Website Privacy Policy

 

Last Revised: November 13, 2023

TytoCare Ltd. together with its subsidiaries including without limitation TytoCare Inc. (“Tyto”, “Company” “we” or “us”) respect the privacy of the Users of our Site and are committed to protect the Personal and Medical Information that Users share with us in connection with the use of the Site.
This Privacy Policy (the “Website Privacy Policy”) is intended to describe our practices regarding the information we may collect from you when you use and access our Website located at www.tytocare.com and any of its subdomains or otherwise any other website deemed to be governed by this Website Privacy Policy (the “Site”) the manners in which we may use such information, and the options and rights available to you.
Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our Website Terms of Use available at https://www.tytocare.com/terms-and-conditions/ (the “Website TOU”), which this Website Privacy Policy is incorporated thereto by reference.
If you are a resident of California or other applicable US jurisdictions (including without limitation Colorado, Connecticut, Virginia, Utah, and Nevada, please see Sections 18 to 23 below for information about US residents privacy rights, and other required disclosures.

1. Scope and Applicability

This Website Privacy Policy applies only in connection with your use of the Site. This Website Privacy Policy  does not apply to any use of the Tyto Solution (as defined below) including any TytoCare telehealth communication services, TytoCare mobile, desktop and web applications and/or to the TytoCare devices, use of which is governed solely by our Tyto Services Terms of Use and the Tyto Services Privacy Policy located at https://www.tytocare.com/terms-and-conditions/ and at https://www.tytocare.com/privacy-policy/  (together the “Solution Terms”).

2. Your Consent (PLEASE READ CAREFULLY!)

BY ENTERING, CONNECTING TO, ACCESSING OR USING THE SITE, YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS WEBSITE PRIVACY POLICY, INCLUDING THE COLLECTION AND PROCESSING OF YOUR PERSONAL AND MEDICAL INFORMATION (AS DEFINED BELOW). IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS AND/OR USE THE SERVICE IN ANY MANNER WHATSOEVER.
To the extent that you use or access the Site on behalf of a person who is not you, such use must be conducted solely in strict compliance with the TOU and the terms hereof and you shall be solely responsible to have or receive and hereby represent that you have or received the consent, authority, permission and approval of such person  to provide the Personal Information detailed above and allow Tyto to collect, store, and use such personal Information in accordance with this Website Privacy Policy. If you are acting on behalf of another person who is a minor, you must also follow the terms in Section 7 herein.
IMPORTANT:
PLEASE NOTE: YOU ARE NOT OBLIGATED TO PROVIDE US WITH ANY PERSONAL OR MEDICAL INFORMATION. YOU HEREBY ACKNOWLEDGE AND AGREE THAT YOU ARE PROVIDING US WITH SUCH INFORMATION AT YOUR OWN FREE WILL, FOR THE PURPOSES DESCRIBED IN SECTION ‎4 BELOW, AND THAT WE MAY USE, PROCESS AND RETAIN SUCH PERSONAL OR MEDICAL INFORMATION IN ACCORDANCE WITH THIS WEBSITE PRIVACY POLICY AND SUBJECT TO ANY APPLICABLE LAWS AND REGULATIONS. 

3. Types of information we may collect on our Users?

We may collect three types of data and information from our Users:
  1. Personal Information, which is information that identifies an individual or may with reasonable effort identify an individual, either alone or in combination with other information, or may be of private or sensitive nature including Medical Information of a User, all unless anonymized; and
  2. Non-personal Information, which is non-identifying and non-identifiable information, without particular reference to the identity of the User from or about whom such information was collected.
  3. Medical Information, which is any medical information, including physiological data of the body parts or organs, physiological data, diagnosis, tests, results, treatments, prescription, therapy, counseling, laboratory and any other health related information.
For the avoidance of doubt, any Non-personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists. In this context it is important to note that Medical Information may be categorized as either Personal Information or Non-Personal Information in accordance with the definitions above and the characteristics of each specific item of Medical Information.

