1. What is “Personal Data”?
“Personal Data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Data falls within certain categories, for example:
• Identifiers (e.g., name, email, telephone number, address, username);
• Sensitive Information (e.g., government identification number; precise geolocation; racial or ethnic origin; religious beliefs; health information; contents of messages when we are not the recipient; in some cases, information about a known child);
• Legally protected information (e.g., race, citizenship, marital status, sex);
• Employment-related information (e.g., current or past employment);
• Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99);
• Biometrics (e.g., DNA, face/voice prints, health data) and audio, electronic, visual, thermal, or olfactory information;
• Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
• Internet or other similar activity (e.g., browsing history; content interactions); and
• Inferences drawn from Personal Data to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes;
Not all information is protected as Personal Data, for example: publicly available information; aggregated information (meaning data summaries or reports with Personal Data removed); and anonymized information that cannot be linked back to an individual.
2. Your Health Privacy
Youtopia is committed to providing the Services in a manner that ensures that the health information you entrust to us remains private and secure. While Youtopia is not a covered entity under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we designed the App, our Discovery Centers, and our Services offered in collaboration with the MaxWell Clinic to meet the standards set by HIPAA, Health Level Seven messaging standards, and International Organization for Standardization requirements for healthcare products and health records.
You may choose to provide us with health information when you use certain Services, like populating your Account profile or completing wellness experiences at a Discovery Center. Also, with your consent, we may have access to certain protected health information if you choose to combine your use of our Services with your receipt of healthcare experiences from the MaxWell Clinic or another clinic or provider that is affiliated with Youtopia. All health information you entrust to Youtopia will remain private and secure according to HIPAA standards. Additionally, Youtopia supports your access to MaxWell Clinic healthcare experiences through our Discovery Centers by complying with HIPAA and the MaxWell Clinic’s privacy practices.
3. Children’s Privacy
You must be at least 18 years old to use Youtopia. A registered user (“User”) may add a minor to their account as a dependent to their account, but Youtopia will never knowingly collect Personal Data from a minor online. If we learn we have collected or received Personal Data from a child under 18 without authorization, we will delete that information.
If you wish to add a minor as a Dependent to your Account, you must first agree to our Linked Accounts Agreement in which you confirm that you are the minor’s legal guardian and you must consent to Youtopia collecting Personal Data from the minor online. Once you have executed the Agreement to Add Dependent, you may create Account access for the Dependent to use the Services under your Account. You are solely responsible for all activity on your account by your Dependent(s).
4. Collecting and Processing Personal Data
User Registration. When you register as a User, we will collect information to register your account and complete a User profile:
• We collect identifiers like your name and email address, and you have the option to provide your wireless number for SMS identity verification. Users must provide either an email or a cell number to maintain an account. We also collect your location to confirm that our Services are available in your area.
• You will have the option to complete a phenotype quiz that collects your date of birth, biological sex, height, weight, jean size, and activity level to generate a Nourishment Score and populate a personalized menu.
We collect this information with your consent, and we use it to facilitate your account and to communicate with you about the Services.
Nutrients. You can shop Nutrients menus and make purchases. If you use Nutrients:
• We keep track of your commercial history like orders placed, menus browsed, meal preferences, and delivery information.
• You have the option to submit information about food intolerances, allergies, and preferences.
• If you list other Users as your dependents or friends, we will link their information to yours so you can place orders as a group.
We collect this information with your consent, and we use it to fulfill your Nutrients orders and to deliver tailored menus and content to you.
Discovery Centers. At our Discovery Centers, you have the option to participate in our wellness experiences or access healthcare experiences as a patient of the MaxWell Clinic. Our Discovery Centers are designed to meet HIPAA, Health Level Seven messaging standards, and International Organization for Standardization requirements for healthcare products and health records. Additionally, Youtopia supports your access to MaxWell Clinic healthcare experiences through our Discovery Centers by complying with HIPAA and the MaxWell Clinic’s privacy practices.
During your Discovery Center experience, Youtopia may collect health information or other Personal Data, for example:
• For physical assessments, we may collect health information or family details.
• For lab screenings, we may collect biometrics from lab samples you provide.
• Experience outcomes are posted to your Account dashboard and only accessible to you.
The collected information may be combined with Personal Data from your Account as needed to facilitate your receipt of these Services. You choose to participate in these experiences, and you consent to all Personal Data collection at Discovery Centers prior to beginning the experience. We use the information to provide you with the experiences you have selected, to update your Nutrients Score, and to enhance your User experience.
An initial health assessment or test may be required to access subsequent experiences. All subsequent experiences are fully optional. Any healthcare, diagnostics, treatment, or other medical care you receive through a Discovery Center is provided to you as a patient of the MaxWell Clinic. Please note that the MaxWell Clinic is a healthcare provider governed by its own policies and protocols. You should contact the MaxWell Clinic directly with any questions about their privacy practices.
