olivia Personal Health Record Privacy Policy 

Effective: January 21, 2025

This Privacy Policy (“Policy”) describes how Tempus, Inc.,(“Tempus,” “we,” “our,” “us”) collects, uses, and discloses certain Personal Information obtained through the olivia Personal Health Record (“PHR”), which is made available to you at app.oliviahealth.ai (“Site”) and through our mobile application (“App”) (which, collectively with the Site and the PHR, constitutes the “Service”). By using our Service, you agree to the terms of this Policy and our Terms of Use.

For the purposes of this Policy, “Personal Information”means information about you that reasonably can be linked to you, such as your name, social security number, health information, demographic information, and/or other identifiers as may be defined under state and federal law.

What Information We Collect and Maintain About You

Personal information collected from accountholders. If you make an account in relation to your use of our Service (and are an“accountholder”), we may collect information related to the creation and maintenance of your account. This may include your name, email address, birthdate, gender, race/ethnicity information, state of residence, and any username and password you create as part of accessing or maintaining your account.

If you use the PHR Service, we may collect the following categories of information about you:

  • Information about your medical history, including information about your healthcare providers and the institutions where you have received care;
  • Health insurance information;
  • Information that you self-report about your health;
  • Other instances when you choose to provide us with certain information or have us collect information on your behalf.

We will only collect the above categories of information to the extent that you either affirmatively provide it or if you provide us with permission or authorization to retrieve such information on your behalf. 

Other Personal Information collected through the Site or App. You can visit the Site without submitting any information that we can use to identify you personally. However, to use certain features on the Site or App, such as signing up for our updates, you will be required to provide Personal Information. Such information could include, for example, your name and email address.  

Web log data. When you use the Service, we automatically receive and record certain information from your computer (or other device) and your browser. This may include such data as your IP address and domain name, the pages you visit on the Service, the date and time of your visit, the files that you download, the URLs from the websites you visit before and after navigating to the Service, your software and hardware attributes (including device IDs), your general geographic location (e.g., your city, state, or metropolitan region), and certain cookie information (see below). To obtain such information, we may use web logs or applications that recognize your computer and gather information about its online activity.    

Cookies. We use cookies on the Service. Cookies are small files that are stored on your computer by your web browser. A cookie allows the Service to recognize whether you have visited before and may store user preferences and other information. For example, cookies can be used to collect or store information about your use of the Service during your current session and over time (including the pages you view and the files you download), your computer’s operating system and browser type, your Internet service provider, your domain name and IP address, your general geographic location, the website that you visited before visiting the Service, and the link you used to leave the Service. If you are concerned about having cookies on your computer, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. You can also delete cookies from your computer. However, if you choose to block or delete cookies, certain features of the Service may not operate correctly. 

Web beacons. The Service or the emails that you receive from Tempus may use an application known as a “web beacon” (also known as a “clear gif” or “web bug”). A web beacon is an electronic file that usually consists of a single-pixel image. It can be embedded in a web page or in an email to transmit information, which could include Personal Information. For example, it can allow an email sender to determine whether a user has opened a particular email. 

Third-party online tracking and behavioral advertising. We may partner with certain third parties to collect, analyze, and use the personal and other information described in this section. For example, we may allow third parties to set cookies or use web beacons on the Service or in email communications from us. This information may be used for a variety of purposes, including online interest-based advertising, as discussed below (see “With Whom and Why We Share Your Information”).

How We Use and Process Your Information

We use the information that we collect (described in “What Information We Collect and Maintain About You,” above) for a variety of purposes. Our legal bases for processing your Personal Information are: 1) our legitimate interest in running and maintaining our business; 2) performance and fulfillment of our contracts; 3) your consent; and 4) compliance with our legal obligations. In many instances, more than one of these legal bases apply to the processing of your Personal Information.

The purposes for which we use your information include to: 

  • Provide you with our Service;
  • Respond to your questions or requests concerning the Service; 
  • Fulfill the terms of any agreement you have with us; 
  • Fulfill your requests for our Service or otherwise complete a transaction that you initiate; 
  • Send you information about our Service and other topics that are likely to be of interest to you, including newsletters, updates, or other communications, including promotional emails; 
  • Improve our artificial intelligence and machine learning capabilities; 
  • Deliver confirmations, account information, notifications, and similar operational communications; 
  • Improve your user experience and the quality of our products and Service; 
  • Comply with legal and/or regulatory requirements; 
  • Aggregate and deidentify information; 
  • Serve advertisements; 
  • Analyze how visitors use the Service and its various features, including to count and recognize visitors to the Site; 
  • Create new products and services; and 
  • Manage our business.

