Privacy policy

Effective Date: January 2, 2023

Table of Contents

  • Introduction
  • Data Protection Officer
  • Personal information we collect
  • How we collect and use (process) your personal information
  • Cookies and tracking technologies
  • Sharing information with third parties
  • International use
  • Your privacy rights
  • Security of your information
  • Data storage and retention
  • Children’s data
  • Communications opt-out
  • Modification and updates 
  • Applicability of this Privacy Policy
  • Questions, concerns, or complaints  

Introduction

Tally Health’s mission is to empower people to live longer, healthier lives.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Policy describes Tally Health’s policies and practices regarding its collection and use of your personal information, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new personal information practices or adopt new privacy policies.

This Privacy Policy explains our practices with respect to personal information we collect and process about you through, or in association with, our website with a homepage located at TallyHealth.com and our products and services that we may offer from time to time or otherwise through your interactions with us (collectively, the “Services”). 

For more information about how users with disabilities can access this Privacy Policy in an alternative format, please email hello@tallyhealth.com


Personal information we collect

Tally Health collects information about its website visitors and customers that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identified or identifiable individual or household (“personal information”). In addition, Tally Health may collect or generate data that is not identifiable to you or otherwise associated with you, such as aggregated or de-identified data, and is not personal information. To the extent this data is stored or associated with personal information, it will be treated as personal information; otherwise, the data is not subject to this Privacy Policy. In the past twelve (12) months, we collected the below categories of personal information from our users:

  1. Identifiers such as your name, email address, date of birth, phone number, or other similar identifiers.
  2. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)) such as your personal details, demographic information.
  3. Characteristics of protected classifications under California or federal law such as sex at birth and age
  4. Genetic and Health Information. When you purchase, access, and use our TallyAgeTM test and use all related platforms, information, and services, you agree to provide and consent that we may collect the following Personal Information:
    1. Buccal tissue sample. Your tissue sample will be analyzed by Tally Health, and/or our contractors, vendors.
    2. Genetic Information. “Genetic Information” refers to the genetic and/or epigenetic data including those generated through processing of buccal tissue sample by us or by the Laboratory, our contractors, vendors, successors, or assignees, or otherwise processed by and/or contributed to us and includes the results reported to you.
    3. Health Data. Health Data refers to the following information you provide when using a Tally Health membership, about your diet, mental health, sleep, fitness, habits, and lifestyle information.
  5. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
  6. Inferences drawn from any of the information above and lifestyle surveys that we provide to users.

How we collect and use (process) your personal information

We collect your personal information from the following categories of sources:

  • Directly from you. When you provide it to us directly by using the Services;
  • From third parties. From time to time, Tally Health receives personal information about individuals from third parties. We may also collect your personal information from a third party website (e.g. LinkedIn);
  • Automatically or indirectly from you. As is true of most other websites, Tally Health’s website collects certain information automatically and stores it in log files. The information may include Internet protocol (IP) addresses, the region or general location where your computer or device is accessing the Internet, browser type, operating system and other usage information about the use of Tally Health’s website, including a history of the pages you view. We use this information to help us design our website to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

Tally Health has a legitimate interest in understanding how members, customers, and potential customers use the Services. This assists Tally Health with providing more relevant products and services, with communicating value to our customers and members, and with providing appropriate staffing to meet member and customer needs. In addition, we collect and process your personal information for the following business and commercial purposes: 

  1. Providing, predicting, or performing, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, and processing payments (however, payments are processed through Shopify so that we do not receive your full payment card details. Please refer to Shopify’s privacy policy).
  2. Marketing our products and services to you and others, including sending you messages about our products, services, and events. 
  3. Communicating with you by email, SMS, postal mail, and other methods of communication, about products, subscriptions, services, order status, and information tailored to your requests or inquiries. 
  4. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  5. Debugging to identify and repair errors that impair existing intended functionality.
  6. Undertaking internal research for technological development and demonstration.
  7. Undertaking activities to verify or maintain the quality or safety of the services or devices owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the services or devices owned, manufactured, manufactured for, or controlled by us.
  8. Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.
  9. As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.

Cookies and tracking technologies

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. "Cookies" are pieces of information that may be placed on your computer by a website for the purpose of collecting data to facilitate and enhance your communication and interaction with that website. Such data may include, for example, the address of the websites you visited before and after you visited our Service, the type of browser you are using, your Internet Protocol (IP) address, what pages in the Service you visit and what links you clicked on, the region where your device is located, and geographic information based on your IP data. We may store some information on your device or device hard drive as a cookie or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of the Service. We may also use cookies to customize your visit to the Service and for other purposes to make your visit more convenient or to enable us to enhance our Services.  You may restrict or block the use of cookies through your web browser’s settings.


Sharing information with third parties

The personal information Tally Health collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. 

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our Services, such as the labs who process and analyze user samples, courier companies, and hosting providers.  However, the Your Privacy Rights section below explains how to opt-out of certain data transfers under applicable law.

A list of our primary third party service providers can be found here: 

  • MetaLab: Develops our user interface and website. 
  • OK Capsule: Our supplement packaging partner receives your name and address so they can ship your supplements.
  • Shopify: Our payment processor.
  • SLP: Our DNA kit provider receives your name and address so that they can ship your kit. 
  • Tempus/Akesogen: The lab that processes your DNA will send de-identified data to our AWS servers. 

