Privacy Policy

Last updated: August 2, 2024

Welcome to The Commons Project Foundation! This Privacy Policy (“Privacy Policy” or “Policy”) describes how The Commons Project Foundation (“TCP,” “we” or “us”) collects, uses, and shares information about the user (“User”, “you”, or “your”) when you use the CommonHealth mobile application service (“CommonHealth”, “CommonHealth app”, or “Service”) for storing your digital health records. Before using the CommonHealth app, please read the following carefully to understand how we handle your personal data.

Overview of CommonHealth

To retrieve your digital health records (“Health Data”) you will use existing third-party portal logins from your healthcare provider’s electronic health records (“EHR") systems, (“Providers”) to log-in and obtain a copy of your digital health record. A window will open connecting you directly to your Provider’s EHR system and you will enter the login credentials (username and password) that you use for the Provider’s portal. Your username and password will not be accessible by TCP. Your Health Data will be downloaded over an encrypted connection directly from your Provider’s EHR system to your mobile device where it is stored within the CommonHealth app. This connection does not pass through any TCP information systems. You may also choose to import data in the form of a SMART Health Card, either by scanning a QR code with your camera or importing a file stored on your device. This data may include your COVID-19 vaccination or laboratory testing results. The data is not shared with TCP. Health Data is stored on your mobile device and remains under your control.

You may also choose to share your Health Data stored in the CommonHealth app with other third-party apps, (“Third-Party Apps”). If you choose to grant access to your Health Data to Third-Party Apps, that data is sent directly from your mobile device to the Third-Party App. When you provide consent for Third-Party Apps to access your Health Data, you can decide whether (a) some or all of your Health Data is shared, (b) if new health records are automatically shared or (c) if the Third-Party Apps must ask each time before accessing new records.

What We Collect

Information Stored in the CommonHealth app

User personal information stored in the CommonHealth app in the form of Health Data is encrypted and only accessible to the User and any third party with whom the User shares it.
While there is a profile page in settings, the profile information is solely stored on the User’s device and is not accessible by TCP.
Users may opt in to provide TCP with the following anonymized* information “(Page Views”). This information or data, in the form of page counts, is collected by the app when a User visits a page that is related to any of these categories. While the data is collected about the page type that the User visits – the actual website or page source information is not collected nor stored by the app or TCP

Summary Page
Wallet
Account
Record
Insurance
SMART Health Card
SMART Health Link
Clinical Summary
Data Source Integration

*This data is collected in an anonymized manner and does not reveal any individual person or user’s identity. The choice to opt in or opt out is for all categories listed above.

Information We Collect Automatically.

When you download the CommonHealth app from the Google Play store, application crash data the following information about you and your device may also be automatically collected (“Device Analytics”). This information or data is collected in an anonymized manner and does not reveal any individual person or user’s identity,

Android operating system version
Country and Language settings
Device type and specifications
A unique device identifier is generated and assigned to your device by TCP, to associate these data points with your device and usage of the CommonHealth app but not to identify you specifically.
Application crash data to help us understand when something goes wrong. Within the CommonHealth app you have the option to opt out of sending us the crash data.

How We Use Information About You

TCP uses Health Data to provide the CommonHealth app services to you and to Third Party Apps of your choosing and any third party with whom you choose to share it.

To provide and maintain the app. We use Page Views and the Device Analytics data we collect to provide or serve our App and to maintain and improve the App.

How We Share Information

TCP only shares Health Data with Third Party Apps of your choosing and any third party with whom you choose to share it.
With respect to Page Views and Device Analytics data, we may share this information with vendors, consultants, and other service providers who need access to the CommonHealth app or who may be providing services to evaluate, maintain and improve the app or Service.
We may also share aggregated or de-identified or anonymized information, which cannot reasonably be used to identify you for our lawful business purposes, including to analyze, build and improve the App and promote our business, provided that we will not share such data in a manner that could identify you.

Security

We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction.

Retention and Deletion

You can delete all of your Health Data stored in the CommonHealth App by going to “Settings.” If you delete some or all of your Health Data, this deletion from your device is permanent. You can also disconnect from and remove any of your Provider’s EHR systems or any Third-Party Access also through “Settings.”

Children

The CommonHealth app is not designed or intended for use by children under the age of 13 years old if you are located in the United States. If you are based outside of the United States, you must be over the age required by the laws of your country to use the Services. If we become aware that we have the personal data of such children that has been collected through the CommonHealth app, we will promptly delete it.

Your Choices

The California Consumer Protection Act (“CCPA”) gives consumers who are residents of California the right to request certain information from businesses about their data collection practices. The CCPA does not apply to TCP because TCP is a non-profit organization. However, as part of TCP’s commitment to advancing the public good, it has voluntarily committed to CCPA compliance to the extent that it applies. As a reminder, your Health Data is stored on your device and TCP cannot access this Health Data.

Changes

We may change this Privacy Policy from time to time. If we do, we will provide notice by revising the date at the top of the Privacy Policy page. We encourage you to review this Privacy Policy whenever you access or use the app or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy. If you continue to use the CommonHealth app after the Policy changes go into effect, you consent to the revised policy.

Contact Us

If you have any questions about this Privacy Policy, please email legal@thecommonsproject.org or in writing to our US corporate office:

The Commons Project Foundation

745 Fifth Ave, 5th Floor

New York, NY 10151

Attn: Legal Department