A letter from our Chief Regulatory Officer, Deven McGraw

My name is Deven McGraw, and I’m the former Deputy Director for Health Information Privacy at the Office for Civil Rights of the U.S. Department of Health and Human Services. In my role, I was responsible for enforcing HIPAA and issuing guidance on how to comply with its rules.

I spent two years with the U.S. government working on behalf of patient rights regarding personal health data, and now I’m the Chief Regulatory Officer at Ciitizen to further that mission. I’m here to make sure you know your rights regarding your health information:

It’s yours. You have the right to all of it.

When I first interviewed for the position at HHS, I brought up the patient’s right of access under HIPAA and how it would be a goal of mine to issue additional guidance to those entities required to comply with the law. HIPAA (or the Health Insurance Portability and Accountability Act of 1996) is the piece of U.S. legislation that provides data privacy and security provisions for safeguarding our medical information. It was important to me that hospitals, health professionals, and insurers better understand their obligation to patients under this act. I also wanted patients to be more aware of their rights under HIPAA so that they could exercise them. Within my first year on the job, we issued comprehensive guidance on the patient’s right of access and we worked with the Office of the National Coordinator for Health IT to develop consumer friendly materials, including brochures and videos that you can view online today. Within my first year here at Ciitizen, I’ve made a similar goal.

If you’ve requested a copy of your health record and found getting a copy to be difficult, I have some good news for you regarding your rights. You have plenty of them:

  • You have the right to all the health information generated as part of a visit to the doctor or a stay in the hospital. You have the right to a copies of your lab tests. You have the right to the results and underlying data from your genome sequence. You have a right to your x-rays, CT scans, and MRIs, too.
  • Not only do you have the right to all your data, you have the right to it within 30 days of the request (in most circumstances), in the format you want it (so long as the entity can produce it). If you want that information digitally, you have the right to have it digitally.

You have the right to a copy of all your health information for no more than the reasonable cost of making that copy. You have the right to have that information emailed to you if that’s most convenient. The institution at hand may have some security concerns, but if they provide you with a light warning of that risk and you agree to it, it’s your right to have it emailed. If you do have concerns about using your insecure email, then you have the right to get that information in a secure way. Most importantly, you have the right to get all of it. Every bit of medical information that is generated about you is your right. It’s also your right to request a correction to it. Information that is incomplete may also be wrong, so you have the right to request additional information be added if you think there’s something missing. 

All of these rights have been in existence since the early 2000s, so most of them are almost twenty years old at this point. However, most people don’t fully realize it. Many institutions and medical practices have not paid attention to the HIPAA right of access and therefore have not established practices allowing for people to easily exercise it.

That being said, I know what your rights are. I’m now here on behalf of our users (ciitizens) to make sure you have full access to your complete health information.

Deven McGraw, JD, MPH, LLM

Privacy Policy

Last updated: May 5, 2021. 

Information we collect

How we use information

When we disclose information to third parties

Jurisdiction-Specific provisions

Keeping children safe

Blogs and social networking and educational or promotional content

Integrity and retention of information

Changes to this policy

Contact us

Ciitizen Corporation, (“Ciitizen,” “we,” “us,” “our”) enables individuals to collect, maintain and share all of their health information as they choose via our website located at www.ciitizen.com and other technologies (collectively, the “Service(s)”).  Please see Ciitizen’s Terms of Service for more details. We’re empowering the world’s citizens to conquer disease – by making it possible for all of us to gather, use, and share health information to improve lives. For the purposes of this Privacy Policy, “you” and “your” means you as the user of the Services.

This Privacy Policy describes the information we collect about you and how we use and disclose it, as well as your options regarding certain uses of this information. Please read this Privacy Policy in its entirety.

If you are located outside the United States, please also refer to   for additional rights.

If you have any questions or concerns about this Policy, please contact us at privacy@ciitizen.com.

Information we collect

Your Health Records and Self-Reported Information

Ciitizen is a technology service that allows you to upload and/or enable us to request access to copies of your health information and medical records (“Health Records”) through the “right of access” granted to you under the Health Insurance Portability and Accountability Act (“HIPAA”) or the laws applicable to where you are located, as well as through online portal accounts that may be made available to you by some health care providers or health plans.

As part of the Service, you may choose to provide us with: (i) other information about your health, such as information about how you’re feeling or pain management; (i) other information you’ve shared with third parties, including caregivers, medical professionals and researchers; and (iii) data from wearables or home diagnostic equipment (collectively, “Self-Reported Information”).

Ciitizen consolidates and standardizes Health Records and Self-Reported Information and transforms them into digital data.

Account Information for Ciitizen Account Creation & Maintenance

When you sign up for and use the Services, we collect information about you (“personal information”). We collect personal information from you for account creation and maintenance (“Account Information”). Such Account Information includes, as applicable or permitted under law, items such as your name, address, e-mail address, telephone number, your contact preferences, device identifiers, IP address, prior names, addresses, phone numbers, birth date, gender, race or ethnicity, medical or health plan record numbers, and information about your doctors, medical providers and health plans.  We will let you know at the time of collection when it is optional for you to provide certain information, and when it is necessary in order to use certain Services.

Before we can collect your Health Records on your behalf, we ask that you provide us with additional information to confirm your identity: a copy of your driver’s license or other official government photo ID, and/or identifiers associated with your cell phone (e.g., country, device ID and Operating System). If a someone other than you, such as a family member opens an account for you or on your behalf, we collect additional documentation to verify the identity of that person and verify that person’s authority to act on your behalf, such as your birth certificate, death certificate (in the event of a deceased individual), a health care proxy or power of attorney to demonstrate familial relationship and legal authorization to obtain Health Records.

If you decide you want to enable friends or family members or others to have access to your Ciitizen account, we will collect personal information about those individuals in order to fulfill your request: name, email, telephone and other information to be used to confirm their identity.

From time to time, Ciitizen will send you emails that communicate information about your account or about products, Services, or offers that may be of interest to you. When you open one of these emails or click on links within the email, we may collect and retain information about your interaction with the email to provide you with future communications that may be more interesting to you. You will have the option of opting out of email communications, except emails that Ciitizen reasonably deems are required by law or necessary to prevent or mitigate a security or fraud risk, or to continue to provide you with the Service.

Records Collection and Sources.  We collect personal information about you, including Health Records, using one or more of the following processes:  (i) asking you to identify the doctors, medical providers and institutions where you have received care; (ii) if applicable, asking you to identify your health insurance information; (iii) if applicable, having you connect Ciitizen to the online portal hosted by your healthcare provider(s) or health plan(s) in order to obtain any medical or health plan records that can be accessed to populate your Ciitizen account (you will need to enter your specific portal credentials; for example, portal username and password) for the relevant healthcare provider or health plan; (iv) if applicable, sending a request for your Health Records to healthcare data networks; (v) sending a request for your Health Records to another medical provider that is identified in your Health Records (for example, sending a request for a copy of a lab test result from the laboratory identified in the doctor’s medical record);  (vi) you can also choose to obtain your own Health Records and upload them into your Ciitizen account; (vii) other instances where you either choose to provide us with certain information or have us collect certain information on your behalf.

When you sign up for an opportunity offered jointly by Ciitizen and one of our partners, additional personal information may be collected and received by both Ciitizen and our partner that is offering the opportunity. We will let you know at the time of collection when it is optional for you to provide certain information, and when it is necessary in order to take advantage of the offering. For these jointly offered opportunities, you should also review the partner’s privacy policy, which may include practices that are different from the practices described in this Privacy Policy.

Any information we receive from outside sources will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices.

Usage Information We Collect When You Use the Ciitizen Service

When you use the Ciitizen website, we may automatically collect technical and navigational information about your interaction with the Service (“Usage Information”), such as your computer browser type, Internet Protocol address, pages visited, language of device, precise location, device type, browser type, unique device type and identifiers, and average time spent on our website.

Cookies and Other Tracking Technologies. We also collect Usage Information using cookies (a small text file placed on your computer to identify your computer and browser) and web beacons (an electronic file placed on a web site that monitors usage) and other similar tracking technologies (“Tracking Technologies”). There are two broad categories of cookies:

  • First party cookies, served directly by us to your device.
  • Third-party cookies, which are served by a third party on our behalf.

You may reset your web browser to refuse certain Tracking Technologies, such as all cookies or indicate when a cookie is being sent – however, certain features of our website or Services may not work if you delete or disable cookies or certain other Tracking Technologies. To opt out of tracking by Google Analytics, click here.