We do not otherwise reveal your personal information to non-Tally Health persons or businesses for their independent use unless: (1) you request or authorize it; (2) the information is provided to comply with the law (for example, compelled by law enforcement to comply with a search warrant, subpoena, or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (4) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (5) to address emergencies or acts of God; or (6) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf. 

We may also gather or generate aggregated or de-identified data about our services and website visitors and disclose the results of such information (but not personally identifiable) to our partners, service providers, advertisers, and/or other third parties for marketing or promotional purposes. When we do so, we commit not to attempt to re-identify the information and shall contractually obligate the recipients to commit so as well.

In addition, we may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal information we obtain from or about you via our website may be disclosed to any potential or actual third-party acquirers and may be among those assets transferred.

The Tally Health website connects with third party services such as Facebook, LinkedIn, Twitter and others. If you choose to share information from the Tally Health website through these services, you should review the privacy policy of that service. If you are a member of a third party service, the aforementioned connections may allow that service to connect your visit to our website to your personal information.

In the past twelve (12) months, we shared for a business purpose the categories of personal information under “Personal information we collect” above with service providers such as those set forth in “Sharing information with third parties” above.

Information we collect about you will be processed in the United States. By using Tally Health’s services, you acknowledge that your personal information will be processed in the United States. 

For more information or if you have any questions, please contact us at hello@tallyhealth.com 


Your privacy rights

U.S. State Law Privacy Rights.  The California Consumer Privacy Act of 2018 and its successor legislation and similar laws in other U.S. states (collectively, “Applicable State Laws”) provide certain residents with specific rights regarding their personal information, which are as follows:

  1. Right to Know: You have the right to request that we disclose certain information to you about the personal information we collected, used, disclosed, and sold about you in the past 12 months. This includes a request to know any or all of the following:
    1. The categories of personal information collected about you;
    2. The categories of sources from which we collected your personal information;
    3. The categories of personal information that we have sold or disclosed about you for a business purpose;
    4. The categories of third parties to whom your personal information was sold or disclosed for a business purpose; 
    5. Our business or commercial purpose for collecting or selling your personal information; and
    6. The specific pieces of personal information we have collected about you.
  2. Data Portability: You have the right to request a copy of personal information we have collected and maintained about you in the past 12 months. 
  3. Right to Deletion: You have the right to request that we delete the personal information we collected from you and maintained, subject to certain exceptions. Exceptions include data required for historical logging and audit trails. Please note that if you request deletion of your personal information, we may deny your request or may retain certain elements of your personal information if an exception applies under Applicable State Laws.
  4. Right to Correction: You have the right to correct inaccurate personal information that we have collected and maintain about you.
  5. Right to Opt-Out of Sales: You have the right to opt-out of the sale of your personal information; however, we do not “sell” personal information, as that term is defined under Applicable State Laws.
  6. Right to Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights under Applicable State Laws. 

To exercise your rights under applicable state laws and as described in this section, please submit a request to us by either emailing us at hello@tallyhealth.com.

Only you, or a person or business entity that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the Personal Information or an authorized representative of that person. We will need to validate any request to exercise these rights, including any authorized agent, which may include asking for proof of residency, asking you to match to data that we have and other methods.

In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity, and value of the information, including the risk of harm to you posed by any authorized access or deletion. Verification will be performed by matching the identifying information provided by you to the personal information that we already have. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.

Your California Privacy Rights

California’s “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the email address below, and are free of charge. However, we do not disclose personal information protected under the “Shine the Light” law to third parties for their own direct marketing purposes.

Your Nevada Privacy Rights 

Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to hello@tallyhealth.com.  

Security of your information

We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal information. Those safeguards include: (i) the pseudonymization and encryption of personal information where we deem appropriate; (ii) taking steps to ensure personal information is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards. 

However, no method of safeguarding information is completely secure. While we use measures designed to protect personal information, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure. 

Data storage and retention

Your personal information is stored by us on our servers, and on the servers of the cloud-based database management services that we engage, located in the United States. We retain service data for the duration of our customer’s business relationship with us and for a period of time thereafter, to analyze the data for our own operations, and for historical and archiving purposes associated with our services. We retain prospect data until such time as it no longer has business value and is purged from our systems. 

Children’s data

We do not knowingly attempt to solicit or receive information from children under the age of 18. By using the Services, you represent that you are 18 years of age or older.

Communications opt-out 

You may opt out of receiving marketing or other communications from us at any time through a given communications channel (such as email) by following the opt-out link or other unsubscribe instructions provided in any email message received, by contacting us as provided at the end of this Privacy Policy.

Modification and updates 

This Privacy Policy replaces all previous disclosures we may have provided to you about our information practices with respect to the Services and the Tally Health website. We reserve the right, at any time, to modify, alter, and/or update this Privacy Policy, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Policy. We will use reasonable efforts to notify you in the event material changes are made to our processing activities and/or this Privacy Policy, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Policy will constitute your acknowledgment of the amended Privacy Policy.

Applicability of this Privacy Policy 

This Privacy Policy is subject to the Terms of Use that govern your use of the Services. This Privacy Policy applies regardless of the means used to access or provide information through the Tally Health website.


This Privacy Policy does not apply to information from or about you collected by any third-party services, applications, or advertisements associated with, or websites linked from, the Tally Health website. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith. 


Questions, concerns or complaints

If you have questions, concerns, complaints, or would like to exercise your rights, please contact us at:

Tally Health 

228 Park Avenue South

PMB 28994

New York, NY 10003

hello@tallyhealth.com 

tallyhealth.com