4. Categories of Personal Information; How we collect information of our Users

  • Personal and Medical Information which you actively provide to us through the Site. This is information you intentionally and/or actively provide to us in the course of your use of the Site (such as via our “Contact Us” or “request more info”, or “book a demo” forms, as may be applicable) about yourself and/or about another person, such as, full name, personal or work e-mail address, company name, job title, country, phone number, full address, postal code relevant health services network, benefits and/or plans and any other category of personal information which may be included in the message you send us during your use of the Site or when you contact us directly, in addition, we may collect information relating to purchases and orders of the Tyto device made through the Site if applicable.
  • Personal Information which is being collected by us automatically when you use or access the Site.This is information which we automatically receive upon you access or interaction with our Site .This information may include:
    • IP address, UDID (Unique Device Identifier) or other persistent user and/or mobile device token (as applicable), geolocation to extent enabled, advertising ID, device type, operating system, browser type and version, screen resolution, browser and keyboard language, the User’s ‘click-stream’ and activities on the Site, the period of time the User visited the Site, related time stamps and other information and logs that pertain to how our Site is used and accessed.
We will not collect any Personal and Medical Information from you or related to you without your approval, which is obtained, inter alia, through your active acceptance of the TOU and this Website Privacy Policy.
  • Non-Personal Information is collected through your use of the Site. We may be aware of your use of the Site, and may gather, collect and record the information relating to such usage, either independently or through the help of our third-party services as detailed below. We may also collect Non-personal Information through the analysis aggregation and anonymization of Personal Information provided by you.

5. The Purposes and Legal Basis of the Collection, Processing and Use of Information

Legal Basis for Use
We collect, process and use your Personal Information for the purposes described in this Website Privacy Policy, based at least on one of the following legal grounds:
  • In Performing an agreement with you: We collect and process your Personal Information in order to provide you with the Site, following your acceptance of this Website Privacy Policy and pursuant to the Terms of Use; to maintain and improve our Site and our offerings in the Site; and to personalize the use of the Site in order for you to get a better user experience.
  • With your consent: We ask for your agreement to collect and process your information for specific purposes and you have the right to withdraw your consent at any time.
  • Legitimate interest: We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our services, protecting against harm to the rights, property or safety of our properties, or  our users, or the public as required or permitted by law; Enforcing legal claims, including investigation of potential violations of this Website Privacy Policy; in order to comply and/or fulfil our obligation under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request, as well as our TOU.
Purpose of Use
We may use the Personal Information that we collect about you for the following purposes:
  • To provide, operate and improve the Site for our Users and to manage our business.
  • To send you updates, notices, notifications, and announcement related to the Site as well as newsletters, coupons, commercial offers and additional communications regarding the Tyto Solution and our services.
  • To verify your eligibility and deliver prizes in connection with promotions and referral programs we may hold from time to time;
  • To be able to manage your Site Account, if applicable and provide you with customer support services. to enable us to further develop, customize and improve the service based on Users’ common preferences, uses, attributes and anonymized or de-identified data;
  • To create cumulative statistical data and other cumulative information and/or other conclusive information that is non-personal, to enable us to provide our Users with a better user experience with more relevant and accurate information, services, third party services, features and functionalities, statistical and research purposes, etc. and improve our Site.
  • To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities,
  • To complete a transaction you wish to make through the Site, including the purchase and delivery of the Tyto Solution and our services.
  • To comply with any applicable rule or regulation, to protect our legal interests and/or respond to or defend against (actual or potential) legal proceedings against us or our affiliates.
  • When you order the Tyto Device through the Site, to allow you to make such order and facilitate delivery and payment if applicable.