Do Not Track Signals. Your browser settings may also allow you to transmit a “Do Not Track” signal when you visit various websites. Like many websites, our Services is not designed to respond to “Do Not Track” signals received from browsers. To learn more about “Do Not Track” signals, you can visit http://www.allaboutdnt.com/.

Other Types of Information Collected

User Generated Content. Our Service allows you to engage in blog discussions, message boards, chat rooms, and other forms of social networking and to post reviews and post content, such as messages relating to healthcare experiences, and interact with other users (“User Generated Content” or “UGC”).

Product Interaction and Feedback. We may collect responses to surveys that we invite you to complete, search queries within the Services, and transactions you make regarding the Services. We collect product interaction and feedback that you provide to us through our Service to provide you with the Services, improve and enhance our Services, and conduct research and analytics.

Other Information. We collect any other information you choose to include in communications with us, for example, when sending a message or submitting information through a webform.

How we use information

Ciitizen will use your information to create and manage your Ciitizen account, and also for the following purposes:

  • To keep you posted on available clinical trials, products, Services, software updates, and upcoming events. You can opt out of these communications in the manner designated in the specific communication, within your account or as otherwise in the manner provided to you.
  • To help us create, develop, operate, deliver and improve our products and Services, and, when necessary, for loss prevention and anti-fraud purposes and account and network security purposes.
  • To send important notices regarding Ciitizen products, including changes to our terms, conditions, and policies. It is not possible to opt out of receiving this information as long as you continue to have a Ciitizen account.
  • If applicable, locate your Health Records and help the providers and health plans accurately match and send the correct information to us for your Ciitizen account.
  • We analyze Health Records via machine learning and artificial intelligence to identify patterns and create dynamic patient groups who may be interested in select opportunities to share data (for example, with caregivers, with your medical professionals, to find treatment, or to power research).
  • When you ask us to delete your account, your Account Information, Self-Reported Information, and Health Records will be deleted, and further access to your account and our Services will not be possible, in accordance with applicable law.

Ciitizen does not make decisions based solely on automated processing, including profiling, which have legal consequences for, or significantly affect, our users.

Ciitizen may access information about your use of our website or Services in order to create aggregate usage data, for both internal use and in some cases public dissemination. Such statistics will not contain any personal information about you or any Ciitizen users.

Usage Information. We use this information to:

  • Improve the experience of our site (for example, prepopulating your information for ease of use).
  • Tailor features, content, and Services from us and our partners to you.
  • Run analytics and better understand user interaction with the Services.

Text Messages. You may opt-in to receive occasional text messages from Ciitizen to receive updates on our Services. Message frequency will vary. You agree that by providing your mobile phone number and opting in to receive text messages, you expressly consent to receive automated text messages from us to the mobile phone number you provide. Consent to receiving text messages is not required in order to be a Ciitizen user. Message and data rates may apply, and you should check the rates of your mobile carrier. Your mobile carrier is not liable for delayed or undelivered messages. You can opt out of receiving text messages by texting STOP in response to any text message. You can also text HELP and we will respond with instructions on how to opt-out of or sign up for text messages from Ciitizen. As we are located in the United States, international rates may apply depending on your location. We share your mobile phone number with service providers with whom we contract in order to send you automated text messages, but we will not share your mobile phone number with third parties for their own marketing purposes without your express consent. Contact us at support@ciitizen.com if you have any questions about our text message program.

In addition, we may use information that has been anonymized or aggregated, without limitation. We may also use all of the above information to comply with any applicable legal obligations, to enforce any applicable terms of service, and to protect or defend the Services, our rights, the rights of our users, or others. Also, if you stop using our Services, we will continue to store information about your usage but without that information being connected to you or your identity.

When we disclose information to third parties

Ciitizen may share personal information about you – including Account Information:

  • To comply with valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by law.
  • To professional advisors, such as auditors, law firms and accounting firms.
  • To protect against fraudulent, malicious, abusive, unauthorized or unlawful use of or subscription to our products and Services and users from such use.
  • In connection with a bankruptcy, merger, acquisition or sale or other business transaction, involving all or a portion of our assets or business, user information will also be transferred as part of or in connection with the transaction.
  • To enforce any applicable terms of service.
  • When you request us to share certain information with third parties.
  • With service providers/third party contractors who need your information in order to perform Services or functions that enable Ciitizen to function as a company.
    • Third-party verification companies. If we permit you to create an account, we will provide your Account Information (see above) to a third-party to verify your identity.
    • Data analytics service providers. We also may from time to time share information about your website use with third party contractors who are assisting us in analyzing or operating the site
    • Email marketing service vendors
    • Cloud storage providers
    • Payment processors
    • Security vendors
  • With our affiliates or otherwise within our corporate group for the purposes of providing the Services or with your consent where required by applicable law.
  • With our research partners, such as academic researchers, clinical research organizations and sponsors that facilitate and/or provide clinical trials, real world evidence studies or similar research engagements, with your consent.
  • In other instances with your consent.

When you make a decision to share your data outside of Ciitizen– including Health Records–, the data practices under this Privacy Policy will no longer apply to the information held by that outside entity. We recommend that you review and determine you are comfortable with that entity’s privacy policy prior to sharing your data (including, Account Information and Health Records) outside of Ciitizen.

In any circumstance where your consent is sought prior to Ciitizen sharing personal information about you, you will be able to withdraw that consent at any time, provided we can individually identify you in such data.  Such withdrawal of consent will apply only to new uses or disclosures of personal information about you within a reasonable amount of time after Ciitizen has received the withdrawal or at such other time as required by applicable law.

Jurisdiction-Specific provisions

a. California

The California Consumer Privacy Act. Terms used in this section and not otherwise defined have the meaning given to them under the California Consumer Privacy Act of 2018 (“CCPA”). We do not sell personal information collected about you.

In the preceding 12 months, we collected and disclosed for a business purpose the following categories of personal information about California consumers:

Categories of Personal InformationData TypesCollected?Categories of Recipients
IdentifiersName, e-mail address, IP address, telephone numberYes

●        Service providers who process data on our behalf

●        Research partners (with your consent)

Personal information categories listed in the California Customer Records statuteName, social security number, physical characteristics or description, telephone number, driver’s license or state identification card number, etc.Yes

●        Service providers who process data on our behalf

●        Research partners (with your consent)

Protected classification characteristics under California or federal lawRace, genderYes

●        Service providers who process data on our behalf

●        Research partners (with your consent)

Commercial informationRecords of products or Services purchased, obtained, or considered, including prescriptionsYes

●        Service providers who process data on our behalf

●        Research partners (with your consent)

Internet or other similar network activityInformation on a user’s interaction with the websiteYes●        Service providers who process data on our behalf
Geolocation dataIP address dataYes●        Service providers who process data on our behalf
Professional or employment-related informationTitle of profession, employer, etc.Yes      ●        Service providers who process data on our behalf
Inferences drawn from other personal informationProfile reflecting a person’s preferencesYes●        Service providers who process data on our behalf

In addition, to the extent they are contained within your Health Records:

Categories of Personal InformationData TypesCollected?Categories of Recipients
Biometric informationImagery of retinas, fingerprints, hands, face, and behavioral characteristicsYes

●        Service providers who process data on our behalf

●        Research partners, and other third parties with your consent

Sensory dataAudio, electronic, visual, thermal, olfactory informationYes

●        Service providers who process data on our behalf

●        Research partners, and other third parties with your consent

Professional or employment-related informationTitle of profession, employer, etc.Yes      

●        Service providers who process data on our behalf

●        Research partners, and other third parties with your consent

Sources of Information. In the preceding 12 months, we received personal information from the sources described above Section I of this Privacy Policy.

Purposes for Collection, Use, and Sharing. We use and disclose the personal information we collect for our commercial purposes, as further described in this Privacy Policy, including for our business purposes:

  • Auditing related to our interactions with you;
  • Legal compliance;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and necessary prosecution;
  • Debugging;
  • Performing Services (for us or our service provider);
  • Internal research for technological improvement;
  • Internal operations;
  • Activities to maintain and improve our Services; and
  • Other one-time or short-term uses.

Your Rights. Where applicable, if you are a California resident you may have the following rights under CCPA in relation to “personal information” we have collected about you as defined in the CCPA; these rights are, to the extent required by the CCPA and subject to verification and any applicable exceptions:

  • Right to Know/Access: You have the right to request that we disclose certain information to you about our collection and use of certain personal information about you as described below:
    • The specific pieces of personal information collected;
    • The categories of personal information collected;
    • The categories of sources from whom the personal information is collected;
    • The purpose for collecting the personal information; and
    • The categories of third parties with whom we have shared the personal information.
  • Right to Delete: You have the right to request that we delete the personal information.
  • Freedom from Discrimination: You have the right to be free from unlawful discrimination for exercising any of the rights above.

