and executes an agreement implementing its applicable obligations. We do not sell or otherwise disclose personal information collected by our site to third parties.

HES challenges allow a connection to third party platforms for accessing step data. No data entered in a challenge is sent to a third party. HES securely stores this data, is committed to safeguarding participant confidentiality per our privacy policy, and only accesses the data during the challenge. You can control the use of third party platforms for step data under your Settings.

Health Connect

Infrastructure Subprocessors

• Amazon Web Services, Inc. (United States) ­– Cloud Service Provider

Other Subprocessors

• Zendesk, Inc. (United States) — Cloud-based Customer Support Services
• Google LLC (United States) — Analytics.

Cookies