MaxWellness. Users who complete certain prerequisite experiences have the option to book Telemedical or Consultation appointments with the MaxWell Clinic or Telewellness visits with Youtopia or MaxWell Clinic personnel as appropriate. Additionally:
• Telemedical and Telewellness visits are recorded and then transcribed using secure technology. Transcriptions become part of the User’s medical record.
• Consultation clinical notes are added to the User’s medical record.
• Users receive care from the MaxWell Clinic as patients under the MaxWell Clinic’s HIPAA and privacy practices.
Personal Data collected through your MaxWellness Clinic experiences is collected with your consent or as permitted by HIPAA or other applicable laws. This Personal Data is used solely to provide you with the MaxWellness Clinic experiences and other Services you request.
For You. For You is your genius best friend that helps you optimize your life. The For You feature leverages artificial intelligence to deliver personalized recommendations, content, and experiences.
• For You collects data from your profile and activity on the App, along with data you input when you ask questions.
• For You uses the input data to generate responses and recommend content personalized for you.
This data is collected with your consent when you input it to the Services, and used to provide you with the recommendations, content, and experiences that you request and that align with your use of the Services.
Longevity. The Longevity feature is a resource center for you to learn wellness and life skills that promote longevity.
• Longevity does not collect any Personal Data, but Youtopia will keep track of which articles and resources you access to offer you similar content in the future.
• We may ask you if you enjoyed a resource to gauge its popularity amongst Users or to recommend related content to you.
We collect this information to achieve our legitimate interest in providing Users with quality resources to support their efforts in achieving longevity.
User Support. If you contact us online or through other means, we will collect Personal Data from you to respond to your inquiry:
• If you request information about our Services or other resources we offer through an online form, by text, email, or phone, we will collect your name, email address and other contact information as needed to provide you with the information you request. We collect this information with your consent, and we use it for the purposes stated at the time of collection, to provide you with our Services, and to communicate with you or send you direct marketing communications.
• We may record calls between you and members of our team for quality monitoring, training, to improve our Services, and for other internal business purposes. You will be notified if your call is being recorded. By staying on the line after receiving the notification, you consent to the call recording. If you do not consent to call recording, you may end the call or ask to not be recorded.
We collect this information with your consent, and we use it to respond to your inquiries and to communicate with you about the Services.
App or website. We may automatically collect technical data from your use of our website or App, such as:
• Device information (e.g., IP address, operating system, browser type, device ID).
• Usage details (e.g., traffic data, search queries, content interactions).
• Analytics and functionality data to ensure the website and App function as intended.
• Youtopia does not use any cookies for targeted advertising, cross-platform tracking, or sale of Personal Data.
We collect this information to achieve our legitimate interest in providing and improving our Services.
5. Retaining Personal Data
Youtopia brings you the tools and knowledge to help you work towards Precision Nourishment. We do this by analyzing your unique wellness information over time in order to offer you tailored options to work toward improved wellbeing. To make this possible, we must retain your Personal Data long enough to provide you with meaningful analyses throughout your wellness journey. Youtopia retains most types of Personal Data that we collect indefinitely unless you delete it. Other types of data are retained according to our internal policies. All data deletion is achieved using secure, industry standard best practices.
6. Data Security
Youtopia has implemented and maintains reasonable security measures to secure your Personal Data from accidental loss and unauthorized access, use, alteration, and disclosure. Our security measures are appropriate to the volume, scope, and nature of the personal data processed and designed to meet our duty of care with respect to your Personal Data.
Youtopia recognizes the sensitivity of the Personal Data you entrust to us, so we designed our systems to align with the privacy and trust principles adopted by the National Institute of Health. To this end, our security measures include:
• Encryption of all Youtopian Personal Data in transit and at rest.
• Identifiers (like name, email, etc.) are stored separately from the Youtopian’s health information.
• Multi-factor authentication is required to access a Youtopian’s health information.
• All Youtopia personnel with job duties requiring access to health information must complete privacy and security training.
• Integrity protection controls that detect if unauthorized alterations have been made to data on our systems.
• Regular security patching to keep our systems updated with the latest security patches.
• Change control and configuration management policies to ensure our system updates are tested, reviewed, and approved prior to implementing.
• Completion of regular independent third-party audits to test our systems for effective security controls and responsiveness to emerging threats.
Please bear in mind that submission of information over the Internet is never entirely secure. You are responsible for keeping your device access and login information confidential. You are also encouraged to install anti-virus and anti-malware software on your devices and keep all software updated to avoid security risks. We cannot guarantee the security of information you submit via our Services while it is in transit over the Internet, and any such submission is at your own risk.