To make a request in relation to the above rights, please contact us using the information below.  To fulfill your request, we will need to verify your identity and ask additional information and documents, which may include information previously provided.

Only you, or someone legally authorized to act on your behalf, may make a request related to personal information collected about you. To designate an authorized agent, the authorized agent must provide sufficient information that allows us to reasonably verify that they have been authorized by you to act on their behalf.

If you would like to exercise your rights discussed in this section, please contact us at the information below.

b. Australia

If you are in Australia, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy above.

We will only collect your Health Records from third parties if you give us your consent (for example, by requesting us to seek your Health Records from a third party) and the Health Records are reasonably necessary for one or more of our Services, functions or activities, or as otherwise permitted to do so by law.

How we hold personal information about you. We use Amazon Web Services located predominantly in the Pacific Northwest; with some data stored in other locations within the United States.

We may disclose personal information about you to recipients outside of Australia, including within the United States

Complaints. Please get in touch if you have any questions or complaints about how we collect, use or manage personal information about you. You can contact us using the contact information below. If you make a complaint, we will endeavor to respond within a reasonable period after the request is made, you have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC). Please note the OAIC requires any complaint to be made to us before you make a complaint to the OAIC. Further details about how to lodge a complaint with the OAIC can be found at https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us/.

c. Canada

If you are in Canada, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy above.

Personal information is maintained on our servers or those of our service providers and will be accessible by authorized employees, agents and representatives who require access for the purposes described in this Privacy Policy.

Your Rights. You may request access to or correction of personal information about you in our control as detailed in the contact us section below.  These rights are subject to certain exceptions and we may take steps to verify your identity before responding to your request.

We, our service providers and other parties with whom personal information about you may be shared as described in this Privacy Policy may process and store personal information about you outside of Canada, including in the United States and in other countries.  While outside of Canada, personal information about you will be subject to applicable local laws, which may not afford the same level of protection to personal information about you as the laws in Canada.

d. European Union

If you are in the European Economic Area (“EEA”) or the United Kingdom (“UK”), the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy above.

For the purpose of applicable data protection laws, we are the data controller.

Your information will be processed on the basis of the following legal bases:

PurposeCategories of DataLegal Basis (Article 6)Legal Basis (Article 9)
To keep you posted on available clinical trials, products, Services, software updates, and upcoming events. You can opt out of these communications in the manner designated in the specific communication or within your account.

Account Information

Health Records

Self-Reported Information

ConsentExplicit consent
To help us create, develop, operate, deliver and improve our products and Services.

Account Information

Health Records

Self-Reported Information

ConsentExplicit consent
For loss prevention and anti-fraud purposes and account and network security purposesAccount InformationOur legitimate interests in maintaining the security and integrity of our systems and networks.N/A
To send important notices regarding Ciitizen products and Services, including changes to our terms, conditions, and policies.Account Information – name, address, e-mail address, telephone number.Our legitimate interests in keeping you up to date regarding the Services.N/A
To locate your Health Records and help the providers and health plans accurately match and send the correct information to us for your Ciitizen account.Account Information – name, address, e-mail address, telephone number, prior names, addresses, phone numbers, birth date, gender, race or ethnicity, medical or health plan record numbers, and information about your doctors, medical providers and health plans.ConsentExplicit consent
To analyze  Health Records to offer you opportunities to share data (for example, with caregivers, with your medical professionals, to find treatment, or to power research ).

Health Records

Self-Reported Information

ConsentExplicit consent
To allow you to engage in blog discussions, message boards, chat rooms, and other forms of social networking and to post reviews and post content, such as messages relating to healthcare experiences, and interact with other users.User Generated ContentConsentExplicit consent

Your rights. If you are located in the EEA or the UK, you have certain rights in relation to personal information about you:

  • Access: You have the right to access information we hold about you, how we use it, and who we share it with.
  • Portability: You have the right to receive a copy of the information we hold about you and to request that we transfer it to a third party, in certain circumstances and with certain exceptions.
  • Correction: You have the right to correct any personal information about you we hold that is inaccurate.
  • Erasure: In certain circumstances, you have the right to delete the information we hold about you.
  • Restriction of processing to storage only: You have the right to require us to stop processing the information we hold about you, other than for storage purposes, in certain circumstances.
  • Objection: You have the right to object to our processing of personal information about you.
  • Objection to marketing: You can object to marketing at any time by opting-out using the unsubscribe/ opt-out function displayed in our communications to you.
  • Withdrawal of consent: You have the right to withdraw your consent at any time.

Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain personal information about you.

To exercise any of these rights, you can contact us at privacy@ciitizen.com. We will respond to requests to exercise these rights without undue delay and at least within one month (though this may be extended by a further two months in certain circumstances).

Storage and transfer of personal information about you. The information that we collect from you will be transferred to and stored at/processed in countries outside the EEA and UK. Your information is also processed by staff operating outside the EEA and the UK who work for us or one of our third-party service providers or partners. We will take all steps reasonably necessary to ensure that personal information about you is treated securely and in accordance with this Privacy Policy.

For any transfers of data outside the EEA or the UK, the data transfer will be on the basis of your explicit consent.

We will retain personal information about you as follows:

  • Your Health Records and Self-Reported Information for as long as you keep your account open or as needed to provide you with our Services;
  • Your Account Information for as long as you keep your account open or as needed to provide you with our Services;
  • If you contact us, we will keep your data for as long as you keep your account open or as needed to provide you with our Services;
  • Your Usage Information for as long as you keep your account open and as long as its needed to provide our Services and usage metrics; and
  • Your UGC, for as long as you keep your account open or as needed to provide you with our Services.

We will also retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes and enforce our terms and conditions, other applicable terms of service, and our policies.

e. India

If you are in India, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy above.

Sensitive Personal Information. Under local law, Sensitive Personal Information means passwords, financial information such as bank account, credit card, debit card or other payment instrument details, biometric data, physical or mental health details, sex life or sexual orientation, and/or medical records or history, biometric, genetic and gender related information, caste or ethnicity, religious or political affiliations and similar information, excluding information available in the public domain, or accessible by exercise of statutory rights under Indian laws.

Your Rights. To the extent provided by applicable laws and regulations, you may withdraw any consent you previously provided to us for certain processing activities, and correct or update personal information about you by contacting our privacy officer at privacy@ciitizen.com. Where consent is required to process personal information, and you do not consent to the processing or if you withdraw your consent, we may not be able to deliver the expected Service. Your request to withdraw your consent shall not (i) apply retrospectively; or (ii) require deletion of records required for statutory purposes.

f. Singapore

If you are in Singapore, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy above.

Access. You have the right to access personal information about you, how we use it, and who we share it with. You can access the personal information you have made available as part of your account by logging into your account. If you believe we hold any other personal information about you, please contact us at privacy@ciitizen.com.

Correction. You have the right to correct any personal information about you that is inaccurate. You can access the personal information we hold about you by logging into your account. If you believe we hold any other personal information about you and that information is inaccurate, please contact privacy@ciitizen.com.

Our designated privacy officer for the purposes of compliance with the Personal Data Protection Act 2012 can be contacted at privacy@ciitizen.com.

g. New Zealand

If you are in New Zealand, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy above.

The New Zealand Privacy Act 2020 and Health Information Privacy Code 2020. Terms used in this section and not otherwise defined have the meaning given to them in the Privacy Act 2020 (“NZPA”), and the Health Information Privacy Code 2020 (“NZHIPC”).

If you are located in New Zealand, we will collect, store, use, retain, and disclose personal information about you (including your Health Records) in accordance with the requirements of the NZPA and NZHIPC, as applicable. The information that we might collect from you, the purposes for which it may be used, how it will be stored, and with whom it may be disclosed, as set out in this Privacy Policy, including in this section.

Storage of personal information.  We store personal information that we collect using Amazon Web Services predominantly located in the Pacific Northwest (other locations within the United States).  You acknowledge and agree that:

  • we may store, use, transfer and otherwise process personal information about you in countries other than New Zealand, including in the United States of America;
  • agencies to whom we may disclose personal information as set out in this Privacy Policy may store, use, transfer and otherwise process personal information about you in countries other than New Zealand, including in the United States of America; and
  • the laws of such countries may have different privacy and information protection requirements to those set out in the NZPA and NZHIPC.

