Last revised August 24, 2021.
This Privacy Notice discloses the information practices for Kumanu, Inc. When this Privacy Notice refers to “you,” “your,” or similar words, it means the individual to whom the personal information belongs.
At Kumanu, we believe your data belongs to you and only you. Whether you use Purposeful, Resourceful, or Insightful (hereafter, “Kumanu apps”), participate in a Purpose Challenge, or interact with Kumanu in some other way, we don’t share your personal data with anyone — not advertisers, not your employer, not your health insurer — unless we explicitly tell you ahead of time, including through this Privacy Notice (this “Privacy Notice”).
The data you provide through Kumanu apps or through other interactions with Kumanu does get de-identified and then aggregated (added up) with other people’s data to provide general insights into organizational and population needs, interests, and dynamics. These insights are shared with the organization who sponsors your access to our apps, and may also be shared with other entities.
We are legally required to share some specific details with you, so please review the following Privacy Notice. When you consent to this Privacy Notice you are consenting to:
- Kumanu collecting and processing your identifiable information as described; and
- Kumanu transferring any personal data collected outside the United States (including in the European Union) to the United States.
The personal data we collect and how we collect it
Our mobile and desktop apps, including Purposeful and Resourceful, collect the following personal data from you when you create or register your account (including if you use a third party such as Google to sign on): email address and name. You can also provide your phone number if you want to receive information via text message. We might ask for more specific demographic information about you, but providing this information is optional. Such data will be collected and processed in accordance with this Privacy Notice. We collect this information as part of learning more about you so we can provide you with more relevant information and personalized support.
Through your use of our apps and other interactions with Kumanu, you may also submit to us personal data of a sensitive nature. Such data is self-reported and entered by you on an optional basis. Examples of personal data include:
- Your personal best-self traits;
- Your personal purpose;
- Actions you select, rate or mark as complete to help improve your best-self, purpose alignment or wellbeing;
- How aligned you are at any point in time with your best-self traits, purpose, or wellbeing goals;
- Your daily intention or other self-improvement goals;
- Your responses to reflection or other self-rating questions;
- Your responses to assessment, pulse survey or other questions collected inside or outside of the app;
- Resources you select, rate, or mark as complete in order to view and access resource offerings; and
- Your history of in-app searches of app content.
The data solicited by Kumanu, Purposeful, and Resourceful are not considered special categories of personal data under the General Data Protection Regulation. Nonetheless, there are opportunities in our apps to enter text in free form data fields, and if you choose to submit such personal data, you do so at your own discretion.
You can decline to provide any or all self-reported data. If you decline to provide data when using Purposeful or Resourceful, it will affect the quality of the content you get and the scope of your experience — the better we know you, the better we can help. By consenting to Kumanu’s Privacy Notice (this document), you are consenting to Kumanu storing and processing any data you provide, including data from third-party devices.
Kumanu apps and some of the other tools that we use to provide our services also automatically collect data about how you use the app and the devices on which you use the app. The data collected consists of:
- Device information including model, operating system, browser, and Internet connection — this is important to ensure the app works properly; and
- Usage details including the date and time you used the app and the features of the app you utilized — this helps us improve the app.
Finally, if you provide your information through a sales or marketing channel, such as a trade show, livestream or website demo request, we may include you in future marketing outreach but we promise not to sell your information to any other organization.
If, after you’ve provided personal data to Kumanu, Resourceful or Purposeful, you decide that you do not want us to continue to collect the information described in this section, you may request to remove personal information you entered previously. See the section on “Data retention and storage” below.
Why we collect your personal data and what we do (and don’t do) with your personal data
When you use our apps, the information you provide is used to help you identify needs, explore resources for meeting those needs, form new habits, and/or try out new ideas for living purposefully. We apply statistical machine learning techniques to the data you submit to produce de-identified aggregate analyses of our users. Based on the information you provide, we share normative or comparative data with you and provide specific suggestions regarding resources that may be helpful to you. We do not use your data to make automated decisions on your behalf, but our machine learning algorithms may make suggestions to you based on some of your responses.
We use the information you provide to personalize your experience in our app and to communicate with you, including via emails to the addresses you or your sponsoring organization provide, or texts to a phone number that you provide us. For example, we might email or text you with information on how to download and use our apps.
We share data that has been de-identified (i.e., cannot be traced back to any specific user) and aggregated (i.e., combined responses from many people) with users of our PurposeCloud platform (which includes Resourceful, our app to assess needs and connect to resources, Purposeful, our emotional wellbeing app, and Insightful, our organizational dashboard) and others. We use de-identified and aggregated data to better understand organizational and population dynamics and needs. We also use de-identified and aggregated data to understand how users engage with our app in order to evaluate and improve the effectiveness of our service and to improve your experience.
How and under what circumstances we share your personal data with your sponsoring organization and/or third party providers
Data including your app usage, such as whether or not you access specific features or content and how frequently, and the individual responses that you provide to survey, pulse survey, or assessment questions will be shared in aggregate form only with your sponsoring organization. This means your de-identified responses are grouped together with other respondents so numbers are reported as a sum or average for a group or for the whole organization. Examples of such data include questions in Resourceful which assess a respondent’s level of need with regard to challenging life circumstances or health conditions, and questions in Purposeful which ask you to rate your day or select your best self qualities.
