Privacy Notice

Curology makes customized skincare affordable and accessible. We use the information you share with us to help provide you with a customized experience from when you start interacting with us to providing you your own personalized treatment plan.

Curology, Inc., David Lortscher, MD, P.C. (DBA Curology Medical Group), Skin Specialty Solutions, Inc., and our provider entities (“Curology,” “we,” “us,” or “our”) take your privacy and trust in us seriously. We are committed to protecting the privacy and security of the information that you share with us.

The purpose of this Privacy Notice is to explain how we may collect, use, store, disclose, or otherwise process your personal information when you interact with us through the Curology website located at http://curology.com/, our mobile application(s), our products and services, and/or other communication channels under our control such as email, telephone, or social media that link to this Privacy Notice (collectively, “Services” or “Website”). The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country, or territory other than that of the United States. All capitalized terms not otherwise defined in this Privacy Notice have the same meaning as set forth in the Curology Terms of Service, available here: https://curology.com/terms/.

IF YOU DO NOT WISH TO ACKNOWLEDGE OR ACCEPT THIS PRIVACY NOTICE, PLEASE DO NOT USE THE SERVICES.

Table of Contents

  1. Collection of Information
  2. Sources of Information
  3. Use of Information
  4. Sharing of Information
  5. Security of Information
  6. Retention of Information
  7. California Privacy Rights
  8. International Transfers
  9. Updates
  10. Contact Us

1. Collection of Information

Curology collects and stores a variety of information when you use our Services. The specific types of information we collect will depend on the Services you use, but may include the following:

Personal Information
Personal information means information associated with or used to identify or contact a specific person. Personal information we collect may include:

  • Identifiers such as your first and last name, date of birth, sex or gender, physical address, email address, phone number, identification numbers, etc.
  • Audio, visual, and other electronic information such as photographs and videos for purposes other than diagnosis or treatment
  • Commercial information such as your order history, products purchased or considered, payment information, and shipping history
  • Internet and network activity information such as IP address, geolocation information, device information, log data, and cookies and similar technologies
  • Inferences drawn from any of the information collected about you such as your preferences, characteristics, and behavior, etc.

Health Information
Health information is a type of personal information that includes any identifying information we collect relating to your medical history, including symptoms, diagnoses, treatment and outcomes. Health information we collect may include:

  • Audio, visual, and other electronic information such as photographs and videos for purposes of diagnosis or treatment
  • Medical history such as medical conditions, medications, allergies, treatment options, prescriptions, and any other health-related information for purposes of diagnosis or treatment.
  • Commercial information such as your order and shipping history

Persons Under the Age of 18

Persons under the age of 13 are prohibited from using our Services. Persons between the ages of 13 and 18 may only use our Services with the legal authorization of their parent or legal guardian. Curology does not knowingly collect any information from persons under the age of 13 (or from persons between the age of 13 and 18 without appropriate authorization). If you are a parent or guardian of an individual under the age of 18 and believe your child has disclosed personal or health information to Curology without your authorization, please contact us at support@curology.com.

2. Sources of Information

We collect information about you from the following categories of sources:

You (Actively)
You may actively provide us information when you use our Services such as through our websites, emails, social media, surveys, sweepstakes and promotions, or any other online or offline interactions.

You (Passively)
You may also passively provide us information through your interactions and use of our Services such as your IP address, access times, hardware and software information, device information, device event information (e.g. crashes, unsuccessful logins, browser type), the web page you’ve viewed or engaged with before or after using the Services, and other relevant information. We may use cookies and other tracking technology to collect this information.

Third Parties
We may receive information from third parties such as affiliates, business partners, and service providers to operate our business and improve your experience and interactions with us.

Publicly Available Databases
We may receive information that is available publicly, either online or offline, to operate our business and improve your experience and interactions with us.

