Thirty Madison Online Privacy Policy
Last Updated: September 19, 2024
1. INTRODUCTION Thirty Madison, Inc., d/b/a Cove, Keeps, Facet, and Nurx (for certain service lines only) (collectively “Thirty Madison”), and its subsidiaries and affiliates, understand the importance of your privacy and protecting your personal information. Accordingly, the purpose of this Privacy Policy (the “Policy”) is to describe how Thirty Madison collects, uses, and shares information about you to provide services to you (our “Service”) through our websites, social media, email exchanges, mobile apps, and other online services on which this Policy is posted. This Policy also describes how you can access, change, and remove your personal information. Please read this Policy carefully to understand what we do. If you do not understand or agree to any aspect of our Policy, please contact us before continuing to use our Service. This Policy is written in the English language. We do not guarantee the accuracy of any translated versions of this Policy. To the extent that any translated versions of this Policy conflict with the English language version, the English language version of this Policy shall control.
Nurx Inc. is also a part of the Thirty Madison family of brands. Certain Nurx service lines are provided under Nurx’s Privacy Policy, which can be found at: https://www.nurx.com/privacy-policy/.
Thirty Madison also manages medical groups that provide treatment to Thirty Madison customers and pharmacies that fill prescriptions for Thirty Madison customers. When Thirty Madison handles protected health information (“PHI”) on behalf of the medical groups and the pharmacies, Thirty Madison follows the medical group Notice of Privacy Practices and not this Policy. The medical group Notice of Privacy Practices, can be found at: https://patient.thirtymadison.com/dashboard/legals/kmg-notice-of-privacy-practices.
2. COLLECTION OF PERSONAL INFORMATION
Information You Provide to Us. We collect information you provide to us when you create or modify your account, register to use our websites (including, https://www.withcove.com/, https://www.keeps.com/, https://www.facet.thirtymadison.com, https://with.nurx.com/sexual-health/initial-assessment?service_line=uti (collectively, with our mobile application(s), the “Site”), purchase products or services from us, post comments or reviews on our Site, request information from us, contact customer support, or otherwise communicate with us.
Information We Obtain Indirectly. We may receive certain information about you through companies that provide us with such information as part of their relationship with us, including Hotjar, Hubspot, Mixpanel, Stripe, VWO, Yotpo and other third party tools. We may also receive information about you from your social media accounts if you use those accounts to sign-in to your account with us.
Information We Collect Automatically. When you use our Service, we collect certain information about you automatically through our use of cookies and similar technologies. These are described in more detail below.
Aggregate Information. We may combine information we receive from other sources with information you give to us and information we collect about you. Depending on the types of information received, we will use the information received from other sources or the combined information for the purposes described in this Policy.
3. CATEGORIES OF PERSONAL INFORMATION AND PURPOSE FOR COLLECTION Thirty Madison only collects and processes the minimum amount of personal information from you necessary for our information processing activities, which includes the following categories of personal information: (1) contact information, including your name, address, email address, mailing address, postal address, and telephone number; (2) authentication information, including the user name and hashed password that you use to register an account on the Site; (3) financial information, which may include your debit or credit card number, its expiration date, and its security code for payment processing purposes; (4) personal characteristics, including date of birth, photographs of your ID and insurance card, general medical history, and other information relevant to diagnosis and treatment; (5) comments, reviews, and suggestions; (6) personal preferences, including product preferences, online preferences, and interests; (7) online behavior information including details of your visits to our Site, online activity, time spent viewing features, traffic data, location data, logs, language, date and time of access, frequency, and other communication data and the resources that you access and use on the Site; (8) and operating system, host domain, browser type, IP address, mobile network information, or device information. Our information processing activities include: conducting our business; customer communications and support; user verification; payment processing; shipping; quality management services; Site maintenance and improvements; designing, developing, and communicating with you about our features, products, and services; any purpose where you have given your consent (where legally required); enforcing our legal rights or subject to any consents or authorizations that are required by applicable law, including those of our subsidiaries, affiliates, etc. and any of their related businesses and those of our third-party partners; and complying with legal requirements. Where applicable, if Thirty Madison intends to further process your personal information for any other purpose, we will provide you with any relevant information on such additional purpose and obtain your consent, to the extent required by applicable law.
4. DISCLOSURE OF PERSONAL INFORMATION Thirty Madison does not trade, rent, or sell your personal information to third parties. We may share or disclose de-identified information for any purpose without restriction and may share or disclose your personal information for the following limited purposes.