Notifiable privacy breaches.  We will comply with our obligations in the NZPA relating to notifiable privacy breaches, including our obligation to notify affected individuals as soon as practicable after we become aware that a notifiable privacy breach has occurred.

Your Rights. Where applicable, if you are located in New Zealand you have the following rights under the NZPA in relation to personal information we have collected about you; these rights are, to the extent required by the NZPA and subject to verification and any applicable exceptions:

  • Right to Access: You have the right to access any personal information that we hold about you.
  • Right to Correction: You have the right to request that we correct any personal information that we hold about you. We may be unable to change personal information that we hold that has been sourced directly from a third-party such as a medical provider.  However, you are entitled to request the correction of any information you believe is incorrect, and request that we attach a statement of the correction sought to personal information about you.

To make a request in relation to the above rights, please contact us using the information below.  To fulfill your request, we will need to verify your identity and may ask for additional information and documents, which may include information previously provided. Only you, or someone legally authorized to act on your behalf, may make a request related to personal information collected about you. To designate an authorized agent, the authorized agent must provide sufficient information that allows us to reasonably verify that they have been authorized by you to act on their behalf.

h. Other locations around the world

If you live in another part of the world not specifically mentioned here, please contact our designated privacy at privacy@ciitizen.com.

Keeping children safe

We do not knowingly market to or solicit personal information from children under the age of 18, without first obtaining parental or legal guardian consent.

Blogs and social networking and educational or promotional content

Ciitizen regularly publishes blog posts and invites any individual to sign up to receive these posts via email. Email addresses are collected from these individuals and used by Ciitizen or a contracted service provider solely to send these blog posts and other Ciitizen marketing or promotional material. Note that individuals who create an account on our Service will receive emails that contain newsletters, links to blog posts and other marketing or promotional content. Any individual – whether or not a Ciitizen account holder – may opt out of receiving any communications from us by following the unsubscribe link in the communications.

As noted above, the Ciitizen Service may from time to time allow you to store, display, reproduce, publish, or otherwise use UGC, and may or may not attribute it to you. These forums are accessible to others and UGC you post can be read, collected, shared, or otherwise used by anyone who accesses the forum. If you post UGC to information sharing forums, including any information about your health, you are doing so by choice and you are providing consent to the disclosure of this information; your UGC will be considered “public” and will be accessible by anyone, including Ciitizen. Please note that we do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure.  We are not responsible for the privacy or security of any information that you make publicly available on the features permitting creation of UGC or what others do with information you share with them on such platforms.  We are not responsible for the accuracy, use or misuse of any UGC that you disclose or receive from third parties through the forums or email lists.

Integrity and retention of information

You can keep your Account Information and Self-Reported Information accurate, complete and up-to-date. Information in your Ciitizen account, sourced directly from a third-party such as a medical provider, health plan, or other health data source (i.e., Health Records) cannot be changed by you or Ciitizen; however, you may upload or have us request on your behalf, updated information, including Health Records.

Ciitizen will retain personal information about you as long as necessary to fulfill the purposes outlined in this Privacy Policy. Your Ciitizen account will remain populated with personal information about you (including Health Records) until you decide to close your account.

Changes to this policy

We reserve the right to make changes to this Privacy Policy, in which case we will update the “Last Updated” date at the top of this Privacy Policy. We will give you advance notice of any material changes so you can decide if you want to maintain your account with Ciitizen (except those that may need to be made immediately in order to comply with law or to deal with an urgent situation that threatens the security of information held by Ciitizen or severely impacts Ciitizen’s functionality). The updated Privacy Policy will be effective as of the time of posting, or such later date as may be specified in the updated Privacy Policy.

Contact us

If you have questions, concerns or suggestions related to our Privacy Policy or our privacy or security practices, or if you would like to exercise any of your rights outlined in this Privacy Policy, email our Privacy Officer at privacy@ciitizen.com, contact us at +011-866-350-0638, or write a letter to:

Privacy Officer

Ciitizen Corporation
3000 El Camino Real
Suite 3-120
Palo Alto, CA, 94603

Online Terms of Service

Last updated: May 15, 2019

Summary: Welcome to the Terms of Service for Ciitizen. This document provides the legal terms of service for use of our website, as well as any of the Services that we offer. Please read the Terms carefully, as they include an agreement to waive the right to bring class action suits against us and to handle any claims you might have against us via arbitration. Please also review our Privacy Policy at https://www.ciitizen.com/privacy/.

Ciitizen Corporation, a Delaware corporation (“Ciitizen,” “we,” “us,” “our”) provides its Services (defined below) to you through its website located at www.ciitizen.com (the “Site”) and other related content, applications, services, tools and features (collectively, the “Service(s)”), subject to the following terms and conditions (as amended from time to time, the “Terms”). By using or accessing the Services, you are agreeing to these Terms. For purposes of these Terms, “you” and “your” means you as the user of the Services. If you use the Services on behalf of a company or other entity then “you” includes you and that entity, and you represent and warrant that (a) you are an authorized representative of the entity with the authority to bind the entity to these Terms, and (b) you agree to these Terms on the entity’s behalf.

We may modify these Terms from time to time. If we do this, we will update the “Last Updated” date at the top of these Terms. If we make changes that are material, we may also attempt to notify you, such as by e-mail notification and/or by placing a prominent notice on the first page of the Ciitizen website. However, it is your sole responsibility to review the Terms from time to time to view any such changes. The updated Terms will be effective as of the time of posting, or such later date as may be specified in the updated Terms. Your continued access to or use of the Services after the modifications have become effective will be deemed your acceptance of the modified Terms.

PLEASE READ THESE TERMS CAREFULLY, AS THEY CONTAIN AN AGREEMENT TO ARBITRATE AND OTHER IMPORTANT INFORMATION REGARDING YOUR LEGAL RIGHTS, REMEDIES, AND OBLIGATIONS. THE AGREEMENT TO ARBITRATE REQUIRES (WITH LIMITED EXCEPTION) THAT YOU SUBMIT CLAIMS YOU HAVE AGAINST US TO BINDING AND FINAL ARBITRATION, AND FURTHER (1) YOU WILL ONLY BE PERMITTED TO PURSUE CLAIMS AGAINST CIITIZEN ON AN INDIVIDUAL BASIS, NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY CLASS OR REPRESENTATIVE ACTION OR PROCEEDING, (2) YOU WILL ONLY BE PERMITTED TO SEEK RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ON AN INDIVIDUAL BASIS, AND (3) YOU MAY NOT BE ABLE TO HAVE ANY CLAIMS YOU HAVE AGAINST US RESOLVED BY A JURY OR IN A COURT OF LAW. You have the right to opt-out of arbitration as explained in Section 9. For more information, please see the Dispute Resolution By Binding Arbitration section below.

In addition, when using certain services, you will be subject to any additional terms applicable to such services that may be posted on such Service from time to time. All such terms are hereby incorporated by reference into these Terms.

Table of Contents

  1. 1. Access and Use of the Service
  2. 2. Conditions of Use
  3. 3. Intellectual Property Rights
  4. 4. Copyright
  5. 5. Third Party Services and Materials
  6. 6. Disclaimer of Warranties
  7. 7. Limitations of Liability
  8. 8. Indemnity and Release
  9. 9. Dispute Resolution by Binding Arbitration
  10. 10. Termination
  11. 11. User Disputes
  12. 12. General
  13. 13. Your Privacy
  14. 14. California Residents
  15. 15. Contact Us

1. Access and Use of the Service

Summary: Ciitizen provides a platform for (1) enabling users to collect their health information through the HIPAA right of access, (2) using and sharing Health Information (defined below), and (3) authorizing Ciitizen to collect Health Information on a user’s behalf. Users should understand that the Ciitizen platform and any Services do not constitute medical advice, and Ciitizen did not generate such Health Information, and is not responsible for the Health Information’s completeness or accuracy; Ciitizen is also not responsible for verifying any Health Information that the user provides. You are required to register to use our Services and you are responsible for protecting your user credentials. Ciitizen also may modify or discontinue the Services or any particular feature; we agree to notify you by e-mail prior to termination of any inactive accounts.

Services Description.The Service is a web-based platform that (i) allows users to request access to their historical health information and records (“Health Information”) through the “right of access” granted under the Health Insurance Portability and Accountability Act (“HIPAA”), as well as through online portal accounts made available to you by some health care providers or health plans, (ii) aggregates and standardizes (to the extent possible) such Health Information, (iii) allows users to use and disclose such aggregated, standardized Health Information with third parties, including caregivers and medical professionals through their health profile, and (iv) allow users to post content and interact with other users.

