Privacy Policy

Effective Date: February 15, 2024

Your privacy is important to us. It is our intent to respect your privacy and comply with any applicable law and regulation regarding any Personal Information we may collect about you, including across our websites, mobile apps, and other sites we own and operate. 

This Privacy Policy (the “Privacy Policy”) applies to our service, the Mayo Clinic Diet, provided through the website at https://diet.mayoclinic.org, the mobile apps or through supplementary services such as health coaches, whether provided online or over the phone, (collectively, the “Services”). The Services are provided by Digital Wellness US LLC and its affiliates (collectively “we,” “us,” or “our”) on behalf of the Mayo Foundation for Medical Education and Research (our “Partner”).  

Please read this Privacy Policy carefully. This Privacy Policy discloses what Personal Information we gather, how we use it, and how you can correct or change it. It is our intention to give you as much control over your Personal Information as possible to preserve your privacy, while still allowing you to take advantage of our Services.

By using our Services or visiting our website you acknowledge and accept this Privacy Policy. If you do not consent to the terms of the Privacy Policy, please do not access the website or use the Services. 

What Information We Collect. 

Types and Sources of Information

Some of the information we collect about you may identify you. If it identifies you, we call it “Personal Information.” Personal Information does not include any information that is publicly available or information that has been anonymized to the point where a specific individual or household cannot be identified from the remaining information. In all cases, if we associate non-identifiable information with information that identifies you, we will treat it as Personal Information. The information we collect can come in any of the following categories:  

Category (a). Personally Identifiable Information (“PII”). PII is any data that can be used to identify a specific individual or household. You provide this information when you sign up with our Services or interact with our website. For example, when you set up an account (“Account”) we need to collect a few important details about you, including your name, email address, phone numbers, login IDs, and Geolocation information or addresses. We do not collect PII unless you provide it to us.  

Category (b). Health Data and Protected Health Information. Health data and information is any information that relates to your past, present, or future physical or mental health or condition and related health care services. We may obtain health information from you, or from your health care provider upon your request and prior approval. We may also collect certain health information such as your height, weight, blood pressure, blood glucose and gender and display your biometrics based on your inputs. We will not collect your health information without first obtaining your consent. 

You may also provide certain health data that may be protected under applicable laws. Digital Wellness is not a healthcare provider and is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”). One or more of the laboratories or medical groups that you receive services from, such as Amwell Medical Group, may be a “covered entity” or “business associate” under HIPAA, and Digital Wellness may in some cases be a “business associate” of such laboratory or medical group. To the extent Digital Wellness is deemed a “business associate,” Digital Wellness may be subject to certain provisions of HIPAA with respect to Protected Health Information, as defined under HIPAA, that you provide to the laboratories or medical groups. Any information that does not constitute Protected Health Information may be used or disclosed in any manner permitted under our Privacy Policy or as You may authorize, as permitted by applicable law. Protected Health Information does not include information that has been de-identified in accordance with HIPAA.

By accessing or using any part of the Service, you are acknowledging receipt of the Notice of Privacy Practices from Amwell Medical Group.

Category (c). Usage and Log Information (“Usage Information”). We collect information about your activity on or through our Services. Usage Information may be collected or accessed using a variety of technologies that may be downloaded to a personal computer, browser, laptop, tablet, mobile phone or other device (a “Device”) whenever you visit or interact with our Services. For example, we may collect information about the areas within our website or mobile app that you have viewed, access times and frequencies, IP addresses, and the URL that has referred you to our website or app store.  

Category (d). Device Information. We may collect information from and about the Devices you use. For example, we collect information about your hardware and software, such as the Device used, operating system version, advertising identifiers, unique application identifiers, browser type. 

Category (e). Information Collected by Cookies and Other Tracking Technologies. Like most online services and mobile applications, we may use cookies and other technologies. These technologies include web beacons, web storage, and unique advertising identifiers that collect information about your activity, browser, and Device. We may also use these technologies to collect information when you interact with our Services through one of our partners, such as advertising and commerce features. For example, we may use information collected on other websites to show you more relevant ads.  

