Privacy Policy for DayTwo Services

1. Thank You for Using Day Two

1.1. DayTwo, Inc. and its affiliates (“DayTwo”, “Us”, or “We”) provide this Privacy Policy (as will be amended and/or updated, from time to time) (the “Privacy Policy” or “Policy”) to inform You of Our policies and procedures regarding the collection, use, share and disclosure of
information We receive and/or collect from You when You use Our products, applications and
services (the “Services”).

1.2. By using the Services, You consent to the collection and use of Your information in accordance with this Privacy Policy and Our Terms of Service. If You do not feel comfortable with any part of this Policy or Our Terms of Use, You should not use or access Our Services.

1.3. We may change, amend and/or update the terms of this Policy from time to time, by posting notice on Our Website and Our applications. The Privacy Policy will post the date that any change to the policy takes effect. Your continued use of the Services constitutes Your explicit consent to this Privacy Policy (including any amendment or change thereof). If You do not agree to this Privacy Policy (including the new or different terms thereof), You should not use the

2. Information We Collect

2.1. Your use of the Services is totally voluntary. If You are uncomfortable with sharing information about Yourself, do not use the Services.

2.2 Collecting Information. By using the Services, You will be providing information about Yourself so that We can provide the Services to You. Some of this information will identify You personally (“PII”), including:

2.3 Health Information. Certain PII provided about You may also qualify as protected health information (“PHI”) under applicable laws. Please see Section 10 below about our use of PHI in accordance with the US Health Insurance Portability and Accountability Act.

2.4 Genetic Information. “Genetic Information” is all the information that can be derived from DNA contained in the stool samples that you provide to us for analysis in connection with the Services. You agree that when You submit your stool samples for analysis by Us, you agree that (a) such samples and Genetic Information may be reviewed and analyzed by our DayTwo owned and operated laboratories in Israel and such other USA locations as determined by us from time-to-time (b) we may collect and use such information in accordance with this Privacy Policy. Such Genetic Information will be treated as PII and PHI under this Privacy Policy.

2.5 Please give us accurate information. You state that the information You give us is Yours, You have the legal right to provide us such information and it is complete, accurate and true.

2.6 Information we collect about you from third parties. As part of the Services, We may receive and/or have access from time to time to PII about You as will be provided to Us by third parties subject to Your consent, for example, by Google or Apple that collect personal information about You regarding your health as part of their services. This may include, without limitation, information about personal characteristics, such as date of birth, sex, blood type; information about physical activity, such as number of steps; information about physical indices, such as Your weight, waist circumference; information regarding reproduction, such as body temperature, Information about women’s monthly period; information regarding nutrition, information regarding movement, information regarding alcohol consumption, information regarding sleep habits, and information regarding personal hygiene. The information received from such third parties is under their sole responsibility. We will have no responsibility and/or legal liability for the use of incorrect and/or outdated information about You that was provided to Us by such third

2.7 You allow Us to use Your information to provide Our Services to You. You grant Us an irrevocable, royalty-free, non-exclusive, unlimited license (with the right to sub-license), to use Your PII and Genetic Information for the primary purpose of delivering and providing the Services to you and to improve the Services and otherwise as We disclose in this Policy. You authorize Us to capture verbal and video recordings of you, such as through telehealth sessions and group sessions, subject to keeping your information private as described in this Privacy Policy, for quality assurance and to address any questions or concerns you have regarding your participation in the Services. When you participate in a group, you must respect the privacy of other group members.We and our individual professionals cannot, however, take responsibility for any acts or omission by other group members who participate in a group session with You.