We may link information gathered through the Service with information that we collect in other contexts. But in that event, we will handle the combined information in a manner consistent with this Policy.

With Whom and Why We Share Your Information 

We may share any of the information described in “What Information We Collect and Maintain About You,” above, with other parties for a variety of purposes, as described below.

Third-party service providers. Tempus uses third-party service providers that perform services on our behalf, including web-hosting companies, mailing vendors, and analytics providers. These service providers may collect and/or use your information, including information that identifies you personally, to assist us in achieving the purposes discussed above.

Analytics. We partner with certain third parties to obtain the automatically collected information discussed above and to engage in analysis, auditing, research, and reporting. These third parties may use web logs or web beacons, and they may set and access cookies on your computer or other device. In particular, theService uses Google Analytics to help collect and analyze certain information for the purposes discussed above. You may opt out of the use of cookies by Google Analytics here

Interest-based advertising. The Service also enable third-party tracking mechanisms to collect information about you and your computing devices for use in online interest-based advertising. For example, third parties may use the fact that you used our Service to target online ads to you. In addition, our third-party advertising networks might use information about your use of our Service to help target advertisements based on your online activity in general. For information about interest-based advertising practices, including privacy and confidentiality, visit the Network Advertising Initiative website or the Digital Advertising Alliance website. 

The use of online tracking mechanisms by third parties is subject to those third parties’ privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer or other device, you may set your browser to block cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance by opting out here. Our Site does not currently respond to “do not track” browser headers.

Legal purposes. We may use or share your information with third parties when we believe, in our sole discretion, that doing so is necessary:

  • To comply with applicable law or a court order, subpoena, or other legal process; 
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party; 
  • To establish, protect, or exercise our legal rights or defend against legal claims; or 
  • To facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets. 

Aggregated and de-identified information. From time to time, Tempus may share aggregated or de-identified information about users, such as by publishing a report on trends in the usage of the Service. Such aggregated information will not identify you personally.

Other third parties. We may share your information with other third parties when necessary to fulfill your requests; to complete a transaction that you initiate; to meet the terms of any agreement that you have with us or our partners; or to manage our business.

Your Privacy Rights

If you want to learn more about the Personal Information that Tempus has about you, or you would like to update, change, or delete that information, please contact us by email at privacy@tempus.com

You may opt out of receiving marketing emails and text messages from us by following the instructions in those messages or by emailing us at privacy@tempus.com.

If you are a resident of a jurisdiction with an applicable data privacy law, you may have certain rights available to you in relation to your Personal Information. These rights may include:

  • The right to access your Personal Information (including a data portability request);
  • The right to correct or amend any Personal Information we have on file about you;
  • The right to delete your Personal Information;
  • The right to limit the use of your “sensitive” Personal Information;
  • The right to opt-out of the sale or “sharing” of your Personal Information;
  • The right to opt-out of the use of your Personal Information for targeted advertising purposes; 
  • The right to restrict or object to the processing of your Personal Information (such as for direct marketing purposes);   
  • The right to restrict or opt-out of the use of your Personal Information for certain automated decision-making purposes (including profiling in furtherance of decisions that produce legal or similarly significant effects);
  • The right to revoke your consent (to the extent applicable); 
  • The right to confirm whether Personal Information about you is being processed; and
  • The right to obtain a list of specific third parties (or categories of third parties) to which we have disclosed your Personal Information or any Personal Information.

To exercise any of the rights listed above, please contact us via email at privacy@tempus.com

We will respond to your request as soon as reasonably possible and within the timeframe required under applicable law. We will allow you to appeal any decision we make in response to such request in accordance with applicable law. Appeals may be submitted to privacy@tempus.com with the subject line “Appeal of Decision Related to Privacy Rights Request”.  

Prior to complying with your request, we will first verify your identity by comparing the information you provide with the information we have on file for you. 

You may authorize an agent to make a request on your behalf. To designate an agent, please provide a written and signed document by both you and the agent that authorizes the agent to act on your behalf. You may also use a power of attorney. We will still require you to provide information to allow us to reasonably verify that you are the person about whom we collected Personal Information. 

If you are a resident of Washington or Nevada, you may have additional rights with respect to your consumer health information.  Please see our separate Consumer Health Privacy Notice.

Data Security

We use technical, physical, and administrative safeguards that are designed to improve the confidentiality, integrity and accessibility of your Personal Information. We incorporate secure storage and transmission technologies including encryption, firewalls, access control and audit. We cannot, however, ensure or warrant the security of any information you transmit to us via the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our technical, physical, or administrative safeguards.