User Consent.As part of the Service, you may choose to have Ciitizen collect Health Information on your behalf maintained by (1) health care providers or health plans with whom you have, or previously had, a patient or subscriber relationship, or (2) from third-party sites. You may (1) link directly to online portals and/or (2) fill out and sign HIPAA requests for access forms (“HIPAA Access Forms”) and request Ciitizen to send those forms to designated health care providers and health plans, in each instance to enable Ciitizen to obtain your Health Information and upload it into your account.

By taking advantage of either or both routes for obtaining your Health Information, you acknowledge that you are asking Ciitizen to obtain your Health Information on your behalf. You further acknowledge that when you request authorization for Ciitizen to access an online portal provided by your health care provider or your health plan, you will be directly connected to an online website for the health care provider or health plan you have designated, and Ciitizen will submit information (including user names and passwords) that you provide in order to log into that portal and obtain your Health Information to upload to your Ciitizen account. By accessing an online portal or completing a HIPAA Access Form in order to enable Ciitizen to obtain your Health Information, you authorize and permit Ciitizen to use and store information provided by you (for example, information on the HIPAA Access Form, user names and passwords) and any Health Information collected from third parties in order to provide the Services, including processing and using such Health Information for product development, improvement, demo and training, and aggregated and anonymized searching capabilities. You represent and warrant that you own all right, title and interest in and to the Health Information collected from third parties and any data you provide to us (including any and all intellectual property rights therein), subject to Ciitizen’s right to Work Product (as defined below) as set forth below.

You acknowledge there may be delays in record request processing from your health providers and health plans. Despite our reasonable efforts, Ciitizen also may not be able to obtain some or all of your Health Information and we do not guarantee or assume any responsibility or liability for the completeness, timeliness, accuracy, deletion or non-delivery of any Health Information. Ciitizen is also not responsible for the way in which data is displayed on the Site or through the Service, as this may be impacted by the nature and form of the Health Information that Ciitizen receives from you or on your behalf.

You may add self-entered historical health information to your health profile, and you may edit and remove any such contribution made by you from your health profile. Health Information that comes from records of health care providers or health plans accessed through your HIPAA “right of access” will be “read only” and cannot be altered, although you will have a choice of whether or not to share such Health Information with others. If you believe any Health Information coming from the records of your health care providers or health plans is inaccurate, it is your responsibility to address this issue with the relevant health care provider(s) or health plan(s).

Service Disclaimer. THE SERVICES, INCLUDING ALL OF THE MATERIAL AND INFORMATION MADE AVAILABLE THROUGH THE SERVICES, ARE FOR INFORMATIONAL PURPOSES ONLY AND DO NOT CONSTITUTE PROFESSIONAL MEDICAL ADVICE OR TREATMENT. Always seek the advice of your physician or other qualified health provider with any questions you may have regarding your health. The Services are not a substitute for professional medical advice; never disregard professional medical advice or delay in seeking it because of something made available through the Services. If you think you may have a medical emergency, call your doctor or 911 immediately. Ciitizen does not recommend or endorse any specific tests, physicians, products, procedures, opinions, or other information that may be mentioned on the Services.

Ciitizen has no control over the completeness, validity, consistency or accuracy of any content provided (or lack of such) by you or others (such as hospitals, other health care providers, or health plans). You rely on any information provided by Ciitizen, or third parties providing services on behalf of Ciitizen to provide the Services, or other members solely at your own risk.

Your Registration Obligations. You must reside in the United States or any of its territories to use our Services. Minors under the age of majority in their jurisdiction are only permitted to use our Services if the minor’s parent or guardian accepts these Terms on the minor’s behalf prior to use of the Services. By using the Services, you represent and warrant that you meet all of these requirements.

You will be required to register with Ciitizen in order to access and use certain features of the Service. If you choose to register for the Service, you agree to provide and maintain true, accurate, current and complete information for your account. Our Privacy Policy describes how we handle the registration data and certain other information you provide to us when you use our Services. If you are under 18 years of age, you are not authorized to use the Service, with or without registering, unless your parent or guardian has provided their express prior consent. If you are under the 13 years of age, you may not use the Service, other than by having your parent or guardian register and use the Service on your behalf.

Member Account, Password and Security. You are solely responsible for maintaining the confidentiality and security of your Ciitizen username, password and other account information, and are fully responsible for any and all activities that occur under your account. You can access, edit and update your account via the www.ciitizen.com. You agree to (a) immediately notify Ciitizen at legal@ciitizen.com of any unauthorized use of your password or account or any other breach of security including unauthorized disclosure of your username and/or password, and (b) ensure that you log out of your account at the end of each session when accessing the Service. Ciitizen is not liable for any acts or omissions by you in connection with your account. We are not liable for any loss or damage arising from your failure to comply with this Section.

Modifications to Service. Ciitizen reserves the right to modify or discontinue, temporarily or permanently, the Service (or any part thereof) with or without notice. You agree that Ciitizen will not be liable to you or to any third party for any modification, suspension, or discontinuance of the Service; provided that if we discontinue the Service, we will use our best efforts to permit you to export any health information maintained by us for a period of thirty (30) days from when the Service is discontinued.

General Practices Regarding Use and Storage.You acknowledge that Ciitizen may establish general practices and limits concerning use of the Service, including without limitation the maximum period of time that Health Information, data or other Content will be retained by the Service and the maximum storage space that will be allotted on Ciitizen’s servers on your behalf. You acknowledge that Ciitizen reserves the right, in our sole discretion, to terminate accounts that are inactive for an extended period of time; provided that Ciitizen has provided you with at least fifteen (15) days’ prior notice to the e-mail associated with your account.

2. Conditions of Use

Summary: Currently, we provide the Services free of charge to the user. You are solely responsible for any content you create via the Services. Certain types of user-created content and conduct (as set forth below) are strictly prohibited. Ciitizen can take appropriate action – including legal action – where you are in violation of these Terms. You acknowledge and agree that the Services are for your personal use only.

User Conduct.You are solely responsible for all code, video, images, information, data, text, software, music, sound, photographs, graphics, messages or other materials (“Content”) that you upload, post, publish or display (hereinafter, “Upload”) or email or otherwise use via the Service. The following are examples of illegal or prohibited Content and/or use. Ciitizen reserves the right to investigate and take appropriate legal action against anyone who, in our sole discretion, violates these Terms, including without limitation, removing the offending Content from the Service, suspending or terminating the account of such violators and reporting you to the law enforcement authorities.

You agree to not use the Service to:

  • a) email or otherwise upload any Content that (i) infringes any intellectual property or other proprietary rights of any party; (ii) you do not have a right to upload under any law or under contractual or fiduciary relationships; (iii) contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; (iv) poses or creates a privacy or security risk to any person; (v) constitutes unsolicited or unauthorized advertising, promotional materials, commercial activities and/or sales, “junk mail,” “spam,” “chain letters,” “pyramid schemes,” “contests,” “sweepstakes,” or any other form of solicitation; (vi) is unlawful, harmful, threatening, abusive, harassing, tortious, excessively violent, defamatory, vulgar, obscene, pornographic, libelous, invasive of another’s privacy, hateful racially, ethnically or otherwise objectionable; or (vii) in the sole judgment of Ciitizen, is objectionable or which restricts or inhibits any other person from using or enjoying the Service, or which may expose Ciitizen or its users to any harm or liability of any type;
  • b) interfere with or disrupt the Service or servers or networks connected to the Service, or disobey any requirements, procedures, policies or regulations of networks connected to the Service; or
  • c) violate any applicable local, state, national or international law, or any regulations having the force of law;
  • d) impersonate any person or entity, or falsely state or otherwise misrepresent your affiliation with a person or entity;
  • e) solicit personal information from anyone under the age of 18;
  • f) harvest or collect email addresses or other contact information of other users from the Service by electronic or other means for the purposes of sending unsolicited emails or other unsolicited communications;
  • g) advertise or offer to sell or buy any goods or services for any business purpose that is not specifically authorized by us;
  • h) further or promote any criminal activity or enterprise or provide instructional information about illegal activities; or
  • i) obtain or attempt to access or otherwise obtain any materials or information through any means not intentionally made available or provided for through the Service.

Fees.We currently provide the Service free of charge to our users. We reserve the right to charge a fee for certain portions of the Service in the future.