3. Use of Information

Curology and our service providers may use information about you to:

  • Provide teledermatology and related services;
  • Verify your identity as the holder of an account with us;
  • Administer your account, process payments, troubleshoot issues, and provide you with customer support;
  • Communicate with you about the Services, and to deliver any administrative notices or alerts and communications relevant to your use of the Services;
  • Allow you to participate in sweepstakes, contests, or other promotions;
  • Market our services and those of third parties that we believe may be of interest to you;
  • Tailor the features, performance and support of the Services to you and your preferences;
  • Provide, operate, analyze usage of, and improve the Services, including performing product research and development;
  • Investigate, detect, deter, prevent, report, defend against, or take other action regarding security incidents, abusive behavior, suspected fraud, malicious or illegal activities, or violations of our Terms of Service or other policies;
  • Make sure our terms, policies, and agreements with you and any third parties are enforced;
  • Comply with applicable laws and regulations.

Email & Text Communications

Curology may send you marketing emails or texts to let you know of the latest news on our products and services. If you wish to stop receiving marketing emails from us, you can opt out by clicking the unsubscribe link in the footer of any marketing email or contact us at support@curology.com. Please be aware that you cannot opt out of transactional emails. Transactional emails are emails we send you relating to your account or in connection with providing you the Services such as emails changing your password, emails in response to your support request, and emails from your medical provider. If you wish to opt out of all texts (including operational, promotional, or transactional texts), you can text the word “STOP” from the mobile device receiving the text messages.

Online Analytics

We use third-party service providers such as Google Analytics by Google LLC (“Google”) to track and analyze Website traffic through the use of cookies and other tracking technology. This allows us to show you advertisements and content that may be of interest to you based on your interactions with the Services, other online services, and/or information received from third parties. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: policies.google.com/privacy. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics, available at: tools.google.com/dlpage/gaoptout.

Do Not Track

Certain web and mobile browsers allow you to send a signal to inform websites that you do not want your online activities tracked. At this time, we do not currently respond to “Do Not Track” signals or similar mechanisms.

4. Sharing of Information

We understand the importance of protecting the confidentiality of your information and limit our disclosure of your personal and/or health information to the following possible scenarios:

  • To licensed medical providers (including those who provide healthcare services, drugs, or medical devices) so that they may provide you with the teledermatology and related products and services you request;
  • To third-party service providers acting on our behalf or to entities with whom we may collaborate with to deliver the Services;
  • In order to protect the safety and security of Curology, the Services, our operations, our systems, our properties, our customers, or any other related person or entity;
  • In order to investigate, detect, deter, prevent, report, defend against, or take other action regarding security incidents, abusive behavior, suspected fraud, malicious or illegal activities, or violations of our Terms of Service or other policies;
  • In order to establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others;
  • In order to comply with applicable law or legal process such as a court order or subpoena;
  • In connection with any reorganization, restructuring, merger, sale, acquisition, financing, dissolution, or other transfer of assets under the condition that the recipient agrees to respect your information in a manner that is consistent with this Privacy Notice.

Please note that we do not sell your personal or health information to third parties. We may share non-personal, de-identified, or aggregated information with third parties.

5. Security of Information

Curology understands the importance of securing your information. We are continuously implementing and updating our administrative, technical, and physical security measures to protect your information. For example, we use firewalls to monitor and control our network traffic, encryption to secure our data transmissions, and cryptographic hash functions to store or share certain data.

Please be aware that using the Internet comes with inherent risks. No method of data transmission or method of physical or electronic storage can be guaranteed to be perfectly secure. There is some risk that an unauthorized third party may find a way to circumvent our security or that a transmission of your information over the Internet will be intercepted. Curology takes the measures stated above to provide a level of security appropriate to the risks of processing your information. You acknowledge and accept that we cannot guarantee the security of your information.

Aside from our efforts in securing your information, it is your responsibility to protect the security of your account credentials and keep your password confidential. If you notice suspicious activity or believe that your account may have been compromised in some way, please contact us immediately at support@curology.com.

6. Retention of Information

We may retain your information as required or permitted by applicable laws and regulations. For example, if you are a resident of certain jurisdictions you may be able to request to have your personal information deleted. If your request is granted, we may still be required by medical laws to retain your health information for a period of time. Your medical records will be retained by Company for a period of at least five (5) years, unless a longer period is required by state or federal law, after which they may be destroyed. If you are younger than twenty-three (23) years of age on the date the records may potentially be destroyed, your records will be kept at least until you reach the age of 23 or as required by state or federal law.