We will not share individually identifiable data with your sponsoring organization, health plan, or other third party without first asking your consent.
Application delivery third party service providers
Kumanu does work with a small number of third parties who support delivery of our apps and other services (“Third Parties”). In compliance with data protection law, Kumanu will share personal information to receive services that may be provided by these Third Parties to Kumanu or you. In all cases, the Third Parties are contractually obligated to adhere to security and privacy standards similar to what we have described to you. Providers are only permitted to process your personal data for specified purposes and in accordance with our instructions. Please see the following Table for a list of Third Party service providers Kumanu uses, for what purpose, and the data that are shared.
|Amazon Web Services (AWS)||The Kumanu apps are hosted on Amazon Web Services in the us-east-1 region (aws.amazon.com)||Personnel at AWS do not have the ability to access individualized user data.|
|Cloudticity||Cloudticity (cloudticity.com) is the Managed Service Provider that manages and monitors our AWS platform. Partnering with Cloudticity is important to ensure we have a robust, stable, and secure platform for the hosting of our app.||Personnel at Cloudticity do not have the ability to access individualized user data.|
|ActiveCampaign (activecampaign.com)||We use ActiveCampaign (activecampaign.com) to transmit emails.||We send your email address and name to ActiveCampaign’s system and use that system for the purpose of contacting you via email.|
|Alchemer (Alchemer.com)||We utilize Alchemer (formerly SurveyGizmo) (alchemer.com) for the delivery of our Purpose Challenge, to collect bug reports and feedback within our apps, and for other surveys.||No personally identifiable information from you is stored in Alchemer unless you provide it as part of a specific survey (e.g., if you give us your email address to contact you about a bug that you report). Any such personally identifiable information that you provide in this context will only be used for the purpose that is stated.|
|Twilio (twilio.com)||We utilize Twilio (twilio.com) to support a text based onboarding process that your sponsoring organization may optionally use to provide you access to one of our apps.||If you request the application by this mechanism, we will not use your phone number for any purpose other than providing you access to the application unless we specifically ask for your consent. Twilio logs of your interaction with us are deleted after 48 hrs; they do not maintain any of your information.|
|Zendesk||We utilize Zendesk (zendesk.com) to help us provide end user support. The information in Zendesk is only used for the purposes of supporting you.||If you contact us through email@example.com your information, such as email address, is logged in Zendesk. Your information is not used for any other purpose than providing you with support.|
|Status Page (statuspage.io)||We utilize Status Page (statuspage.io) to provide real-time information on the status of Resourceful, Purposeful and Insightful at https://status.kumanu.com/.||If you subscribe to updates via Status Page, your email address will be stored by Atlassian (the makers of Status Page) and used for the purpose of keeping you informed about any incidents that might arise. Your information will not be used for any other purpose.|
|Poll Everywhere (polleverywhere.com)||We often use Poll Everywhere to conduct audience polls during presentations we organize.||If you provide information as part of these polls, it will be de-identified and then aggregated with other people’s data to provide audience insights during the presentation and may also be combined with data from other events to generate additional insights into a population. These de-identified insights may be used in future presentations and may help us improve our products and services.|
|ProductBoard.com||We use ProductBoard to collect and manage input and suggestions about our products and to plan for future enhancements.||If you provide input on features (e.g., via the “Vote on What’s Next” feature in Purposeful) your information is logged in ProductBoard. You do not need to provide identifying information for these interactions unless you want us to communicate with you about the feedback you provided. Your input will be used to help us improve the products and services we provide.|
|Stripe (Stripe.com)||In some instances where there is no sponsoring organization providing access, we may offer Purposeful for a fee to individuals. In those cases, we use Stripe (stripe.com) to process payments.||We do not maintain any credit card or other payment information in our system but instead use Stripe as a PCI compliant partner for these transitions. If you pay to subscribe to Purposeful you will enter your payment information directly into Stripe via their interface. The email address you provide to Stripe will be transferred to us so that we can send you a recovery link to use in case there is any problem with completing your account signup.|
|UserTesting (UserTesting.com)||We utilize UserTesting.com to conduct user testing on our applications.||If you participate in a user testing panel you will need to provide name and location information to register. We will not see this information when we view your tests and your registration information will not be used for any other purpose.|
|DoveTail (dovetail.com)||We utilize DoveTail for analyzing data from user experience research and usability tests and generating insights.||We import video, user comments and feedback from the user tests to Dovetail for analysis. Personally Identifiable Information is not included. We de-identify and use code names instead (example: User 1).|
|Firebase||We use Firebase for onboarding links, sending notifications to your device or browser and for crash reporting.||We share device IDs with Firebase for the purpose of sending push notifications and for mobile app crash reports.|
|Zoom Webinar||We use Zoom Webinar for Livestream events such as our PurposeCasts.||If you participate in a Livestream event you will need to register with a name and email address. We may add your registration information to Active Campaign so that we can mail you feedback surveys, invite you to future events or send you recordings from the events.|
How we ensure the security of your personal data
We use state of the art tools and technologies, including end-to-end encryption, to ensure the security of the data that you entrust to us. Along with our partners, we use physical, electronic, and managerial tools to prevent unauthorized access to or misuse of the data we hold. Kumanu’s systems and applications that support Resourceful, Purposeful and Insightful have earned Certified status for information security by HITRUST, which validates that Kumanu is committed to meeting key regulations and protecting sensitive information.