Special Notice for International Use; Export Controls. You agree that you will not export or re-export, directly or indirectly, the Services and/or other information or materials provided by Ciitizen hereunder, to any country for which the United States or any other relevant jurisdiction requires any export license or other governmental approval at the time of export without first obtaining such license or approval. In particular, but without limitation, the Services may not be exported or re-exported (a) into any U.S. embargoed countries or any country that has been designated by the U.S. Government as a “terrorist supporting” country, or (b) to anyone listed on any U.S. Government list of prohibited or restricted parties, including the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List. By using the Services, you represent and warrant that you are not located in any such country or on any such list. You are responsible for and hereby agree to comply at your sole expense with all applicable United States export laws and regulations.

No Commercial Use. The Service is for your personal use only. Unless otherwise expressly authorized herein or in the Service, you agree not to display, distribute, license, perform, publish, reproduce, duplicate, copy, create derivative works from, modify, sell, resell, exploit, transfer or upload for any commercial purposes, any portion of the Service, use of the Service, or access to the Service.

3. Intellectual Property Rights

User Content Transmitted Through the Service; Your Ownership of User Content and Your Health Information. With respect to the content or other materials you upload through the Service or share with other users or recipients (collectively, “User Content”), by posting or submitting your User Content through the Services, you represent and warrant that you have, or have obtained, all rights, licenses, consents, permissions, power and/or authority necessary to grant the rights granted herein for your User Content. You agree that your User Content will not contain material subject to copyright or other proprietary rights, unless you have the necessary permission or are otherwise legally entitled to post the material and to grant us the license described above. As between you and us, you and/or your licensors own all right, title and interest in and to the User Content and your Health Information. As a condition of your use of the Services, you grant us a nonexclusive, perpetual, irrevocable, royalty-free, worldwide, transferable, sublicenseable license to access, use, host, cache, store, reproduce, transmit, display, publish, distribute, modify and adapt and create derivative works (either alone or as part of a collective work) from your User Content and Health Information.

You acknowledge and agree that Ciitizen may preserve your User Content and Health Information and may also disclose your User Content and Health Information if required to do so by law or if we, in our sole discretion, hold the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal process, applicable laws or government requests; (b) enforce these Terms; (c) respond to claims that any such User Content or Health Information violates the rights of third parties; or (d) protect the rights, property, or personal safety of Ciitizen, its users and the public. You understand that the technical processing and transmission of the Service, including your User Content and Health Information, may involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices.

Services, Software and Trademarks. You acknowledge and agree that the Services and their content (other than the Health Information and User Content you submit or that we collect on your behalf), including their “look and feel” (e.g., text, graphics, images, logos), proprietary content, information and other materials, are protected under copyright, trademark and other intellectual property laws (collectively, other than your Health Information and User Content, the “Service Content”). You agree that Ciitizen and/or its licensors own all right, title and interest in and to the Service Content and the Services (including any and all intellectual property rights therein). You agree not to take any action(s) inconsistent with such ownership interests. We and our licensors reserve all rights in connection with the Services and the Service Content, including, without limitation, the exclusive right to create derivative works.

Except as expressly authorized by Ciitizen, you agree not to modify, copy, frame, scrape, rent, lease, loan, sell, distribute or create derivative works based on the Service or the Service Content, in whole or in part, except that the foregoing does not apply to your own User Content that you legally upload to the Service. In connection with your use of the Service you will not engage in or use any data mining, robots, scraping or similar data gathering or extraction methods. If you are blocked by Ciitizen from accessing the Service (including by blocking your IP address), you agree not to implement any measures to circumvent such blocking (e.g., by masking your IP address or using a proxy IP address). Any use of the Service or the Service Content other than as specifically authorized herein is strictly prohibited. The technology and software underlying the Service or distributed in connection therewith are the property of Ciitizen, our affiliates and our partners (the “Software”). You agree not to copy, modify, create a derivative work of, reverse engineer, reverse assemble or otherwise attempt to discover any source code, sell, assign, sublicense, or otherwise transfer any right in the Software. Any rights not expressly granted herein are reserved by Ciitizen.

The Ciitizen name and logos and all related names, logos, product and service names, designs and slogans are trademarks and service marks of Ciitizen or its affiliates or licensors (collectively the “Ciitizen Trademarks”). Other names, logos, product and service names, designs and slogans that appear on the Services are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by us. Nothing in these Terms or the Service should be construed as granting, by implication, estoppel, or otherwise, any license or right to use any of the Ciitizen Trademarks without our prior written permission in each instance. All goodwill generated from the use of Ciitizen Trademarks will inure to our exclusive benefit.

Ciitizen Work Product. As a part of the Services, we may produce certain reports, summaries, graphs, or other analysis using your Health Information and/or any data you provide to us, or otherwise process said Health Information and data in any way (“Work Product”) and provide you with access to such Work Product. You acknowledge and expressly agree that any Work Product (not including the Health Information and User Content that you have provided) becomes the sole and exclusive property of Ciitizen and Ciitizen may use and disclose Work Product in any manner and for any purpose whatsoever, so long as no part of your Health Information and User Content is released externally without your explicit, revocable consent (unless legally required), without further notice or compensation to you and without retention by you of any proprietary or other right or claim in accordance with applicable laws. You hereby assign to Ciitizen any and all right, title and interest (including, but not limited to, any patent, copyright, trade secret, trademark, show-how, know-how, and any and all other intellectual property right) that you may have in and to any and all Work Product, and waive any moral rights you might have.

License Grant. Subject to your compliance with these Terms, Ciitizen hereby grants to you, a personal, worldwide, royalty-free, non-assignable, non-sublicensable, non-transferrable, and non-exclusive license to (a) use the software provided to you as part of the Services and (b) any Work Product for your personal health use only. The software license has the sole purpose of enabling you to use and enjoy the benefit of the Services as provided by us, in the manner permitted by these Terms and subject to the use restrictions described below. We and our licensors reserve all rights in connection with the Services and its content (other than your User Content), including, without limitation, any Work Product or the exclusive right to create derivative works.

Third Party Material. Under no circumstances will Ciitizen be liable in any way for any Content or materials of any third parties (including users), including, but not limited to, for any errors or omissions in any Content, or for any loss or damage of any kind incurred as a result of the use of any such Content. You acknowledge that Ciitizen does not pre-screen Content, but that Ciitizen and its designees will have the right (but not the obligation) in their sole discretion to refuse or remove any Content that is available via the Service. Without limiting the foregoing, Ciitizen and its designees will have the right to remove any content that violates these Terms or is deemed by Ciitizen, in its sole discretion, to be otherwise objectionable. You agree that you must evaluate, and bear all risks associated with, the use of any Content, including any reliance on the accuracy, completeness, or usefulness of such Content.

Feedback. We welcome feedback, comments and suggestions for improvements to the Services (“Feedback”). You acknowledge and expressly agree that any contribution of Feedback does not and will not give or grant you any right, title or interest in the Services or in any such Feedback. All Feedback provided by you to Ciitizen are non-confidential and becomes the sole and exclusive property of Ciitizen and Ciitizen may use and disclose Feedback in any manner and for any purpose whatsoever without further notice or compensation to you and without retention by you of any proprietary or other right or claim. You hereby assign to Ciitizen any and all right, title and interest (including, but not limited to, any patent, copyright, trade secret, trademark, show-how, know-how, moral rights and any and all other intellectual property right) that you may have in and to any and all Feedback.. Notwithstanding the foregoing, we will keep your identity and any PHI or sensitive information provided by you in connection with any Feedback strictly confidential.

4. Copyright

Summary: Ciitizen respects the rights of copyright owners and expects you to do the same. If you are a copyright owner, and you believe any content hosted by Ciitizen infringes your copyrights, you may submit a notification pursuant to the Digital Millennium Copyright Act by providing notice to our designated agent.

Copyright Complaints. Ciitizen respects the intellectual property of others, and we ask our users to do the same. If you believe that your work has been copied in a way that constitutes copyright infringement, or that your intellectual property rights have been otherwise violated, you should notify Ciitizen of your infringement claim in accordance with the procedure set forth below.

Ciitizen will process and investigate notices of alleged infringement and will take appropriate actions under the Digital Millennium Copyright Act (“DMCA”) and other applicable intellectual property laws with respect to any alleged or actual infringement. A notification of claimed copyright infringement should be emailed to legal@ciitizen.com(Subject line: “DMCA Takedown Request”). You may also contact us by mail or facsimile at:

Ciitizen Corporation 
3000 El Camino Real
3 Palo Alto Square, Suite 120
Palo Alto, California, 94306 

To be effective, the notification must be in writing and contain the following information:

  • an electronic or physical signature of the person authorized to act on behalf of the owner of the copyright or other intellectual property interest;
  • a description of the copyrighted work or other intellectual property that you claim has been infringed;
  • a description of where the material that you claim is infringing is located on the Service, with enough detail that we may find it on the Service;
  • your address, telephone number, and email address;
  • a statement by you that you have a good faith belief that the disputed use is not authorized by the copyright or intellectual property owner, its agent, or the law;
  • a statement by you, made under penalty of perjury, that the above information in your Notice is accurate and that you are the copyright or intellectual property owner or authorized to act on the copyright or intellectual property owner’s behalf.