6. Sharing Information with Third Parties

Tyto will not share or otherwise allow access to any Personal or Medical Information it collects to any third party, except in the following cases:
(a) Law enforcement, legal proceedings, and as authorized by law: We may disclose Personal Information to satisfy any applicable law, regulation, legal process, subpoena or governmental request;
(b) Protecting Rights and Safety: We may share Personal Information to enforce this Website Privacy Policy and/or the Website TOU, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; ; to respond to claims that any content available on  the Site violates the rights of third-parties;  to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment; and to protect the rights, property, or personal safety of Tyto, any of its Users, or the general public;
(c) Our Affiliated Companies: We may share Personal Information internally with our family of companies for the purposes described in this Website Privacy Policy. In addition, when Tyto or any of our affiliated companies is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets, we may share Personal Information with the parties involved in such event. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have via e-mail and/or prominent notice on our Site;
(d) Third Party Services: We partner with certain third parties to provide selected services that are used to facilitate and enhance the Site and your use thereof  (“Service Providers”). Such Third Party Service Providers may have access to, or process on our behalf Personal Information which we collect, hold, use, analyze, process and/or manage. These Service Providers include hosting, database and server co-location services (e.g. Amazon Web Services in the USA and Israel), data analytics services (e.g. Google Analytics), session replay records for app analytic purposes such as crashes, functionality and usability (e.g. Crashlytics), remote access services (e.g. RedBand), data and cyber security services (e.g. Incapsula), fraud detection and prevention services (e.g. Amazon Web Services), e-mail and text message distribution and monitoring services (e.g. Active Campaign), payment processors (e.g. Instamed) dispute resolution providers, customer support and call center services (e.g. Iqor), and our business, legal and financial advisors (collectively, “Third Party Service Providers”). We remain responsible for any Personal Information processing done by Third Party Service Provider on our behalf, except for events outside of our and/or their  reasonable control, and except with respect to Third Party Service Providers with which you are contractually engaged, either  through a prior separate contractual engagement and/or through acceptance of their privacy policy and terms of use if such are referenced herein.
(e) Benefit Plan Operators and Healthcare Networks: We may share your personal information, with your respective healthcare networks and benefit plan operators, where you wish to exercise any benefits or entitlements available through our Site vis a vis such networks and operators,  for the purposes of allowing them and us to administer the services and benefits to which you are entitled. Use and processing by such healthcare networks and benefit plan operators of Personal Information we share with them, is governed by the terms of your direct engagement with such parties.
For avoidance of doubt, Tyto may transfer and disclose to third parties or otherwise use Non-personal Information (which includes Medical Information which is Non-Personal including by being anonymized) at its own discretion.

7. Storage, Transfer and Retention of your Information

Information regarding the Users will be maintained, processed and stored by us and our authorized affiliates and service providers in the United States, Canada, EU and in Israel.
While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your Personal Information on our behalf are each committed to keep it protected and secured, pursuant to this Website Privacy Policy, applicable laws and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.
Specifically, each of our Third Party Service Providers which store or process your Personal Information either: (i) assured us that they provide adequate safeguards to protect your rights to privacy; (ii)  where applicable, hold and process such information on our behalf in a jurisdiction which has been determined to ensure an adequate level protection by the EU Commission; (iii) perform such processing pursuant to your consent and acceptance of their privacy policy and related terms as detailed in Section 6(e) above and 10 below.
By providing your information, you expressly consent to the place of storage and transfer described above, including transfers outside of the jurisdiction in which the information was provided.
We retain the Personal Information we collect only for as long as needed in order to provide you with use of our Site in accordance with the terms of this Website Privacy Policy and to comply with applicable laws and regulations or otherwise as required for us to protect against claims by Users for the relevant statutory of limitations period. We then either delete from our systems or anonymize it without further notice to you.

8. Updating, Obtaining a copy of, or Deleting of Personal Information

If for any reason you wish to exercise any rights to which you are entitled, under the law applicable to you, such as correction, deletion, access to and notification of the types of your Personal Information processed by us or on our behalf,or delete your Site Account, you may do so by contacting Tyto support at support@tytocare.com. When handling these requests, we may ask for additional information to confirm your identity and your request.
Subject to limitations pursuant to applicable law and if entitled to the same there under, if you wish to exercise your right to access your Personal Information, you may be able to obtain the Personal Information you directly provided us (excluding data we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party. We may provide such access through the Site .
Please note, upon request to delete your Personal Information, we will delete any such Personal Information pursuant to any applicable privacy laws or otherwise de-identify any such Personal Information and thereby transform it to become Non-Personal Information. We may retain such data in whole or in part to comply with any applicable rule or regulation and/or to respond or defend against legal proceedings versus us or our affiliates.
To find out whether these rights apply to you and on any other privacy related matter, you can contact your local data protection authority if you have concerns regarding your rights under local law.

9. Minors

To use our Site, open a Site Account, if applicable, and accept the terms of this Website Privacy Policy, you must be over the age of eighteen (18). If you are between 16 and 18 years of age, then you must review this Website Privacy Policy with your parent or guardian before visiting or using our Site, to make sure that you and your parent or guardian understand these Terms and that your parent or guardian agree to them. Without relieving you of your responsibility to comply with the WebSite TOU and the terms hereof we reserve the right (without obligation) to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using our Site.
If You have added and listed a User under the age of 18 you hereby declare to Tyto that You are the parent or legal guardian of such User with sufficient rights to do so.
In the event that it comes to our knowledge that a person under the age of eighteen (18) is using our Site, not in accordance with the abovementioned terms, we will use our best efforts to prohibit and block such User from accessing our Site and will use our best efforts to promptly delete any Personal Information.