Data Retention

We will retain your Personal Information for as long as is reasonably necessary to fulfill the relevant purposes set out in this Policy and during the period required or permitted by law. The retention period will primarily be determined by relevant legal and regulatory obligations and/or duration of our business relationship with you. We will securely delete or erase your Personal Information if there is no valid business reason for retaining your data.

Children

Our Service is not designed nor intended to be used or accessed by children under the age of 16. No one under age 16 should provide any information to or through the Service. We do not intentionally collect Personal Information from children through the Services. If you are under the age of 16, do not use or provide any information on or through the Service. If we learn we have collected or received Personal Information from a child under the age of 16 without verification or parental consent, we will delete that information. If you believe that we may have collected any information, including Personal Information from or about a child under 16, please contact us immediately at privacy@tempus.com.

Links to Non-Tempus Websites and Services

While using our Service, you may encounter and choose to access websites or online services that may not be associated with us by clicking on hypertext links or icons. These websites may collect data or Personal Information about you and your online activities. Tempus does not control and is not responsible for what these other parties do in connection with their websites or online services, or how they handle your Personal Information.

Changes to This Privacy Policy

It is our policy to post any changes that we make to our Policy. If we make material changes to how we treat our users’ Personal Information, we will update this Policy, and where required by applicable law, will make reasonable attempts to notify you of the fact that this Policy has been updated. The date our Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting our website and this Policy for changes. For any questions or comments regarding this Policy, please contact us at privacy@tempus.com.

How to Contact Us

Should you have any questions or concerns about this Policy, you can contact us at privacy@tempus.com.

olivia Personal Health Record California Privacy Notice

Date Last Updated:  January 21, 2025

If you are a California resident, the California Consumer Privacy Act and the California Privacy Rights Act (collectively, the “CCPA”) provide you with certain rights regarding your personal information, including the right to know about personal information collected, disclosed, or sold; the right to request that we delete personal information that we have collected from you; the right to update or correct your information; the right to opt-out of the sale or sharing of your personal information; the right to limit our use of your sensitive personal information; and the right not to be discriminated against for exercising your rights. These rights are subject to certain exceptions. You may also visit our Privacy Policy to learn more about how we protect your information.  

Any capitalized terms in this California Privacy Notice that are not otherwise defined have the same meaning as they do in the CCPA or our Privacy Policy.

This California Privacy Notice also serves as our “Notice at Collection” for purposes of the CCPA.  

Collection of Personal Information

If you visit, use, or interact with our Services, we may collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal information”). We may have collected the following categories of personal information about you over the past 12 months:

  • Identifiers, such as your name, postal address, email address, and IP address.
  • Categories of personal information described in subdivision (e) of California Civil Code Section 1798.80, such as your name, address, telephone number, education, employment history, and medical information.
  • Commercial information, such as information about a user’s interactions with advertisements.
  • Internet or other electronic network activity information, such as your IP address, device type, device operating system, device make and model, device identifiers such as mobile advertising IDs, and information about your interactions with our Services.
  • Geolocation data, such as geographic coordinates.
  • Professional or employment-related information, such as job history and job title.
  • Education information.
  • Inferences drawn from any of the information identified above.
  • Sensitive personal information, such as:
    • Precise geolocation
    • Personal information collected and analyzed concerning a consumer’s health

We collect the personal information listed above from the following sources:

  • From you directly, when you provide it to us.
  • From your provider, a mobile health app, or other source of consumer health data if you provide us with permission or authorization to retrieve such information on your behalf.
  • Automatically from your browser or device, or from our Services.

Disclosure, Sharing, and Sale of Personal Information

In the last 12 months, we may have disclosed, shared, or sold for our business purposes the following categories of personal information subject to the CCPA:  

  • Identifiers, such as your name, postal address, email address, and IP address.
  • Categories of personal information described in subdivision (e) of California Civil CodeSection 1798.80, such as your name, address, telephone number, education, employment history, and medical information.
  • Commercial information, such as information about a user’s interactions with advertisements.
  • Internet or other electronic network activity information, such as your IP address, device type, device operating system, device make and model, device identifiers such as Mobile Advertising IDs, and information about your interactions with our Services.
  • Geolocation data, such as geographic coordinates.
  • Professional or employment-related information, such as job history and job title.
  • Educationinformation.
  • Inferences drawn from any of the information identified above.
  • Sensitive personal information, such as:
    • Precise geolocation
    • Personal information collected and analyzed concerning a consumer’s health

Right to Correct. California residents have the right to correct or amend the personal information we have on file (“Right to Correct”). You may correct or amend by logging into your account or by contacting us using the information below.