2.8 How We Use PII. We will use PII (i) to provide the Services to You, (ii) to provide you with customized microbiome and nutritional reports; (iii) to monitor and analyze Your use of the Services and, if required, for the technical administration and troubleshooting of the Services,(iv) to personalize Your experience with the Services; (v) to better understand Your needs bothon an aggregated and individualized basis in order to improve Our Services, (vi) to improve the Services, including without limitation to train any artificial intelligence or machine learning engine or system, neural network, or similar system for those provision of Services to You, (vii)benchmarking and statistical analysis, (viii) research including medical research and development of products and services, including with third party(ies) or by third party(ies) such as HMOs, medical institutions, academic institutions, and other commercial entities (Use of personal information for the purpose of research will be subject to Your consent), (ix) to provide You announcements and further administrative information regarding Your progress with the Services or changes in the Services; (x) to provide You with offers that you may find useful or interesting; (ix) to enforce Our Terms of Use and Privacy Policy, (x) to communicate with You and contact You to obtain feedback from You regarding the Service and the process You are going through; and (xii) transfer to our affiliates, third party vendors, service providers, contractors who are working on Our behalf in connection with the Services and related services rendered to You, such as (a) for storage, data processing, customer services and support, and/or back up purposes and (b) as otherwise authorized by You (xiii) for data security purposes; (xiv) for the purpose of detecting and preventing fraud, misuse of services or other illegal actions; (xv) for the purpose of receiving Your feedback including by the performance of surveys; (xvi) for the purposes of handling complaints and data subjects access or deletion requests; (xvii) in order to meet legal requirements and regulatory obligations; (xviii) for the purpose of establishing and protecting Our legal rights; (xix) for any other legitimate purpose as permitted by applicable law.

2.9 Usage Information. We automatically collect information when You use the Services“Usage Information” We may use several technologies (that will apply to Your mobile device) toreceive and/or collect Usage Information as follows:

2.9 How We Use Usage Information. We may use Usage Information (i) to give you access and use of the Services; (ii) to deliver the Services to You; (iii) to provide, operate, analyze, develop and improve the Services; (iv) to conduct data and system analytics and statistics; (v) to ensure the Services are functions properly; (vi) for security purposes; and (vii) to monitor and analyze use of the Service and for the technical administration of the Services.

3. Information Sharing, Use and Disclosure.

3.1 Minimum Necessary. We will take reasonable steps to limit the use or disclosure of, and requests for, protected health information to the minimum necessary to accomplish the intended purpose of providing the Services to You and other purposes detailed in the Policy.

3.3 Affiliates. We may share your PII with any of our corporate affiliates where we consider that it is in our legitimate interests to do so for internal administrative purposes (for example,ensuring consistent and coherent delivery of Services to our users, corporate strategy,compliance, auditing and monitoring, research and development and quality assurance).

3.4 Third Party Providers. We use third party service providers to help us operate and provide the Services to You. These third-party providers include, amongst others, labs, cloud-5 based storage, data processing solutions, and payment processing services. Such third-party service providers are subject to confidentiality obligations and may be exposed to a limited portion of Your PII that is the minimum necessary to fulfill their obligations to Us. We requireall third-party providers who may have access to any PII or PHI to agree to a business associate agreement with Us as required by the US Health Insurance Portability and Accountability Act.

3.5 Aggregate, De-Identified and Non-Identifying Information. “Non-Personally Identifying Information” means any anonymous and/or statistical data that cannot be used on its own totrace or identify a person and “de-identified data” as defined in 45 CFR § 164.514(b)(2) of the US Health Insurance Portability and Accountability Act and regulations. We may share Non Personally Identifiable Information with third parties for research purpose, industry analysis,demographic profiling, statistical purpose and/or any other commercial purposes, as We see fit.In addition, You acknowledge that the increasing adoption of health information technologies can accelerate groundbreaking healthcare research that combines large, complex data sets from multiple sources. You agree that We may participate in clinical research or reports with various third-parties (such as healthcare institutions, academic institutions, and pharmaceutical companies) by sharing or providing them with aggregated, de-identified data that does not identify You individually.