Healthcare Providers. We share your personal information with health care providers, including without limitation, clinicians, health care facilities and organizations, pharmacies, and laboratories. Health care providers will follow a separate Notice of Privacy Practices in how they use and disclose your personal information.
Vendors and Services Providers. We may provide information to third party vendors and service providers that perform services and functions on our behalf, such as to help us operate and manage our Service and the Site, process orders, and fulfill and deliver products and services that you purchase from us. These vendors and service providers may have access to your personal information in order to provide these services to us, but when this occurs, we implement contractual protections to limit their use of that information to help us provide our Service and support our interactions with you.
Your Consent to Have Your Personal Information Shared. We may also share personal information with companies, organizations, or individuals outside of Thirty Madison when we have your consent to do so.
Legal Disclosure. We will share personal information with third party companies, organizations, or individuals outside of Thirty Madison: (1) when we believe in good faith that access, use, or disclosure of the information is reasonably necessary to comply with a legal obligation; (2) when we believe in good faith that the law requires it; (3) at the request of governmental authorities conducting an investigation; (4) to verify or enforce our agreements, terms of use, or other applicable policies; (5) to respond to an emergency; or (6) otherwise to protect the rights, property, safety, or security of Thirty Madison, third parties, visitors to our Site, or the public, as required or permitted by law.
Transfer in the Event of Sale or Change of Control. If the ownership of all or substantially all of our business changes, or we otherwise transfer assets relating to our business or the Site to a third party, such as by merger, acquisition, bankruptcy proceeding, or otherwise, we may transfer personal information to the new owner. In such a case, unless prohibited by applicable law, your information would remain subject to the privacy policy applicable at the time of such transfer, unless you discontinue use of our Service. We will inform you of any such changes in ownership.
5. ACCESS TO YOUR INFORMATION AND CHOICES Contact Us. You can access and update certain information we have relating to your online account by signing into your account and going to the Account section of our Site. If you have questions about personal information we have about you or need to update your information, you can contact us at,
- Cove: Phone (877) 456-2683; Email care@withcove.com
- Keeps: Phone (833) 745-3377; Email help@keeps.com
- Facet: Phone (855) 658-8855; Email help@facetcare.com
- Nurx: Phone (800) 321-NURX (6879), Email nurx-support@thirtymadison.com
Social Media Account Sign On. To the extent that you choose to use a social media account application (such as Google, Facebook, or Apple) to create your online account on the Site or otherwise sign into the Site, you understand that if another person has access to your social media account, they will also have access to your account on the Site. That means that other person could access any personal information contained on the Site. It is your decision about whether to give another person access to your social media account and whether to use that account to sign on to the Site. Also, if you use a social media account application to sign into the Site, you understand that the social media account application may send information from your social media account to Thirty Madison.
6. SECURITY OF YOUR INFORMATION We have taken steps and implemented administrative, technical, and physical safeguards designed to protect against the risk of accidental, intentional, unlawful, or unauthorized access, alteration, destruction, disclosure, or use. The Internet is not 100% secure and we cannot guarantee the security of information transmitted through the Internet. Thirty Madison cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your personal information. Where you have been given or you have chosen a password, it is your responsibility to keep this password confidential.
The sharing and disclosing of information via the internet is not completely secure. We strive to use best practices and industry standard security measures and tools to protect your data. However, we cannot guarantee the security of Personal Information transmitted to, on, or through our Services. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Site, in your operating system, or mobile device. Accordingly, it is your responsibility to protect the security of your login information, including your username and password.
7. COOKIES AND OTHER TECHNOLOGIES We also collect information automatically as you navigate through our Site. We use the following technologies to automatically collect data:
Cookies. We and our service providers (e.g. sub-contractors, analytics providers, advertising networks, etc.) may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Site or Service through your computer or mobile device. A “cookie” is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. Some of the cookies we use are “session” cookies meaning that they are automatically deleted from your hard drive after you close your browser at the end of your session. Session cookies are used to optimize performance of the Site and to limit the amount of redundant data that is downloaded during a single session. We also may use “persistent” cookies, which remain on your computer or device unless deleted by you (or by your browser settings). We may use persistent cookies for various purposes, such as statistical analysis of performance to ensure the ongoing quality of our Site and/or Service. We and third parties may use session and persistent cookies for analytics and advertising purposes, as described herein. On your computer, you may refuse to accept browser cookies by clicking Your Privacy Choices on the bottom of the Site homepage and changing your cookie settings under Storage Preferences by clicking the toggle next to the cookie type (so the toggle turns grey) or by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access or use certain parts of our Site or our Service. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Site.