7. Disclosing Personal Data
At Youtopia, we understand that the security of your Personal Data is essential to earning your confidence in our Services. The Services are designed to keep your Personal Data private, including our relationships with trusted third parties to provide key features of the Services. Youtopia will only disclose Personal Data to the third parties as described in this section, with your permission, or as required by law. In the preceding 12 months, we have disclosed the Personal Data we have collected to:
MaxWell Clinic. If you complete an experience or use a feature of the Services that is offered by or through the MaxWell Clinic, Youtopia will disclose your Personal Information to MaxWell Clinic as necessary to facilitate your receipt of those Services. Such disclosures of Personal Data are subject to a contractual relationship between Youtopia and MaxWell Clinic that includes requirements to safeguard User privacy according to HIPAA and other applicable laws.
Service Providers. Our service providers like laboratory screening services, medical professional services, data processing and analytics services, software providers, and email and data hosting providers may have access to Personal Data as needed to perform their contractual obligations to us. Service providers only have access to the minimum Personal Data necessary to perform their contracted tasks for us. We prohibit our service providers from further disclosing Personal Data to anyone, and we require all service providers to maintain confidentiality standards and appropriate technical and organizational measures to ensure the security of your Personal Data.
Law enforcement, and other governmental agencies, as permitted or required by law.
Other third parties, as permitted by applicable law, for example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.
Aggregated and Deidentified Information. We reserve the right to share aggregated, anonymized, or deidentified information about any individuals with nonaffiliated entities for marketing, advertising, research or other purposes, without restriction.
8. Your Personal Data
Youtopia provides you with options to control your Personal Data directly, including:
• Emails. We may send you informational or support emails related to your account. We may also send you marketing emails based on your stated preferences. To stop receiving emails from us, you can unsubscribe or change your preferences via the links provided in the emails. If you opt out of marketing communications, we may still send you messages about your account.
• SMS. If you provide us with your wireless phone number, you consent to Youtopia sending you informational or service text messages. The number of texts you receive will depend on the Services you use and the information you request from us. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions about messaging or data charges. You can opt out of our text messages by replying STOP to any text messages.
• Device Settings. You can control the data we collect through cookies and related technologies by adjusting your device settings or your cookie preferences on the Site.
• Block Location Tracking. You can stop all collection of information by an app by uninstalling it. You can also reset your device Ad Id at any time through your device settings, which is designed to allow you to limit the use of information collected about you. You can stop all collection of precise location data through an app by uninstalling the app or withdrawing your consent through your device settings.
• Opt-Out of Interest Based Ads. You may limit our use of information collected from or about your mobile device for purposes of serving online behavioral advertising to you by going to your device settings and selecting “Limit Ad Tracking” (for iOS devices) or “Opt-Out of Interest-Based Ads” (for Android devices).
• Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests.
• Privacy Questions. To access, correct, or delete your Personal Data, change your privacy settings, or request information, please email Youtopia at email@example.com with the subject line Re: Privacy Question. Note that we can only help with a Privacy Question when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Data, and to properly understand, evaluate, and respond to the request.
9. Your Privacy Rights
• Right to Access is the right to request confirmation that a business has collected Personal Data about you and provide you with access to that Personal Data. If you submit an access request, the business will provide you with copies of the requested pieces of Personal Data in a portable and readily usable format.
• Right to Correct is the right to request that a business correct inaccurate Personal Data about you on its systems. If you become aware that your Personal Data held by Youtopia is incorrect, please notify us and we will update our records as a courtesy.
• Right to Deletion is the right to request that a business delete your Personal Data from its systems. The business may permanently delete, deidentify, or aggregate the Personal Data in response to a request for deletion. Exceptions may apply.
• Right to Data Portability. In some circumstances, a business is required to provide your Personal Data to you at your request and in a portable and readily usable format.
• Right to Opt-Out means the right to opt-out of the sale of their Personal Data, processing for targeted advertising, or using their Personal Data to profile the them “in furtherance of decisions that produce legal or similarly significant effects.
Please direct any questions about these rights or our privacy practices to firstname.lastname@example.org with the subject line Re: Privacy Question.
10. Consent to Cross-Border Data Transfers
Youtopia is owned and operated in the State of Colorado in the United States and is designed to serve residents of the State of Colorado. You are solely responsible for determining whether their use of the Services complies with applicable laws. We do not warrant that our Services are appropriate or authorized for use in any other jurisdictions.
If you access the Services from outside the United States, please be aware that your Personal Data may be transferred to, processed, stored, and used in the United States or other jurisdictions. When your information is moved from your home country to another country, the laws and rules that protect your Personal Data in the country to which your information is transferred may be different from those of the country where you live. For example, if your information is in the United States, it may be accessed by government authorities under United States law.
By allowing us to collect Personal Data about you, you consent to the transfer and processing of your Personal Data as described in this section.
12. Third-Party Services
When using Youtopia’s Services, you may have the option to access or link to third-party services. Youtopia has no control, and we are not responsible for, the privacy and data collection, use, and disclosure practices of third-party services. We encourage you to read the privacy statements of each online service that collects your Personal Data.