The only Kumanu personnel who can access personal data that specifically identifies an individual (e.g., an email address or phone number) are a very small group of system administrators who troubleshoot technical problems and support end users. Any other access to individualized data must be approved by both Kumanu’s Data Security Officer and Kumanu’s Data Protection Officer. We also have personnel who may utilize your data to refine and validate our machine learning algorithms, but in this instance, your data would be de-identified so such personnel would not be able to personally identify you from the data they handle.
Data retention and storage
Our apps and the other third-party tools that we use to provide services to you are hosted in the United States. This means that all data you enter into the apps or otherwise provide to Kumanu is transferred to and processed in the United States regardless of your citizenship status or your location at the time you entered the data into the app. It is important to understand that data protection laws in some jurisdictions may not be as strong as those in your country. Your consent to this Privacy Notice is your consent to the transferring and processing of your personal data in the United States.
If, after you’ve provided personal data to Kumanu, Resourceful or Purposeful, you decide that you do not want us to continue to collect the personal information described in this Privacy Notice, you should stop using the app(s). If you accessed one of our apps via the internet, log out of the application on the web. If you installed one of our apps on a device (such as a mobile phone), remove the app from your device.
You may request to have any identifying information removed from the data you have previously entered; in that case, no data would be associated with you in any way. Any request to have your personal information removed should be submitted to our Data Protection Officer (see the Contact Information section). If you request that your identifying information be removed, any information that makes the data attributable to you will be removed, however, the de-identified data is retained indefinitely to improve the body of information in the system and power our algorithms — sophisticated machine learning algorithms like those that power PurposeCloud are dependent on having a large body of data.
You have many rights with respect to your data:
- You can request a copy of your personal data;
- You can review your information to verify, update, or correct it, and to have any obsolete information removed;
- You can ask to have your personal information deleted; and
- You can ask to review how we have used any personal data that is retained by us and to whom we have disclosed your personal data.
Additional Notices for Persons in the European Economic Area, Mexico, Brazil, Japan, and Australia
To the extent required by applicable law, Kumanu makes the following disclosures.
- The organization collecting your information is Kumanu and Kumanu is the data controller in respect of your personal data. The data controller will be referred to in this Notice as “Kumanu“, “we” or “us“.
- Kumanu’s contact information appears below in the section entitled “Contact Information”
- The purposes of the processing for which the personal data are intended are as stated in the remainder of the general Privacy Notice.
- The legal bases for processing are as stated under the relevant purpose outlined in this Privacy Notice.
- The recipients or categories of recipients of the personal data are as stated elsewhere in the general Privacy Notice.
- Kumanu intends to, and does, transfer EEA personal data to one or more third countries that are not the subject of general adequacy decision by the European Commission. In such cases Kumanu relies on its contractual arrangements such as the EC-approved SCC’s we may have put in place with you or your organization, if applicable.
- The period for which the personal data will be stored is described above in the section entitled “Data Retention and Storage” or as stated under the relevant purpose outlined in this Privacy Notice.
- You have the right to request from Kumanu access to, and rectification or erasure of, personal data or restriction of processing concerning your personal data or to object to processing, as well as the right to data portability.
- Except as otherwise stated in applicable law, you have the right to withdraw consent for the processing of your personal data at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- You have the right to lodge a complaint with a supervisory authority.
- Your provision of personal data is not a contractual requirement unless and until you or your organization enter into a software license or service agreement with Kumanu, in which case the provision of enough personal data to permit Kumanu to perform under the contract will be necessary (usually, name, e-mail address, and other business contact information necessary for user license credentialing and management and information necessary to provide technical and other support). In such cases, failure to provide the required personal data will result in limitation or prevention of Kumanu’s ability to provide goods, services, or software to you or your organization.
- Kumanu does not conduct automated decision-making, including profiling, using personal data.
Special Information for California Residents
Your California Privacy Rights: California privacy law specifies that California residents may request that Kumanu, up to twice in any 12-month period and free of charge, provide California residents with the categories and specific pieces of personal information that Kumanu has collected about you. You may request this information by contacting Kumanu using the contact information below in the section entitled “Contact Information” .
Kumanu has appointed an internal Data Protection Officer for you to contact if you have any questions or concerns about Kumanu’s personal data policies or practices. Kumanu’s Data Protection Officer is Maureen Metzger and she can be contacted as follows: Dr. Maureen Metzger, 535 W. William St., Suite 4N, Ann Arbor, MI, USA 48103 or DPO@kumanu.com.
If we change anything in this notice, we will tell you and we will ask for your consent again. If we change what data we collect, how we use the data, the third parties who work with our team, or anything else, we will tell you and you can choose to provide consent or decline to provide consent.