We may have disclosed, shared, or sold any of the information listed above to:

  • Third-party service providers supporting the operation of our Services.
  • Analytics providers, to help analyze the data that we collect.
  • Your healthcare provider or insurer, at your direction.
  • Our affiliates, subsidiaries, and parent companies.
  • Other third parties for a legal purpose (such as in response to a court order or to defend against a legal claim).
  • Other third parties when necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party.
  • Other third parties when necessary to fulfill your requests for services; to complete a transaction that you initiate; to meet the terms of any agreement that you have with us or our partners; or to manage our business.

Purposes for Collection, Use, and Disclosure of Personal Information

We may collect, use, or disclose your personal information to the entities listed above for the following purposes:

  • Provide you with our Services;
  • Facilitate business transitions, such as a merger, acquisition by another company, or sale of all or a portion of our assets;
  • Fulfill legal requirements.

Your Rights

If we maintain personal information about you that is subject to the CCPA, you may exercise certain rights in connection with this data if you are a California resident.

Right to Know. California residents have the right to request that we disclose certain information about our collection and use of your personal information over the past twelve months (“Right to Know”). Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • The categories of personal information that we have disclosed for a business or commercial purpose.
  • Our business or commercial purposes for collecting, selling, or sharing personal information.
  • The categories of third parties with whom we share or disclose that personal information.
  • The specific pieces of personal information we collected about you (i.e., a data portability request).

Right to Delete. California residents have the right to request that we delete the personal information that we collected from you and retain, subject to certain exceptions (“Right to Delete”). Once we receive and verify your request, we will delete (and direct our service providers/contractors to delete) your personal information from our records, unless an exception applies.

Right to Opt-Out of Sale or Sharing. The CCPA provides California residents with the right to opt-out of the “sale” or “sharing” of their personal information (“Right to Opt Out”). We do not sell or share your personal information. We do not have actual knowledge that we sell or share the personal information of California residents under the age of 16.

Right to Limit the Use of Your Sensitive Personal Information. The CCPA provides California residents with the right to limit (“Right to Limit”) the use of their “sensitive personal information” to the purposes outlined in Cal. Code Regs. tit. 11, § 7027(m) of the CCPA regulations. We do not use your personal information for purposes that require us to provide a Right to Limit.

Right to Nondiscrimination. The CCPA provides California residents with the right not to receive discriminatory treatment for the exercise of their privacy rights conferred by the CCPA. We will not discriminate against you for exercising any of your CCPA rights.

Exercising Your Rights

If you are a California resident and wish to exercise any of the above rights, you may submit a request to us by email at privacy@tempus.com.

When you submit a request, we will confirm your identity by asking you to provide information associated with what we have on file for you, including your name, email address, and other identifying information. We may ask you for additional information to verify your identity or to comply with your request.

Authorized Agent. You may authorize an agent to make a request on your behalf. To designate an agent, please provide a written and signed document by both you and the agent that authorizes the agent to act on your behalf. You may also use a power of attorney. We will still require you to provide information to allow us to reasonably verify that you are the person about whom we collected personal information. We retain personal information about you necessary to fulfill the purpose for which that information was collected or as required or permitted by law. We do not retain personal information longer than is necessary for us to achieve the purposes for which we collected it.  When we destroy your personal information, we do so in a way that prevents that information from being restored or reconstructed.

Shine the Light Law

In addition to the CCPA, California's "Shine the Light" law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses' practices related to disclosing personal information to third parties for the third parties' direct marketing purposes. We do not disclose your personal information for these purposes.

Contact for More Information

If you wish to contact us regarding this California Privacy Notice, you may do so by email at privacy@tempus.com.

olivia Personal Health Record Consumer Health Data Privacy Policy

This Consumer Health Data Privacy Policy (“the Policy”) applies specifically to Consumer Health Data collected and processed by Tempus through the olivia Personal Health Record (“PHR”), which is made available to you at app.oliviahealth.ai (“Site”) and through our mobile application (“App”)(which, collectively with the Site and the PHR, constitutes the “Service”). For more information about olivia’s privacy practices, please consult our Privacy Policy.

Definitions

For purposes of this Policy, the following definitions shall apply:

  • “Consumer Health Data” means Personal Information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. It includes any information that is regulated as “consumer health data” under Washington’s My Health My Data Act and similar health privacy laws in effect in other jurisdictions.
  • “Personal Information” means information that identifies or is reasonably capable of being associated or linked, directly or indirectly, with a particular consumer. “Personal Information” does not include non-identified information or information that is reported in the aggregate (provided that such aggregated information is not identifiable to a natural person). 