Category (f). Information from Third Parties. We may, from time to time, supplement the information we have about you with information from third parties for various purposes, including to enhance our ability to serve you, to tailor the Mayo Clinic Diet’s content to you, to offer you opportunities that may be of interest to you, and to improve the performance of our ads. We may also collect information from device sensors such as smart devices and health tracking technologies if you authorize it. We do not intentionally seek out any information about you from third-parties that you have not consented to providing or sharing. 

Category (g). Created Information. Our underlying technologies may use inferences or calculations, using available data, to create information specific to you. For example, we may calculate your Body Mass Index by using your weight and height data if you provide it to us. We create and collect this information for the purpose of providing our Service to you. 

Category (h). Payment Information. In order to purchase our Services, we will also require you to provide us with a debit or credit card number, or other payment information,  and the minimum necessary account information required for us to process the transaction. 

Category (i). Communication Information. When you contact customer support or communicate with us in any other way, we’ll collect whatever information you volunteer or that we need to resolve your question. Note that our ability to resolve your question could be dependent upon you disclosing the information we require.  

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Source Categories

These are the categories of sources from which we collect information: 

  • Information you provide or disclose to us. 
  • Information we automatically get when you use our Services. 
  • Information we get from third parties.  

We only collect and use your Personal Information when we have a legitimate reason for doing so. We only collect Personal Information that is reasonably necessary to provide our Services to you and for the purposes set forth below. 

How We Use This Information. 

We may collect, hold, use, and share information for the following purposes. Your Personal Information will not be further processed in a manner that is incompatible with these purposes: 

  • To provide you with our Services and the core features of our website or mobile apps. 
  • For security and fraud prevention, and to ensure that our sites and apps are safe, secure, and used in line with our terms of use. 
  • To enable you to customize or personalize your experience with our Services, websites and mobile apps.
  • For technical assessment, including to operate and improve our websites, mobile apps, associated applications, and associated social media platforms. 
  • To contact and communicate with you. 
  • To enforce, investigate, and report on conduct violating our Terms of Service and other usage policies.  
  • To respond to requests from law enforcement and comply with our legal obligations. 
  • To process your requests, purchases, transactions, and payments and prevent transactional fraud. 
  • To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses. 
  • For analytics, market research, and business development, including to operate and improve our websites, mobile apps, associated applications, and associated social media platforms. 
  • For advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you. 
  • To provide and improve our advertising services, ad targeting, and ad measurement, including through the use of your precise location information (provided you’ve given us permission to do so), both on and off our Services. 
  • For internal record keeping and administrative purposes. 

We collect and use this information strictly for business purposes only, and we will not sell or share your Personal Information to any third-party for profit. 

You can always opt out of utilizing the Services, and accordingly opt out of our use of your Personal Information, by sending an email to [email protected]

Disclosure and Sharing of Your Information. 

In providing our Services we may share your Personal Information with: 

Related Parties and Affiliates

  • A parent, subsidiary, or affiliate of our company. 
  • Contractors, and/or related entities. 
  • Our existing or potential agents or Partners. 

Legal and Regulatory Authorities 

  • Credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you. 
  • Courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights. 

Third-Party Service Providers 

  • Third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, maintenance or problem-solving providers, marketing or advertising providers, professional advisors, and payment systems operators. 
  • Third-parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you. 
  • Third-parties to collect and process data. 

Other Parties 

  • An entity as part of a corporate transaction, such as a transfer of assets or an acquisition by or merger with another company. 

We only share this information to process the information as necessary to provide our Services, complete a transaction or fulfil your request or otherwise on our behalf based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures. 