3.6 Compliance with Laws and Law Enforcement. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose such information to government or law enforcement officials or private parties as We, in Our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect Our or a third party’s property and rights, to protect the safety of the public or any person, or to prevent or stop any activity We may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable.

3.7 Other Transfers. In connection with a merger, acquisition, reorganization or sale of all or substantially all Our shares or assets, or in the event of Our bankruptcy, We may transfer some or all Our assets, including among others any information, subject to Our Privacy Policy as in effect immediately prior to such a transfer (except if We notify You otherwise). If We believe a transfer results in a material change in the use of the information We’ve collected or received about You,We will give You the opportunity to opt out of the transfer.

3.8 PHI. For purposes of clarity, the terms of this Section 3 also apply to your PHI, as defined below.

4. Promotional Materials and Newsletter.

4.1 Opt-out. You explicitly consent, pursuant to applicable laws, to receive from Us promotional material about Us, our affiliates and/or the Services via different media, including but not limited to email, fax, automated voice-messages, and text messages. Please note, that if You are no longer interested in receiving Promotional Materials, You can opt-out at any time by 6 following the unsubscribe instructions provided in Promotional Material itself and following the receipt of an opt-out request We will remove You from the Promotional Materials mailing list.

4.2 Communications. As an integral part of the Service, We may send to You, from time to time, via direct mailing and e-mail (a) information related to Your Use of the Services and other information about DayTwo and (b) registration materials for the Services. You explicitly consent to receive the communications via the e-mail address You provided while registering to the Services. Please note, that if You are no longer interested in receiving marketing material from DayTwo, You can opt-out from the mailing list by following the unsubscribe instruction provided in the email.

5. Data Protection and Security.

5.1 We are concerned with safeguarding Your PII. We employ a combination of administrative, technical, personnel and physical measures designed to protect Your PII from unauthorized access, use, disclosure, and modification. However, We do not promise that any information or private communications will be fully protected from unauthorized disclosure oruse.

5.2 Use Caution. You should take steps to protect against unauthorized access to Yourpassword, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping Your log-in and password private. If You receive an email asking You to update Your information with respect to the Services, do not reply and please contact Us You are solely responsible for maintaining the confidentiality of your login information and for restricting access to your mobile device while logged into the account. You will be responsible for all activities coming from your account or from your mobile device, including upload of Information, whether authorized by You. You are solely responsible for adequate protection and backup of your personal information. If you cease to use the Services and/or if you transfer your mobile device to someone else, it is your obligation to uninstall the app from your mobile device.

6. International Processing and Transfer.

6.1 You are aware that We may process, maintain,store and/or or transfer some PII (whether in whole or in part, including Microbiome Information)to countries outside of Your state or country (including Israel), where the privacy laws may not be as protective as those in Your jurisdiction, and You hereby provide Your informed consent to the use and/or process and/or storage and/or transfer of the Content (including, without imitations to Your PHI to countries outside Your state or country.

7. Retention.

7.1 We retain user’s PII for as long as such individuals are using our Services. If auser ceases to use our Services, we may continue to retain certain PII of that user for the period required by our legal and regulatory obligations and/or for accounting purposes (i.e., as required by applicable laws regulating our Services, for bookkeeping purposes, and to have proof and evidence concerning our relationship with that user, should any legal issues arise following the user’s discontinuance of use of our Services). Please note that except as required by applicable law, we will not be obligated to retain your information for any period, and we are free to securely delete it for any reason and at any time, with or without notice to You. Unless otherwise restricted by applicable law, Non-Personally Identifiable Information may be retained indefinitely.