10. Local Storage and Third Party Software/Service, Cookies and other Tracking Technology

Local Storage. When you access or use the Site, we may use industry-wide technologies which temporarily store certain information on your end device(such as your smartphone, your computer or other browsing device) (“Local Storage”), and which will allow us to enable proper use of the Site, automatic activation of certain features, make your browsing experience much more convenient and effortless and to provide our customers and potential customers with more relevant advertisements of the Tyto Solution and our services. The Local Storage is created per session and may be deleted by you or otherwise configured by you to not accept any such local storage.  We also use certain monitoring and tracking technologies, including ones offered by Third Party Service Providers in order to collect and process Personal Information we specified above. For example, these technologies enable us to: (i) keep track of and apply our customer’s and potential customers’ Site preferences and authenticated sessions, (ii) better secure our Site by detecting abnormal behaviors, (iii) identify technical issues and improve the overall performance of our Site; (iv) monitor and analyze our ads’ performance; (v) create and monitor analytics relating to use of our Site; and (v) deliver to you targeted advertisements that are more tailored to you based on your browsing activities and inferred interests.
Cookies: To learn more about tracking technologies please refer to, www.allaboutcookies.org. Tracking technologies may include, Pixel tags (also commonly known as web beacons), transparent images, iFrames, or Java Script placed on our Site or our advertisements and emails, that is used to understand how you interact with the Site, such advertisements and emails. To learn more about our use of Cookies and other tracking technologies, please see our Cookie Policy. Some of these tracking technologies are provided to us by our Third Party Services Providers who collect and process Personal Information on our behalf. These Third Party Services Providers may have direct contractual relationship with you (such as Google and Facebook), as detailed in Section 6(d) above. Additionally, the services provided to us by such Third Party Services Providers may entail collection and processing of Personal Information by such Third Party Services Providers, in a scope which is broader than the scope of Personal Information we are eventually provided with by such Third Party Services Providers. This means that sometimes these Third Party Services Providers have access to more of your Personal Information than we do. For example, our payment gateway service provider has access to your financial information under strict terms, while we do not receive such access at all in order to better protect your rights. To the extent you have direct contractual relationship with any of our Third Party Services Providers, any rights you may have with respect to your information, collected by such Third Party Services Providers, shall be governed by the terms of your direct contractual relationship with such Third Party Service Providers and healthcare networks and benefit plan operators (as referred to in Section 6(e). Otherwise the terms of this Website Privacy Policy shall fully apply. In this context you should note that we may use Google Analytics, Meta, X, 6sense and LinkedIn’s functionality of re-marketing through their tracking cookies and pixel-based retargeting services. This means that if you provided your consent to Google, Facebook, Twitter or LinkedIn (the “Social Ad Platforms”) to be provided with personalized commercial offers, you may be served with ads (including advertisements of third parties) based on your access to the Site, outside of the Site and across the internet. Please visit the Social Ad Platforms Privacy policy to find out how they use such information:
If you wish to opt-out of such re-targeting and tracking functionality of the Social Ad Platforms, you may do so at the following links:
PLEASE NOTE – such tracking and targeting by Social Ad Platforms, is provided pursuant to your engagement with such Social Ad Platforms and the actual nature and scope of Personal Information collection and processing performed by such Social Ad Platforms is not transparent to us. If you would like to learn more or make further inquiries with respect to such nature or scope please refer to each of such Social Ad Platforms directly. In addition, if you wish that we do not use your personal information we obtain through use of cookies and pixel tags for the purpose of serving you personalized relevant ads, please send us an e-mail to support@tytocare.com, and we will respond within a reasonable time frame and in accordance with applicable laws.
Learn more about your choices and how to opt-out of tracking technologies: In order to delete or block any tracking technologies, please refer to the “Help” area on your internet browser for further instructions, or learn more by visiting our Cookie Policy. You may also opt out of third party tracking technologies by following the relevant instructions provided by each such third party in its privacy policy or by visiting www.youronlinechoices.eu, http://optout.networkadvertising.org/?c=1 or http://www.aboutads.info/choices/. Please note however that deleting any of our tracking technologies or disabling future tracking technologies may prevent you from accessing certain areas or features of our Site, or may otherwise adversely affect your user experience. Please also note that we do not respond to the ‘Do Not Track’ setting on your browser as the protocol and form for such setting and response thereto has not yet been generally accepted.