Our websites have consent mode implemented, ensuring that we only share data with the platforms listed below for advertising if proper consent is given. No data is transferred to these platforms without consent. In most states, we use an opt-out consent mode, meaning that consent is on by default and visitors need to take action to opt out. For states with applicable privacy laws, we implement opt-in consent, meaning that consent is off by default and must be actively given by visitors.
Digioh We use Digioh to build highly customizable pop-ups/ lightboxes, lead forms, and data capture tools designed to enhance the user experience. Digioh has an integration with our customer relationship management platform, Iterable, so that we may improve our target and personalize our email and SMS, or text, communications more effectively. It also allows us to offer opportunities to redirect you to another landing page that may be of more relevance to you. Data collected by Digioh includes users’ email addresses, phone numbers, and communication preferences (i.e., SMS and email opt-in).
DoubleClick. We utilize conversion tracking from DoubleClick to track activity on our website. This helps us monitor insights to ensure the data we receive from our online video ad server matches our actual conversion counts. Data shared with DoubleClick is done in an aggregated manner, ensuring they cannot associate this data with individuals. As a result, DoubleClick does not have access to, store or process your personal information.
FreshPaint. We leverage FreshPaint for marketing tracking capabilities for the majority of advertising channels we currently work with. FreshPaint is a web-based tracking technology designed to prevent protected health information from being collected directly by third party analytics and ads platforms. Through FreshPaint, we ensure analytics and data integration activities with our advertising platforms are HIPAA compliant. For more information, visit their website at FreshPaint.io.
Google Ad Services (includes YouTube) We utilize conversion tracking from Google Ads, Google's online advertising program, to understand how customers interact with our ads and website. This helps us tailor advertisements to our target audiences and optimize campaigns according to our business goals. You can customize the data Google uses to personalize your ads by visiting Google’s My Ad Center page. For more information, please refer to Google's Privacy Policy.
Google Analytics We use Google Analytics, a web analytics service provided by Google, Inc. ("Google"), to collect information about your use of our website. Google Analytics uses cookies to help us analyze how users interact with our site. For more details on how Google uses this data, please visit "How Google Uses Data When You Use Our Partners' Sites or Apps". You can disable Google Analytics through an optional browser add-on available at Google Analytics Opt-out Browser Add-on. For more information, please visit Google's privacy pages, such as Google's Privacy Policy.
Impact Radius We use Impact, a web analytics and advertising service, on our website. With its help, we can track user actions after they view or click on an Impact advertisement and monitor users who access our website or advertisements from different devices. Any personally identifiable information remains hashed (i.e., a process that converts data into a string of characters to encrypt the original data) and is not associated with individuals. For more information, please refer to Impact's Privacy Policy.
Meta Platforms We use Meta Platforms (including Facebook and Instagram) (collectively, “Meta”), a web analytics and advertising service provided by Meta, on our website. With its help, we can track user actions after they see or click on a Meta advertisement and monitor users who access our website or advertisements from different devices. This helps us tailor advertisements to our target audiences and optimize campaigns according to our business goals. Any personally identifiable information remains hashed (i.e., a process that converts data into a string of characters to encrypt the original data) and is not associated with individuals. Data from Meta is also saved and processed by Meta. Meta can connect this data with your Facebook or Instagram account and use it for its own and others' advertising purposes, in accordance with Meta’s Data Policy, which can be found at Meta’s Data Policy. You can remove consent for the use of your data with Meta at Facebook Ad Settings.
Microsoft Advertising We use conversion tracking from Microsoft Advertising (also known as "Bing"), a pay-per-click (PPC) advertising system, to understand how customers interact with our ads and website. This helps us tailor advertisements to our target audiences and optimize campaigns according to our business goals. You can remove consent for the use of your data with Microsoft Advertising at Microsoft Ad Settings. Data from Microsoft Advertising is also saved and processed by Microsoft Advertising, and they may share data from your activities associated with Microsoft services, websites, and apps with third parties to provide ads that are more personalized on third-party sites. You can disable data sharing with Microsoft Advertising third parties at Microsoft Privacy Dashboard. For more information, please refer to Microsoft's Privacy Statement.
