Bía Privacy Principles
Bía is a company that helps people understand how sleep affects their health.
Your health data belongs to you (not us), and you can decide how it is used.We believe you should control your own biological health data, and our goal is to make it easy for you to see, export, and delete your own information.It's also up to you to decide how your data on Bía can be used. If you don't wish to contribute your personal data for product improvement and sleep research purposes, you can opt out of that sharing by sending us an email at [email protected]. We'll never access or use your information in ways you haven't agreed to.
We respect your right to privacy and will protect your information.
We'll work to collect as little information as needed to provide a valuable service, and we will continually look for ways to collect less.We will keep your information secure by prioritizing data security in every decision we make, and by ensuring that our security practices stay up-to-date.
We don’t monetize your data.
We don’t sell (or sell access to) your data to third parties (for advertising, or for other purposes).You may be asked to contribute your data to research initiatives that will help us on our mission of enhancing sleep. By contributing your data to research, you help researchers form a detailed understanding of how people are living, how poor health outcomes develop, and how optimal outcomes can be built.
What information we collect, and why
Your account details
When you create an account with Bía, we may ask for your first and last name, email address, phone number, and address.
You can also choose to enter your date of birth, weight, height, and other biometrics to improve your app experience.
Your payment information
When you pay for Bía or opt in to a subscription, we use Shopify Pay to collect, store, and process your payment information.
Bía does not have access to your full credit card information.
Your sleep data
BíaSleep collects biometric data including but not limited to brain activity, movement, light, and temperature.
Bía creates insights and sleep scores based on your biometric activity, and makes this visible to you in the Bía app.
Our interactions – feedback & support
When you contact our Team, we retain the phone, chat, or email log as part of our records.
If you participate in product feedback sessions, we may record the sessions for future reference. We'll always let you know verbally if a call is being recorded.
Your logs – tags, activities, notes
When using Bía, you'll likely add tags, notes, and activities. You may also import sleep data, heart rate data, and activity data from your device.
Access to this information is limited to those with a business need, like support team members, data scientists, product managers, or engineers.
Third Party Tools, Analytics & Advertising
We take responsibility for your information by only integrating with 3rd party tools that respect your privacy and share our data privacy standards and commitment.
How we use your data
Identifiable, member-specific data
Bía uses your data to personalize in-app insights, education, and resources to improve your experience.If you request help from our support or engineering teams, we may need to access your account and associated information for troubleshooting.Bía occasionally contributes to sleep research. You may be asked to contribute your data to our ongoing product improvement and research studies.
Aggregated and de-identified health data for product improvement and research purposes
Bía uses aggregated, de-identified (anonymized) data to improve the product, including to develop sleep insights.
How we store and secure your data
Your data is stored on one or more secure databases hosted by third parties. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. Our security practices currently include, but are not limited to:
- Hardware security tokens
- Multi-factor authentication
- IP whitelists
- Encryption at rest
- Code reviews for all code changes
- The ability to quickly revoke access to member data as needed
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our App or website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
The majority of Bía’s customers are located in the United States, and that’s where we store and process your data — by using Bía, you agree for your data to be transferred and processed in the United States.
A note if you’re in the UK or EU
The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. Pursuant to Article 46 of the GDPR, Bía is providing for appropriate safeguards by entering binding, standard data protection clauses, enforceable by data subjects in the EEA and the UK. These clauses have been enhanced based on the guidance of the European Data Protection Board and will be updated when the new draft model clauses are approved.
If you have any questions, feel free to email us at [email protected].
How we share or disclose your data
We will share your data with third parties only under the following circumstance:You request or authorize us to share your dataThe information is needed by our agents, vendors, or service providers to perform functions on our behalfWe are required to by law (for example, to comply with a search warrant, subpoena, or court order)If necessary and with your permission, we will share medical information you provide with an independent telemedicine serviceWe will not sell your data, or sell access to your data. And we'll never use it ourselves for advertising third-party products.
How to export & delete your data
Bía retains member data on secure servers for the duration of its business relationship with the member, and for an indefinite period of time afterward. Bía is a steward of your data, and you have the right to ask us to delete it at any time.
What you can delete
You can request that we delete all your identifiable data stored by Bía by emailing us at [email protected]. We will verify that you are the one making this request.
Bía will comply with your request to delete your data no later than one month after you make your request, unless more time is required to verify your identity.
What we can't delete
Your payment history and details, including your billing address is stored with our payment processors, and saved for accounting and fraud prevention purposes.
We cannot delete your data that may be stored with any third parties.You'll need to reach out to those third parties for assistance removing your records from their services.
List of third parties that handle Bía member data:
- Amazon Web Services: Data warehouse and data analysis
- Amazon SES: Transactional Email
- Klaviyo: Marketing Email & SMS
- Shopify: Website Hosting
- Shopify Pay: Payment processing
- Typeform: User Surveys
GDPR (UK + EU)
Under the the UK’s and EU’s General Data Protection Regulation (EU-GDPR and UK-GDPR) and other countries’ privacy laws, you have several rights relating to your data. These include:
Right to be informed: You have the right to know what data we collect, how we use it, and what your rights are.Right of access: You have a right to ask us for your data.Right to rectification: If you find a mistake in your data, you have the right to have the mistake corrected.Right to erasure: You have the right to ask us to erase your data to the extent we are allowed to by law.Right to restrict processing: You have a right to ask us to stop using your data.Right of data portability: You have a right to ask for your data in a “commonly used and machine-readable format,” so that you can easily take your data elsewhere if you want to.Right to object: You have the right to object to how we are using your data. (This works a lot like the “right to restrict processing.”)Rights related to automated decision making, including profiling: You have a right to ask us *not* to use your personal information to make decisions in an automated way (example: a car insurance company feeds your personal information into an algorithm, which uses that information to adjust your insurance premium.)
In addition to these rights, you also have the right: To withdraw any consents you’ve given to BíaTo request information about how Bía is using your data, who might have received your data, where your data came from, and how long it has been stored.To lodge a complaint with the appropriate data-protection authority if you have any concerns about how Bía processes your personal data.If you have any questions about these rights or would like to exercise them, please email [email protected] and we’ll be happy to help!
All members must be 18 years of age or older to use the Bía product and platform.
Bía does not knowingly collect any information from children under the age of 18. If you are under the age of 18, please do not submit any information through our website or app. We encourage parents and legal guardians to monitor their children's Internet usage.
If Bía learns or believes that it has collected information from a person under the age of 18, it will promptly delete those data and take reasonable steps to identify and notify the person’s parents about what information was collected, and how it was deleted.
If you have reason to believe that an individual under the age of 18 has provided Personal Information to us through our Website or Service, please let us know by sending an email to [email protected]
Changes & amendments
You can send a message to [email protected].
We’ll be happy to help out.
Bía Neuroscience, Vancouver, Canada