Collection of Consumer Health Data

We collect information from you when you provide it to us in relation to our PHR Service. This may include the following categories of Consumer Health Data:

  • Health conditions, treatment, diseases, or diagnosis;
  • Social, psychological, behavioral, and medical interventions;
  • Health-related surgeries or procedures;
  • Use or purchase of prescribed medication;
  • Bodily functions, vital signs, symptoms, or other health-related measurements;
  • Diagnoses or diagnostic testing, treatment, or medication;
  • Gender-affirming care information;
  • Reproductive or sexual health information;
  • Genetic data;
  • Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies;
  • Data that identifies individuals seeking health care services; and
  • Information that we derive from nonhealth data to associate or identify individuals with any of the categories of Consumer Health Data identified above.

We collect the above categories of Consumer Health Data for the following purposes:

  • Provide you with our Service and respond to your questions or requests concerning the Service;
  • Fulfill the terms of any agreement you have with us;
  • Fulfill your requests for our Service or otherwise complete a transaction that you initiate;
  • Send you information about our Service and other topics that are likely to be of interest to you, including newsletters, updates, or other communications, including promotional emails;
  • Improve our artificial intelligence and machine learning capabilities;
  • Deliver confirmations, account information, notifications, and similar operational communications;
  • Improve your user experience and the quality of our products and Service;
  • Comply with legal and/or regulatory requirements;
  • Aggregate and deidentify information;
  • Serve advertisements.

We only collect the above categories of Consumer Health Data from the following sources:

  • From you directly when you provide it to us via the olivia Service; and
  • From your provider, a mobile health app, or other source of consumer health data if you provide us with permission or authorization to retrieve such information on your behalf.

Sharing of Consumer Health Data

We may share any of the categories of Consumer Health Data described in the “Collection of Consumer Health Data” section, above. We may share these categories of Consumer Health Data with the following categories of third parties and specific affiliates:

  • Our service providers and agents in connection with services or business purposes that these individuals or entities perform for, or with, Tempus. These third-party service providers can include web-hosting companies, mailing vendors, and analytics providers. We may, for example, provide your Consumer Health Data to a service provider to send you information that you requested.

In some cases, Tempus may disclose Consumer Health Data (i)if required to do so by law, court order or legal process, (ii) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements, (iii) under the discovery process in litigation, or (iv) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity. Tempus also may transferConsumer Health Data when a material event concerning its business operation(s), assets or shares, such as purchase, disposal, merger, joint venture or acquisition, is proposed or occurs.

Exercising Your Rights

In accordance with applicable law, you may have the following rights in relation to your Consumer Health Data:

  • The right to confirm whether we are collecting, sharing, or selling your Consumer Health Data;
  • The right to access your Consumer Health Data, including a list of all third parties and affiliates with whom we have shared or sold the Consumer Health Data and an active email address or other online mechanism that you may use to contact these third parties;
  • The right to withdraw consent for our collection, sharing, and selling of your Consumer Health Data;
  • The right to delete your Consumer Health Data; and
  • The right to correct or amend any Consumer Health Data that we have on file about you.

For additional rights that may apply to your Personal Information, please see our Privacy Policy.

To exercise any of these rights, please contact us by email at privacy@tempus.com with your name, the email address associated with your interactions with Tempus (if different), and details about your interactions with Tempus. You may also designate an authorized agent to submit a request on your behalf. To designate an agent, please also send us a written and signed document by both you and the agent that authorizes the agent to act on your behalf. You may also use a power of attorney. Please note that we will still require you to provide sufficient information to allow us to reasonably verify that you are the person about whom we are receiving a request. We will respond to any request you submit in the time period required by applicable law and will allow you to appeal any decision we make in response to such request in accordance with applicable law. Appeals may be submitted to privacy@tempus.com.

If we deny your request and your information is protected by Washington’s My Health My Data Act, you may file a complaint to the Washington Attorney General’s office through this link: https://www.atg.wa.gov/file-complaint.

Changes to the Policy

It is our policy to post any changes that we make to this Consumer Health Data Privacy Policy. If we make material changes to how we treat our users’ Personal Information, we will update this Policy, and where required by applicable law, will make reasonable attempts to notify you of the fact that this Policy has been updated. The date our Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting our website and this Policy for changes. For any questions or comments regarding this Policy, please contact us at privacy@tempus.com.

Policy Effective Date: January 21, 2025

Contact us

Send
Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.