We will disclose your Personal Information to other parties not listed above if we have a good faith belief that such disclosure is necessary to: 

  • meet any applicable law, regulation, legal process or other legal obligation; 
  • detect, investigate, and help prevent security, fraud or technical issues in our databases, website, or the mobile app; 
  • protect our rights or property; 
  • resolve disputes, inquiries or complaints; and/or 
  • protect the safety of our users, employees or others. 

Use of Anonymous Information. We may use Anonymous Information, or disclose it to third-party service providers, to provide and improve the Services and for other purposes consistent with our business operations. We may also disclose Anonymous Information to third-parties, including advertisers and partners, for purposes including, but not limited to, targeting advertisements. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about use of the Services. 

Using Tracking Technologies.

We may use various methods and technologies to store or collect Usage Information (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. The Tracking Technologies that may be used are the following (and subsequent technology and methods later developed which perform a similar function): 

Cookies. A cookie is a small text file (typically made up of letters and numbers) placed in the memory of your browser or Device when you visit our website. Cookies may generally be disabled or removed by tools that are available as part of most commercial browsers, and in some but not all instances can be blocked in the future by selecting certain settings.  

Please be aware that if you disable or remove cookie on your Device, some parts of our website, mobile app and/or Services may not function properly. 

Web Beacons. Small graphic images (also known as “pixel tags”, “1x1 GIFs” or “clear GIFs”) that may be included on our sites, services, applications, messaging, and tools, that typically work in conjunction with cookies to identify our users and user behavior. 

Embedded Scripts. An embedded script is programming code that is designed to collect information about a user’s interactions with our website, mobile app and Services, such as the links a user clicks on. The code is temporarily downloaded onto the user’s Device from our web server and/or mobile app or a third-party service provider, is active only while the user is connected to the website and/or mobile app, and is deactivated or deleted thereafter. 

ETag, or entity tag. A feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash, and/or HTML5 cookies. 

Why we use Tracking Technologies

We classify Tracking Technologies in the following ways: 

  • Strictly Necessary. We may use cookies or other Tracking Technologies that we consider strictly necessary to allow you to use and access our website, mobile app, and the Services, including cookies required for system administration or to prevent fraudulent activity.
  • Performance Related. We may use cookies or other Tracking Technologies that are useful in order to assess the performance of the website, mobile app and the Services, including as part of our analytic practices or otherwise to improve the content, products or services offered through the website, mobile app and the Services. 
  • Functionality Related. We may use cookies or other Tracking Technologies that are required to offer you enhanced functionality when accessing the Services, including identifying you when you sign in to our Services or keeping track of your specified preferences, including in terms of the presentation of content on our Services. 
  • Advertising or Targeting Related.  We may use cookies and other Tracking Technologies to deliver content, such as ads relevant to your interests, on our sites or on third-party sites.  This includes using technologies to understand the usefulness to you of the advertisements and content that have been delivered to you. 

Some web browsers and third parties are developing or have developed web browser Do Not Track (DNT) signals. Currently, we do not monitor or take any action with respect to these signals or other mechanisms.  

Your Privacy and Communication Choices.  

You have choices when it comes to the privacy practices and communications described in this Privacy Policy.  Many of your choices may be explained at the time you sign up for or use our Services or in the context of your use of our website, mobile app and/or Services.  You may be provided with instructions and prompts within the experiences as you navigate these Services. 

Opting Out. We may send you marketing content about our Services and products through various communication channels, for example, email, text, pop-ups, push notifications, and messaging applications.  You may opt out of these marketing communications by following the instructions in the communications you receive.  If you have an Account with us, you may also adjust your communication preferences in your Account settings.  For messages sent via push notifications, you may manage your preferences in your Device. For more information on our mobile messaging program, please see our Terms of Use.

If you choose not to receive notifications, you may still use the Services but you may not receive, or may be unable to use, certain services that involve our interaction with you.  

Providing Personal Information. At all times, you may choose whether or not to provide or disclose Personal Information or instruct us not to collect Personal Information about you. Note that by doing so you will limit our ability to provide you with our Services, and in certain cases you may not be able to use our Services, as the use of this information is necessary for the performance of our Services. 