Counter-Notice. If you believe that your User Content that was removed (or to which access was disabled) is not infringing, or that you have the authorization from the copyright owner, the copyright owner’s agent, or pursuant to the law, to upload and use the content in your User Content, you may send a written counter-notice containing the following information to Ciitizen:

  • your physical or electronic signature;
  • identification of the content that has been removed or to which access has been disabled and the location at which the content appeared before it was removed or disabled;
  • a statement that you have a good faith belief that the content was removed or disabled as a result of mistake or a misidentification of the content; and
  • your name, address, telephone number, and email address, a statement that you consent to the jurisdiction of the federal court located within Northern District of California and a statement that you will accept service of process from the person who provided notification of the alleged infringement.
  • If a counter-notice is received by Ciitizen, Ciitizen will send a copy of the counter-notice to the original complaining party informing that person that it may replace the removed content or cease disabling it in 10 business days. Unless the copyright owner files an action seeking a court order against the content provider, member or user, the removed content may be replaced, or access to it restored, in 10 to 14 business days or more after receipt of the counter-notice, at our sole discretion.

Repeat Infringer Policy. In accordance with the DMCA and other applicable law, Ciitizen has adopted a policy of terminating, in appropriate circumstances and at Ciitizen’s sole discretion, users who are deemed to be repeat infringers. Ciitizen may also at its sole discretion limit access to the Service and/or terminate the memberships of any users who infringe any intellectual property rights of others, whether or not there is any repeat infringement.]

5. Third Party Services and Materials

Summary: Ciitizen may from time to time include or link to services provided by third parties. We are not responsible for these materials or services. 

The Service may display, include or make available content, data, information, applications or materials from third parties (“Third Party Materials”) or provide links or other access to certain third party websites and resources. By using the Services, you acknowledge and agree that Ciitizen has no control over such third party websites and resources and that we are not responsible for examining or evaluating the content, accuracy, completeness, timeliness, validity, copyright compliance, legality, decency, quality or any other aspect of such Third Party Materials or websites. We do not warrant or endorse and do not assume and will not have any liability or responsibility to you or any other person for any Third Party Materials, websites, products, services or resources. You further acknowledge that Third Party Materials and links to other websites are provided solely as a convenience to you. Any dealings you have with third parties are between you and such third party, and you agree that Ciitizen is not liable for any loss or claim that you may have against any such third party.

6. Disclaimer of Warranties

Summary: Except as expressly stated, the Services provided by Ciitizen are “as is” and without warranties. 

Your access to and use of the Services are at your own risk. You understand and agree that the Services are provided to you on an “AS IS” and “AS AVAILABLE” basis. Without limiting the foregoing, to the maximum extent permitted under applicable law, Ciitizen, its parents, affiliates, related companies, officers, directors, employees, agents, representatives, partners and licensors (the “Ciitizen Entities”) DISCLAIM ALL WARRANTIES AND CONDITIONS, WHETHER EXPRESS OR IMPLIED, OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Without limiting any of the foregoing, the Ciitizen Entities make no warranty or representation and disclaim all responsibility and liability for: (a) the completeness, accuracy, availability, timeliness, security or reliability of the Services; (b) any harm to your computer system, loss of data, or other harm that results from your access to or use of the Services; (c) the operation or compatibility with any other application or any particular system or device; (d) whether the Services will meet your requirements or be available on an uninterrupted, secure or error-free basis; and (e) the deletion of, or the failure to store or transmit, your User Content and other communications maintained by the Services. No advice or information, whether oral or written, obtained from the Ciitizen Entities or through the Services, will create any warranty or representation not expressly made herein. 

Some jurisdictions do not allow the disclaimer or exclusion of certain warranties. Accordingly, some of the disclaimers set forth above may not apply to you or be enforceable with respect to you. If you are dissatisfied with any portion of the Service or with these Terms, your sole and exclusive remedy is to discontinue use of the Service 

If you are a user from New Jersey, the foregoing section titled “Disclaimer of Warranties” is intended to be only as broad as is permitted under the laws of the State of New Jersey. If any portion of this section is held to be invalid under the laws of the State of New Jersey, the invalidity of such portion shall not affect the validity of the remaining portions of the applicable section.

7. Limitations of Liability

Summary: Ciitizen is not be liable for certain types of damages resulting from certain types of claims as described herein. 

TO THE EXTENT NOT PROHIBITED BY LAW, YOU AGREE THAT IN NO EVENT WILL THE Ciitizen ENTITIES BE LIABLE (A) FOR INDIRECT, SPECIAL, EXEMPLARY, INCIDENTAL, CONSEQUENTIAL OR DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF USE, DATA OR PROFITS, BUSINESS INTERRUPTION OR ANY OTHER DAMAGES OR LOSSES, ARISING OUT OF OR RELATED TO YOUR USE OR INABILITY TO USE THE SERVICES), HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY, WHETHER UNDER THESE TERMS OR OTHERWISE ARISING IN ANY WAY IN CONNECTION WITH THE SERVICES OR THESE TERMS AND WHETHER IN CONTRACT, STRICT LIABILITY OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) EVEN IF THE Ciitizen ENTITIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE, OR (B) FOR ANY OTHER CLAIM, DEMAND OR DAMAGES WHATSOEVER RESULTING FROM OR ARISING OUT OF OR IN CONNECTION WITH THESE TERMS OR THE DELIVERY, USE OR PERFORMANCE OF THE SERVICES. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE EXCLUSION OR LIMITATION MAY NOT APPLY TO YOU. THE Ciitizen ENTITIES’ TOTAL LIABILITY TO YOU FOR ANY DAMAGES FINALLY AWARDED SHALL NOT EXCEED THE AMOUNT OF ONE HUNDRED DOLLARS ($100.00), OR THE AMOUNT YOU PAID THE Ciitizen ENTITIES, IF ANY, IN THE PAST SIX (6) MONTHS FOR THE SERVICES (OR PRODUCTS PURCHASED ON THE SERVICES) GIVING RISE TO THE CLAIM. THE FOREGOING LIMITATIONS WILL APPLY EVEN IF THE ABOVE STATED REMEDY FAILS OF ITS ESSENTIAL PURPOSE. 

Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages. Accordingly, some of the limitations set forth above may not apply to you or be enforceable with respect to you. If you are dissatisfied with any portion of the Service or with these Terms, your sole and exclusive remedy is to discontinue use of the Service. 

If you are a user from New Jersey, the foregoing section titled “Limitation of Liability” is intended to be only as broad as is permitted under the laws of the State of New Jersey. If any portion of this section is held to be invalid under the laws of the State of New Jersey, the invalidity of such portion shall not affect the validity of the remaining portions of the applicable section.

8. Indemnity

Summary: You agree to indemnify and hold Ciitizen and its affiliates, employees and agents harmless from any losses arising out of your use of the Service, or User Content or your violation of these Terms or violation of another’s rights. 

By entering into these Terms and using the Services, you agree to indemnify and hold Ciitizen and its affiliates and their officers, employees, directors and agents (collectively, “Indemnitees”) harmless from any and all losses, damages, liability and expenses (including reasonable attorneys’ fees), rights, claims, costs, actions of any kind and injury arising out of or in connection with: (a) your violation or breach of any term of these Terms or any applicable law or regulation; (b) your violation of any rights of any third party; (c) any unauthorized use of the Services; (d) your User Content, or (e) your negligence or willful misconduct.

9. Dispute Resolution By Binding Arbitration. PLEASE READ THIS SECTION CAREFULLY AS IT INCLUDES IMPORTANT INFORMATION ABOUT YOUR LEGAL RIGHTS.