11. Direct Marketing

If you provide us with your contact details through the Site ,  you hereby agree that we may use such contact details, in order to contact you, inform you regarding our products and services which may interest you, and send you other marketing material, including news and updates by transmission to the e-mail address or phone number you have provided.
You may withdraw your consent by pressing the relevant unsubscribe in the relevant message in the email or by sending us a written notice via email to the following address: info@tytocare.com.

12. Security

We take a great care in implementing and maintaining the security of the Site, and our Users’ Personal Information. Our Users Personal Information, or parts thereof, are hosted on AMAZON AWS, which provides advanced security features. Tyto employs industry standard procedures and policies to ensure the safety of its Users’ Personal Information, and prevent unauthorized use of any such information, including secured transmission protocols and AES 256-bit encryption.  However, we do not and cannot guarantee that unauthorized access will never occur.
We urge you to use the strongest password combination available on your browsing device and employ reasonable physical security means to protect unauthorized access.

13. Third Party Websites

While using the Site you may encounter links to third party websites and/or services. Please be advised that such third party websites and/or services are independent from Tyto, and may use cookies and other web-tracking technologies, not specified or otherwise handled in our Cookie Policy, to collect Non-Personal and/or Personal Information about you. We assume no responsibility or liability whatsoever with regard to privacy matters or any other legal matter with respect to such third party websites and/or services. We encourage you to carefully read the privacy policies and the terms of use of such third party websites and/or services, as their terms, not ours, will apply to any of your interactions with such third parties. Tyto has no control over the use of any information you provide to these third party services.

14. Changes to the Website Privacy Policy

Tyto reserves the right to change this Website Privacy Policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes of this Website Privacy Policy on the Site and/or to your e-mail address if you have provided us with such address. Such substantial changes will take effect seven (7) days after such notice was provided on any of the above mentioned methods. Otherwise, all other changes to this Website Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Site after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

15. Compliance with HIPAA Privacy Regulations

Where applicable, our privacy practices are intended to comply with our obligations as a Business Associate with respect to your health care provider under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA“). In such event, we will maintain the privacy of your Personal Information as required by HIPAA and by any Business Associate Agreement we might have with your healthcare provider. We encourage you to review your healthcare provider’s Notice of Privacy Practices, which describes how your Provider may use and disclose your PHI to us and others.

16. Notice of Electronic Disclosure

The following notice is made pursuant to Section 181.154 to the Texas Health and Safety Code to the extent applicable – Subject to and in accordance with the terms hereof, PHI may be stored, processed, conveyed, and in some instances, disclosed in an electronic format. Tyto will provide you with a written notice and request a separate authorization in the event of electronic disclosure other than for the purpose of treatment, payment, health care operations, or as otherwise authorized or required by state or federal law.

17. General Information

Depending on your primary place of residency, this Website Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the following governing laws specified below, and any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in the following locations:
a) If your primary residence is in the USA, the governing law and the exclusive jurisdiction shall be the laws of the state of New York and the city of New York (respectively);
b) if your primary residence is in Europe, the governing law and the exclusive jurisdiction shall be the laws of England and Wales and the city of London (respectively);
c) If your primary residence is in Israel or in any other territory not mentioned in a) or b) above, the governing law and the exclusive jurisdiction shall be the laws of the State of Israel and the city of Tel Aviv.
This Website Privacy Policy was written in English and may be translated into other languages for your convenience. If a translated (non-English) version of this Website Privacy Policy conflicts in any way with the English version, the provisions of the English version shall prevail.

18. California Notice

This Section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”) effective November 2020, and as amended by the CPRA, effective January 1, 2023.
Please see the CCPA Privacy Notice available here which discloses the categories of Personal Information collected, purpose of processing, source, categories of recipients with whom the Personal Information is shared for a business purpose, whether the Personal Information is sole or shared, the retention period, and how to exercise your rights as a California resident.