7. California Privacy Rights

“Shine the Light” Law (California Civil Code § 1798.83)

California law permits California residents to request certain details about how their information is disclosed with third parties for third-party direct marketing purposes. We do not share your information with third parties for their direct marketing purposes.

Privacy Rights for California Minors in the Digital World Act

If you are a California resident under the age of 18 and are a registered user of the Services, then you may request that we remove information you posted on the Services. Please be aware that applicable state or federal law may prevent Curology from deleting certain categories of information such as health information. Request for removals should include a description of the specific posted information (including information that will allow us to confirm it was created and posted by you) and should be sent to support@curology.com.

California Consumer Privacy Act of 2018 (CCPA)

If you are a California resident you have the following rights subject to certain exceptions:

  • The right to know about what personal information in the last 12 months was collected, how it is used, and whether it is disclosed for a business purpose or sold to third parties;
  • The right to request deletion of personal information;
  • The right to opt-out of the sale of personal information; and
  • The right to non-discrimination for the exercise of privacy rights.

Curology does not sell your personal or health information. We will not discriminate against you for exercising your rights under the CCPA.

Please note that requests pursuant to the CCPA are limited to non-medical personal information as the CCPA does not apply to health information governed by the CMIA. Before we approve your request(s), we will ask you to verify certain Personal Information that we have on file. You may submit a request to access or delete your personal information by emailing support@curology.com or filling out our online form here.

You may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent, you or your authorized agent must provide written proof to support@curology.com that the agent has a valid power of attorney pursuant to California Probate Code sections 4000-4465 or by submitting a signed and notarized authorization form (available here).

The table below summarizes the categories of personal information we have collected in the last 12 months and the categories of third parties who we have disclosed personal information to for a business purpose. The sources from which we collect personal information can be found in the above section entitled “Sources of Information.” The purpose for collecting personal information can be found in the above section entitled “Use of Information.”

Categories of Personal Information Collected
(See Above Categories)
Categories of Third Parties
(Disclosed to for a Business Purpose)
A. IdentifiersAffiliated Entities; Medical Providers; Service Providers (Customer Support/Feedback, Marketing Services, Payment Processing, Operating Systems, Website Optimization, Data Analytics)
B. Certain Personal Information (§1798.8)Affiliated Entities; Medical Providers; Service Providers (Customer Support/Feedback, Marketing Services, Payment Processing, Operating Systems, Website Optimization, Data Analytics)
C. Certain Characteristics of Protected ClassificationsAffiliated Entities; Medical Providers; Service Providers (Customer Support/Feedback, Website Optimization, Data Analytics)
D. Commercial InformationAffiliated Entities; Medical Providers; Service Providers (Marketing Services, Payment Processing, Operating Systems, Website Optimization, Data Analytics)
F. Internet or Network Activity InformationService Providers (Customer Support/Feedback, Marketing Services, Operating Systems, Website Optimization, Data Analytics)
H. Certain Audio/Electronic/Visual/Similar InformationAffiliated Entities; Medical Providers; Service Providers (Operating Systems, Website Optimization, Data Analytics)
I. Professional/Employment-related InformationAffiliated Entities; Medical Providers; Service Providers (Talent Acquisition)
K. InferencesService Providers (Website Optimization, Data Analytics)

8. International Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal information, to the United States and process it there. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use the Services.

9. Updates

We may update this Privacy Notice from time to time and make changes to our information practices as permitted by law. You can reference the date on the bottom to determine when this Privacy Notice was last updated. Any changes will become effective when we post the revised Privacy Notice on the Services. If you are registered for the Services, you will be notified of any material changes to this notice prior to them becoming effective. Your use of the Services following this notice means that you acknowledge and accept the revised Privacy Notice

10. Contact Us

If you have questions or concerns about this Privacy Notice, please contact us at privacy@curology.com. For any other questions, please send an email to support@curology.com.

Last Updated: May 14, 2020.