Optimizely. We leverage Optimizely as a web testing tool to track the performance of elements on the Nurx website and to ensure a high quality user experience with Nurx webpages. We have IP anonymization enabled in Optimizely, which means that the full IP address is not stored and cannot be retrieved later. Data shared with Optimizely is done in an aggregated manner, ensuring they cannot associate this data with individuals. As a result, Optimizely does not have access to, store or process your personal information.
Podscribe (Keeps only). Podscribe is a tool that allows us to track the performance of our Podcast and audio ad efforts. This tool provides us with information about the effectiveness of our ads by providing data around site visitation that occurs after listening to a podcast or audio ad. Podscribe tracks a privacy-safe hashed email of the purchaser, hashed with MD5 (preferred) or SHA256m the purchase amount in total USD, and Order ID which matches the data back to our internal reports without identifying a patient
Programmatic Mechanics We use conversion tracking from Programmatic Mechanics, an advertising service via programmatic campaigns, to understand how customers interact with our ads and website. This helps us tailor advertisements to our target audiences and optimize campaigns according to our business goals. Data shared with Programmatic Mechanics is done in an aggregated manner, ensuring they cannot associate this data with individuals. As a result, Programmatic Mechanics does not have access to, store or process your personal information.
Rockerbox, Inc We use Rockerbox to analyze our marketing channels. Rockerbox is able to do this by tracking when consumers see an ad, click on an ad, or take an action on our website as a result of advertising. Rockerbox collects this data, analyzes it, and shares it back solely to us in an aggregated format. As a result, Rockerbox does not have access to, store or process your personal information.
TikTok We utilize conversion tracking from TikTok, a web analytics and advertising service, to understand how customers interact with our ads and website. This helps us tailor advertisements to our target audiences and optimize campaigns according to our business goals. Additionally, TikTok uses user information to improve, support, and administer its platform, to allow advertisers to use its functionalities, and to fulfill and enforce its Terms of Service. TikTok may also use user information to show you suggestions, promote its platform, and customize your ad experience. You can find out more about how TikTok collects, uses, and shares user information at TikTok's Privacy Policy.
Yotpo We utilize Yotpo for various marketing initiatives including reviews and visual user-generated content, loyalty and referrals, SMS marketing, and email marketing. Yotpo collects user account information such as email address and, when applicable, hashed passwords, platform usage information (including connectivity, technical and aggregated usage data such as user agent, IP addresses, device data like type, operating system, device ID, browser version, locale, and language settings), activity logs, session recordings, and cookies installed or utilized on the user’s device. Yotpo also collects direct interactions and communications with users, including recordings and transcripts of calls and emails for purposes like user enablement, support, and training. For more detailed information, please refer to Yotpo's Privacy Policy.
Typeform We leverage Typeform as a means of conducting quizzes and on-site surveys to provide patients with the best possible on site experience. The cookies Typeform uses are small text files that store data made available by your web browser, such as language preference. This information helps us give you a better experience. These cookies do not provide us with any personally identifiable information. Utilizing this aggregated data helps us understand how to best serve patient needs in quiz format.
Zendesk (Keeps only). We leverage Zendesk for customer support. Zendesk collects aggregated data to understand individual agent performance, which helps us facilitate your customer support. Data collected includes items such as reply time from customer service agents, ticket conclusion and status timelines, and survey results regarding interactions with customer service agents.
VWO We leverage VWO as a web testing tool and to track the performance of elements on the websites to ensure a high quality user experience with our webpages. By default, VWO identifies and anonymizes any personal information or users’ sensitive data before storing it on its servers. VWO servers collect and store UUID (Unique User Identifier) information in the pseudonymized format. A UUID is a 128-bit number used to identify information in computer systems. As VWO pseudonymizes the UUID before storing it using a one-way hashing function, the information that can point to the identity of a visitor is replaced by “pseudonyms,” and the identity is protected.
Other Third Party Tools. We use other third party tools that allow us to track the performance of our Site. These tools provide us with information about errors, app and website performance, and other technical details we may use to improve our Site and/or our Service. For more information related to these third-party analytics providers please review Sections 2 through 4 above.