19. Colorado Notice

This Section applies to Colorado residents acting only as an individual or in a household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context). Pursuant to the Colorado Privacy Act (“CPA”) please see below the disclosure of the categories of personal data that are collected or processed, the purposes, how consumers can exercise their rights, and appeal such decision, categories of third-parties the controller shares or sells the personal data, or sells the personal data for advertising and how to opt-out.
Personal Data” as defined in the CPA means information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.
Sensitive Data” includes (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data.
Under CPA, Tyto needs to provide a privacy notice that identifies the categories of personal data that are collected or processed, the purposes, how consumers can exercise their rights, and appeal such decision, categories of third-parties the controller shares or sells the personal data, or sells the personal data for advertising and how to opt-out.
In Section 4 “Categories of Personal Information; How we collect information of our Users” of the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent. Additionally, in Section 6 “Sharing Information with Third Parties” details and discloses the categories of third-parties with whom we share information for business purposes.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete your Personal Data. If the request is submitted by someone other than you, proof of authorization (such as power of attorney or probate documents) will be required.
We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at marketing@tytocare.com and specifying you wish to appeal. Within 60 days of our receipt of you’re appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/.
If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

20. Connecticut Notice

Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described b“low.
Persona” Data” means any information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CDPA scope, such as: HIPAA, non-profit entities, higher education, employment data and FCRA, Family Educational Rights and Privacy Act, Farm Credit Act.
Sensitive Data” under the CDPA means data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, citizenship, or immigration status; The processing of genetic or biometric data for the purpose of uniquely identifying an individual; Personal data collected from a known child; Precise geolocation data.
Under CDPA, Tyto is required to provide you with a clear and accessible privacy notice that includes: categories of personal data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of personal data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.
In Section 4 “Categories of Personal Information; How we collect information of our Users” of the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent. Additionally, in Section 6 “Sharing Information with Third Parties” details and discloses the categories of third-parties we share for business purposes. Note, under CDPA consent can be withdrawn within 15-days of notice at any time.
We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45 day response period, together with the reason for the extension.
If we decline to take action on your request, we shall so inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.
We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.  

21. Virginia Notice

Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal “ata.
Persona” Data” means any information that is linked or reasonably linkable to an identified or identifiable natural person, and does not include publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; Information excluded from the VCDPA scope, such as: HIPAA, GBPA, non-profit entities, employment data and FCRA, Family Educational Rights and Privacy Act, Farm Credit Act.
Sensitive Data” under the VCDPA means data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, or citizenship or immigration status; the processing of genetic or biometric data for the purpose of uniquely identifying a natural person; the personal data collected from a known child; and precise geolocation data.
The VCDPA requires Tyto discloses the categories of personal data processed, purpose of processing, how you can exercise your rights, including how you may appeal our decision with regard to the consumer request, the categories of personal data shared with third parties and with whom, and Tyto sells personal data to third parties or processes personal data for targeted advertising.
In Section 4 “Categories of Personal Information; How we collect information of our Users” of the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent. Additionally, in Section 6 “Sharing Information with Third Parties” details and discloses the categories of third-parties we share for business purposes.
We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at marketing@tytocare.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform
If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account for submitting a request. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request we will not be able to grant your request.

22. Utah Notice

Under the Utah Consumer Privacy Act (“UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your personal data are described below. “Personal Data” refers to information that is linked or reasonably linkable to an identifiable individual, and does not include de-identified data and publicly available data or data that is processed not within the scope of UCPA. In Section 4 “Categories of Personal Information; How we collect information of our Users” of the Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent. Additionally, in Section 6 “Sharing Information with Third Parties” details and discloses the categories of third-parties we share for business purposes. Note, under UCPA, our sharing practices with third-party analytic and advertising tools are not considered a “sale”.

23. Notice to Nevada Residents

Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and we will record your instructions and incorporate them in the future if our policy changes. You may send opt-out requests to marketing@tytocare.com.

24. Have any Questions?

If you have any questions (or comments) concerning this Website Privacy Policy, you are welcome to send us an email at info@tytocare.com and we will make an effort to reply within a reasonable timeframe.
By contacting us, you represent that you are free to do so and that you will not knowingly provide Tyto with information that infringes upon third parties’ rights, including any intellectual property rights. You further acknowledge that notwithstanding anything herein to the contrary, any and all rights, including intellectual property rights in such information provided, shall belong exclusively to Tyto, and Tyto may use or refrain from using any such information at its sole discretion.
You should not share any Medical Information when communicating with Tyto’s support and customer service team.