Updating or Deleting Personal Information To the extent that you do provide us with Personal Information, we wish to maintain accurate Personal Information. If you are a current customer with an active Account, you generally may review and edit your Personal Information by logging in and updating the information directly in the website, mobile app or by contacting us through any means in the contact page. If you are not a current customer, or no longer have access to your account you can contact us via the contact page. 

If you would like to delete all your Personal Information that we may be storing, you may submit a request to us by sending an email to [email protected]. Your email should include adequate details of your request. Please understand that we may be required under applicable laws to maintain certain Personal Information about you.

Notices and Alerts

We will send communications that are required or necessary to send to our users. These notifications contain important information and you may not opt out of receiving these communications without cancelling our Services and requesting us to delete your Personal Information.   

Children’s Privacy. The Services are not directed to nor structured to attract children under the age of eighteen (18) years. Accordingly, we do not intend to collect Personal Information from anyone we know to be under eighteen (18) years of age. We will direct potential users under eighteen (18) years of age not to use the Services. If we learn that Personal Information of persons less than eighteen (18) years of age has been collected, then we will take the appropriate steps to delete this information. To make such a request or if there are any questions or concerns about this Privacy Policy or its implementation please contact us at [email protected]

California Visitors. Please see our California Privacy Notice.

How We Protect Your Information.

Security of Your Information

When we collect and process Personal Information and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification. We follow generally accepted industry standards, including the use of appropriate administrative, physical, and technical safeguards, to protect the Personal Information submitted to us. 

Although we will do our best to protect Personal Information, we advise that no method of electronic transmission or storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Information, we cannot guarantee its absolute security or confidentiality.  Any transmission of Personal Information to us via the Services is done entirely at your own risk. If you have any questions about security, you can contact us at [email protected]

How Long We Keep Your Personal Information

We keep your Personal Information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this Privacy Policy and applicable law. For example, if you have provided us with Personal Information as part of creating an Account with us or purchasing our Services, we may retain this information as long as your Account exists in our system.

If necessary, we may retain your Personal Information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. 

If your Personal Information is no longer required for any of the above purposes, we will delete it or make it anonymous by removing all details that identify you. 

International Transfers of Personal Information 

Our Services are operated in the United States. If you are located outside of the United States, please be aware that information we collect, including Personal Information, will be transferred to, processed, stored and used in the United States. The data protection laws in the United States may differ from those of the country in which you are located, and your Personal Information may be subject to access requests from governments, courts, or law enforcement in the United States. U.S. law may not provide the same degree of protection for Personal Information that is available in other countries.  By using our Services or providing us with any information, you consent to the transfer to, processing, usage and storage of your information, including Personal Information, in the United States as set forth in this Privacy Policy. If you do not consent to such transfer, you may not use the Services. If you choose to access and use the website, mobile app and/or Services from outside the U.S. you acknowledge that you are doing so on your own initiative, at your own risk, and are responsible for compliance with applicable laws. 

Consent and Modification. 

Your Consent

By using the Services, you agree to the terms of this Privacy Policy, Privacy Notices and to our processing of Personal Information for the purposes set forth herein. If you do not agree to our Privacy Policy and Notices, please do not use the Service.  

Changes to Our Privacy Policy 

We reserve the right to amend our Privacy Policy and Privacy Notices at any time and as needed. When we make changes to this Privacy Policy, we will post the updated Privacy Policy on our website and update the Privacy Policy’s effective date. Your continued use of our website, mobile app and/or Services following the posting of changes constitutes your acceptance of such changes. 

Additional Rights and Privacy Notices.

This Privacy Policy is to be read together with our other Privacy Notices which may be relevant to you. These include:   

  • California Consumer Privacy Act of 2018
  • California Online Privacy Protection Act 

Contact. 

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your information, your choices and rights regarding such use, or you wish to exercise your rights, please do not hesitate to contact us at: [email protected]