8. ADVERTISEMENT We may use data about how you browse and shop in order to show you ads for Thirty Madison or our advertising partners that are relevant to your interests. We may use cookies and other information to provide relevant interest-based advertising to you, and ad networks to which we belong may use your browsing activity across participating websites to show you interest-based advertisements on those websites. We may also share your Personal Information with entities that assist us with marketing and advertising. Interest-based ads are ads presented to you based on your browsing behavior to provide you with ads more tailored to your interests. These interest-based ads may be presented to you while you are browsing our Site or third-party sites not owned by Thirty Madison. Where permitted by applicable law, we may also receive Personal Information about you from third party sources (e.g., lead generators) to determine whether a Thirty Madison product or service is right for you and to send promotional emails to customers and prospective customers. Currently, our Site does not recognize if your browser sends a “do not track” signal or similar mechanism to indicate you do not wish to be tracked or receive interest-based ads. If you would like more information about these practices, please click, https://optout.aboutads.info/#!/
9. CHILDREN’S PRIVACY If you are under the age of 18, please do not attempt to register with us at this Site, engage our Service, or provide any personal information about yourself to us. If we learn that we have collected personal information from someone under 18, we will promptly delete that information. If you believe we have collected personal information from someone under the age of 18, please contact us at:
- Cove: Phone (877) 456-2683; Email care@withcove.com
- Keeps: Phone (833) 745-3377; Email help@keeps.com
- Facet: Phone (855) 658-8855; Email help@facetcare.com
- Nurx: Phone (800) 321-NURX (6879), Email nurx-support@thirtymadison.com
10. STATE PRIVACY LAWS For more information on any additional rights under your state law, please see our State Privacy Law Addendum.
11. LINKED SITES The Site may contain links to third party owned or operated websites, including, without limitation, social media websites (each a “Linked Site”), as a convenient method of accessing information that may be useful or of interest to you. This Policy and the practices that we follow under this Policy do not apply to Linked Sites. We are not responsible for the content, accuracy, or opinions expressed on any Linked Site or for the privacy practices or security standards used by third parties on such Linked Sites. These Linked Sites have separate privacy and data collection practices, and we have no responsibility or liability relating to them. Accordingly, if you use Linked Sites through our Site, to login to our Site, or to share information about your experience on our Site with others, these Linked Sites may be able to collect information about you, including information about your activity on our Site. In accordance with their own privacy policies, the Linked Sites may further notify your social media connections about your use of our Site. You understand and agree that by clicking on a link to a Linked Site or using a Linked Site as described above, this Policy, as stated on the Site, is no longer in effect because you have either left our Site or used a Linked Site to interact with our Site.
12. USER CONTENT Some features of our Service may now or in the future allow you to provide content, such as written comments or reviews, to be published or displayed on public areas of the Site (“User Content”). Be careful about giving out information in public areas of the Site. The information you share in public areas may be read, collected, or used by any user of the Site. We cannot control the actions of other users of the Site with whom you may choose to share your User Content.
13. CONSENT TO PROCESSING OF PERSONAL DATA IN UNITED STATES This Site is intended for use only by residents of the United States (“U.S.”) . If you are a citizen of the European Economic Area (“E.E.A.”) or other jurisdiction outside of the U.S., please note that in order to provide our Site and Service to you, we may send and store your personal information (also commonly referred to as personal data) outside of the E.E.A., including the U.S. Accordingly, your personal information may be transferred outside of the country where you reside or are located, including to countries that may not or do not provide the same level of protection for your personal information. By using and accessing our Site, users who reside or are located in countries outside of the U.S. agree and consent to the transfer to and processing of personal information on servers located outside of the country where they reside, including to the U.S., and that the protection of such information may be different than required under the laws of their residence or location.
14. CHANGES TO OUR PRIVACY POLICY While this Policy may change from time to time, Thirty Madison will enforce and comply with all applicable laws with respect to this Policy, any future versions of this Policy, our Service, our rights, and our obligations to you. We will post any privacy policy changes to our Site. The date this Policy was last modified is identified at the top of the page. You are responsible for periodically monitoring and reviewing any updates to this Policy. Your continued use of our Site after such amendments will be deemed your acknowledgement of these changes to this Policy.
15. QUESTIONS AND HOW TO CONTACT US If you have any questions, concerns, complaints, or suggestions regarding this Policy, please contact us:
- Cove: Phone (877) 456-2683; Email care@withcove.com
- Keeps: Phone (833) 745-3377; Email help@keeps.com
- Facet: Phone (855) 658-8855; Email help@facetcare.com
- Nurx: Phone (800) 321-NURX (6879), Email nurx-support@thirtymadison.com
Or write us by U.S. postal mail at the following address: Thirty Madison, Inc. 82 Nassau St #61392 New York, NY 10038