8. Our Policy toward Children.

8.1 The Service is intended for a general, adult audience. Wedo not knowingly collect PII from minors aged 18 or Younger. If a parent and/or legal guardian becomes aware that his or her child has provided Us with Personally Identifiable Information without their consent, he or she should contact us at


9.1 This Section 9 applies to the extent Your personal health information (“PHI”) orany part of it is covered by the Health Insurance Portability and Accounting Act and applicable regulations (“HIPAA”).9.1. Authorized Disclosure.• Treatment: We may use or disclose your PII and PHI to healthcare professionals for treatment purposes. We may make these disclosures to the clinical teams at Your employer, health plan, and/or pharmacy benefits managers to the extent such group sponsors Your use of the Services.• Payment: We may use or disclose your PII and PHI for purposes of billing and payment for the Services, such as benefits manager or health plans to the extent such groups sponsor Your use of the Services.• Healthcare Operations: We may disclose your PII and PHI to Your health plan, employer’s clinical team, health care benefits consultant, or benefits manager clinical team, if Your use of the Services is made available and paid for by one of those groups.

9.2. We are not a Covered Entity. You understand that We are not a “covered entity” as defined in HIPAA. We are not a healthcare provider, healthcare plan, or healthcare clearinghouse.

9.3. Business Associate. You understand that We may serve as a Business Associate if We are engaged by Your healthcare provider, healthcare administrator, or healthcare insurance company,which are “covered entities” as defined by HIPAA (“Health Consultants”). You understand that Your Health Consultants and the labs are or may be “covered entities” that are subject to the provisions of HIPAA, so Your health information provided to us by a lab, or Your Health Consultants may be subject to or protected by HIPAA. You agree to provide a separate HIPAA Privacy Authorization if required by Your Health Consultant. You authorize us to provide this Authorization to the Health Consultants and Labs and understand that the Health Consultants and Labs may require You to execute additional documents authorizing their disclosure of Your information. You understand that once Your information is shared, federal privacy laws may no longer protect it from further disclosure; Health Consultants and others You authorize will have access to Your information. We will protect Your information and use Your information only as provided for in this Agreement, Our Terms of Use, Privacy Policy, and Your applicable HIPAA Privacy Authorization and Consent for Services.

9.4. Minimum Necessary Disclosure. Our use and disclosure of PHI will be limited as and to the extent required by HIPAA, which may include, for example, providing You with certain communications via emails, text messages or in app messages, such as appointment reminders,encouragement, and advice. If You would prefer not to exchange PHI via email or text message,please notify us at You may also request We update, correct, or delete Your PHI by contacting us at; provided however, that We may retain any PHI that We are required to maintain in accordance with HIPAA. Any information that does not constitute PHI may be used or disclosed in any manner permitted under this Policy. The standard applied in this Section 9.3 does not apply to the following:

9.4 Your right to review, amend and delete Your PHI. You have the right to review Your PHI records we have in our possession, and provide a request to update, amend and/or delete it by contacting us at We will act, subject to applicable law, to comply with Your request. We may retain certain information as deemed required by applicable law, or for legitimate business reasons, for the duration as required under applicable law. Please note,that if You completely delete any of Your PHI records, Your account may be deactivated and as such, You will not be able to use the Services. Please be aware that even after Your request for a deletion or amendment change is processed, We may, for a time, retain residual information about You in Our backup and/or archival copies of Our database. We will retain and use such residual information as necessary to comply with Our legal obligations, resolve disputes, and enforce Our agreements. When you ask us to exercise any of Your rights under this Privacy Policy and applicable law, we may need to ask You to provide Us certain credentials to make sure that You are who You claim You are, to avoid disclosure to you of PHI which is related to others that You are not authorized to receive, and to ask You questions to better understand the nature and scope of information that You request to access.

10. Applicable Law.

10. 1 This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Delaware, excluding its choice of law principles (above and hereinafter: “Governing Law”). Any dispute arising in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent court in Wilmington, Delaware.

11. Contacting Us.

11. 1 If You have any concerns or questions about this Policy, please contact us at

12. Special Notice to Residents of the State of California, USA.

We use tracking technology and we do not sell or share PII for marketing purposes.

Updated: 5 January 2022

Copyright © 2022 Day Two, Inc.