Summary: You agree that all disputes with Ciitizen will be subject to binding arbitration on an individual basis to the extent permitted under applicable law.

a. Agreement to Arbitrate

This Dispute Resolution by Binding Arbitration section is referred to in this Terms of Service as the “Arbitration Agreement.” You agree that any and all disputes or claims that have arisen or may arise between you and Ciitizen, whether arising out of or relating to this Terms of Service (including any alleged breach thereof), the Services, any advertising, any aspect of the relationship or transactions between us, shall be resolved exclusively through final and binding arbitration, rather than a court, in accordance with the terms of this Arbitration Agreement, except that you may assert individual claims in small claims court, if your claims qualify. Further, this Arbitration Agreement does not preclude you from bringing issues to the attention of federal, state, or local agencies, and such agencies can, if the law allows, seek relief against us on your behalf. You agree that, by entering into this Terms of Service, you and Ciitizen are each waiving the right to a trial by jury or to participate in a class action. Your rights will be determined by a neutral arbitrator, not a judge or jury. The Federal Arbitration Act governs the interpretation and enforcement of this Arbitration Agreement.

b. Prohibition of Class and Representative Actions and Non-Individualized Relief

YOU AND CIITIZEN AGREE THAT EACH OF US MAY BRING CLAIMS AGAINST THE OTHER ONLY ON AN INDIVIDUAL BASIS AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE ACTION OR PROCEEDING. UNLESS BOTH YOU AND CIITIZEN AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE OR JOIN MORE THAN ONE PERSON’S OR PARTY’S CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A CONSOLIDATED, REPRESENTATIVE, OR CLASS PROCEEDING. ALSO, THE ARBITRATOR MAY AWARD RELIEF (INCLUDING MONETARY, INJUNCTIVE, AND DECLARATORY RELIEF) ONLY IN FAVOR OF THE INDIVIDUAL PARTY SEEKING RELIEF AND ONLY TO THE EXTENT NECESSARY TO PROVIDE RELIEF NECESSITATED BY THAT PARTY’S INDIVIDUAL CLAIM(S), EXCEPT THAT YOU MAY PURSUE A CLAIM FOR AND THE ARBITRATOR MAY AWARD PUBLIC INJUNCTIVE RELIEF UNDER APPLICABLE LAW TO THE EXTENT REQUIRED FOR THE ENFORCEABILITY OF THIS PROVISION.

c. Pre-Arbitration Dispute Resolution

You agree that in the event of any dispute between you and the Ciitizen Entities, you will first contact Ciitizen and make a good faith sustained effort to resolve the dispute before resorting to more formal means of resolution, including without limitation, any court action. 

Ciitizen is always interested in resolving disputes amicably and efficiently, and most user concerns can be resolved quickly and to the user’s satisfaction by emailing support at help@ciitizen.com. If such efforts prove unsuccessful, a party who intends to seek arbitration must first send to the other, by certified mail, a written Notice of Dispute (“Notice”). The Notice to Ciitizen should be sent to Ciitizen Corporation, 3000 El Camino Real, 3 Palo Alto Square, Suite 120, Palo Alto, California, 94306 (“Notice Address”). The Notice must (i) describe the nature and basis of the claim or dispute and (ii) set forth the specific relief sought. If Ciitizen and you do not resolve the claim within sixty (60) calendar days after the Notice is received, you or Ciitizen may commence an arbitration proceeding. During the arbitration, the amount of any settlement offer made by Ciitizen or you shall not be disclosed to the arbitrator until after the arbitrator determines the amount, if any, to which you or Ciitizen is entitled.

d. Arbitration Procedures

After the informal dispute resolution process, any remaining dispute, controversy, or claim (collectively, “Claim”) relating in any way to your use of Ciitizen’s services and/or products, including the Services, will be resolved by arbitration. You and the Ciitizen agree that any Claim will be settled by final and binding arbitration, using the English language, administered by JAMS under its Comprehensive Arbitration Rules and Procedures (the “JAMS Rules”) then in effect (those rules are deemed to be incorporated by reference into this section, and as of the date of these Terms). Arbitration will be handled by a sole arbitrator in accordance with the JAMS Rules. Judgment on the arbitration award may be entered in any court that has jurisdiction. Any arbitration under the Terms will take place on an individual basis – class arbitrations and class actions are not permitted. You understand that by agreeing to the Terms, you and Ciitizen are each waiving the right to trial by jury or to participate in a class action or class arbitration. Notwithstanding the foregoing, you and Ciitizen will have the right to bring an action in a court of proper jurisdiction for injunctive or other equitable or conservatory relief, pending a final decision by the arbitrator. You may instead assert your claim in “small claims” court, but only if your claim qualifies, your claim remains in such court and your claim remains on an individual, non-representative and non-class basis. An arbitrator shall not be bound by rulings in prior arbitrations involving different users, but is bound by rulings in prior arbitrations involving the same user to the extent required by applicable law.

e. Costs of Arbitration

Payment for any and all reasonable JAMS filing, administrative and arbitrator fees will be in accordance with the JAMS Rules. If the value of your claim does not exceed $75,000, Ciitizen will pay for the reasonable filing, administrative and arbitrator fees associated with the arbitration, unless the arbitrator finds that either the substance of your claim or the relief sought was frivolous or brought for an improper purpose.

f. Confidentiality

All aspects of the arbitration proceeding, and any ruling, decision, or award by the arbitrator, will be strictly confidential for the benefit of all parties.

g. Severability

If a court or the arbitrator decides that any term or provision of this Arbitration Agreement (other than the subsection (b) titled “Prohibition of Class and Representative Actions and Non-Individualized Relief” above) is invalid or unenforceable, the parties agree to replace such term or provision with a term or provision that is valid and enforceable and that comes closest to expressing the intention of the invalid or unenforceable term or provision, and this Arbitration Agreement shall be enforceable as so modified. If a court or the arbitrator decides that any of the provisions of subsection (b) above titled “Prohibition of Class and Representative Actions and Non-Individualized Relief” are invalid or unenforceable, then the entirety of this Arbitration Agreement shall be null and void, unless such provisions are deemed to be invalid or unenforceable solely with respect to claims for public injunctive relief. The remainder of these Terms will continue to apply.

h. Opt-Out

You have the right to opt-out and not be bound by the arbitration provisions set forth in these Terms by sending written notice of your decision to opt-out to legal@ciitizen.com or to the U.S. mailing address listed at the bottom of this Agreement. The notice must be sent to Ciitizen within thirty (30) days of your registering to use the Services or agreeing to these Terms, otherwise you shall be bound to arbitrate disputes in accordance with these Terms. If you opt-out of these arbitration provisions, Ciitizen also will not be bound by them.

i. Future Changes to Arbitration Agreement

Notwithstanding any provision in these Terms to the contrary, Ciitizen agrees that if it makes any future change to this Arbitration Agreement (other than a change to the Notice Address) while you are a user of the Services, you may reject any such change by sending Ciitizen written notice within thirty (30) calendar days of the change to the Notice Address provided above. By rejecting any future change, you are agreeing that you will arbitrate any dispute between us in accordance with the language of this Arbitration Agreement as of the date you first accepted these Terms (or accepted any subsequent changes to these Terms).

10. Termination

Summary: Ciitizen may suspend or terminate any licenses granted by us and/or your account if you have violated these Terms (including violations of the law and fraudulent or abusive activity). 

If you breach any of the terms of these Terms, all licenses granted by Ciitizen will terminate automatically. Additionally, Ciitizen may suspend, disable, or delete your account and/or the Services (or any part of the foregoing) with or without notice, for any or no reason. If Ciitizen deletes your account for any suspected breach of these Terms by you, you are prohibited from re-registering for the Services under a different name. In the event of account deletion for any reason, Ciitizen may, but is not obligated to, delete any of your Content. Ciitizen shall not be responsible for the failure to delete or deletion of your Content. All sections which by their nature should survive the termination of these Terms shall continue in full force and effect subsequent to and notwithstanding any termination of this Agreement by Ciitizen or you. Termination will not limit any of Ciitizen’s other rights or remedies at law or in equity. Any suspected fraudulent, abusive or illegal activity that may be grounds for termination of your use of Service, may be referred to appropriate law enforcement authorities. You agree that any termination of your access to the Service under any provision of this Terms of Service may be effected without prior notice, and acknowledge and agree that Ciitizen may immediately deactivate or delete your account and all related information and files in your account and/or bar any further access to such files or the Service. Further, you agree that Ciitizen will not be liable to you or any third party for any termination of your access to the Service.

11. User Disputes

Summary: You agree that you are solely responsible for interactions with other Ciitizen users, and Ciitizen is not obligated to get involved in disputes between its users. 

You agree that you are solely responsible for your interactions with any other user in connection with the Service and Ciitizen will have no liability or responsibility with respect thereto. Ciitizen reserves the right, but has no obligation, to become involved in any way with disputes between you and any other user of the Service.