Jiff Privacy Statement And Cookie Statement

This Privacy and Cookie Statement (“Statement”) applies to and the Jiff software and services, owned and operated by Jiff, Inc., a wholly owned subsidiary of Castlight Health, Inc. (“Jiff”).

Protecting Your privacy and the protection of Your Personal Information is very important to Jiff. For purposes of this Statement, “Personal Information” is any information that can be used on its own or with other information to identify, contact, or locate an individual, or to identify an individual in context. Here, You will find what Personal Information we collect, why we collect it, and what we do with it in connection with the health benefits platform (the “Jiff Platform”) and web and mobile application software and services offered by Jiff, or a third-party vendor on Jiff’s behalf (collectively, the “Jiff Services”) and the products and services offered by Jiff’s platform partners (“Platform Service Providers” or “PSPs”, collectively the “PSP Services”). As used in this Statement, “Employer” is the Jiff customer who authorized Your access to the Jiff Services and the PPS Services. It also describes the choices available to You regarding the use of, Your access to, and how to update and correct Your Personal Information (defined below). Jiff is committed to protecting the privacy and accuracy of the information we collect about You, including Your Personal Information, to the fullest extent possible.

This Privacy and Cookie Statement is revised as of December 2, 2017.

EU-U.S. and Swiss-U.S. Privacy Shield

Jiff participates in and has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Framework. Jiff is committed to subjecting all personal data received from European Union (EU) member countries or Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

Jiff is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf.  Jiff complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Jiff is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  In certain situations, Jiff may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If You have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) here.

Under certain conditions, more fully described on the Privacy Shield website You may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Collection And Use Of Personal Information And Non-Personally Identifiable Information

You may be asked to provide Personal Information when You use the Jiff Services and PSP Services, or import data from and export data into various third-party applications, devices, and services into the Jiff Services and PSP Services. Your Personal information may also be provided to Jiff and PSPs by Your Employer or third-parties at Your request or instruction.

Your Personal Information That We Collect From You

Jiff may collect from You the following Personal Information in connection with Your use of the Jiff Services and PSP Services requested by Your Employer:

  • email address and password during account creation.
  • demographic and general health and financial information, including date of birth, gender, zip code, height, weight. For some products and services, these details are required as part of Your registration process.
  • unique temporary or persistent device identifiers.
  • certain hardware information about Your computer or mobile device.
  • data through access to Your calendar if You authorize such calendar access.
  • activity data such as steps activity data, sleep and food activity data and other data that You enter or upload into Your tracking device, webpage or mobile application.
  • medical or lab completion data or claims data submitted by Your insurance company only if authorized You through Your Employer.
  • fitness tracker information You provide, or authorize to be provided, to Jiff.
  • geolocation information that is automatically transmitted based upon Your choice to the use of certain tracking devices and applications that automatically provide this information along with other activity data.
  • any additional information that You add manually to the Jiff Services, including answers to surveys and questionnaires, behavioral and mood information, goals, and preferences.
  • any Personal Information that You authorize third-parties to provide to Jiff including through third-party devices, applications, or services.
  • Internet Protocol (“IP”) address.
  • financial information, including credit card information.
  • user behavior based upon click stream history or contained in log files (e.g., IP address, browser versions, OS versions, internet service provider “ISP” information, time of day of application use, surfing and viewing habits) of how users are using Jiff applications and which pages the users have visited.
  • by linking Your tracking device, tracking application, or certain PSP program accounts through the Jiff platform, Jiff will have access to all Personal Information collected through such tracking device, tracking application, or certain PSP program unless there is a feature that allows You to “turn off” the collection of such Personal Information and You turn the feature off.

Jiff may also collect certain non-personally identifiable information relating to You and/or Your use of the Jiff Services and PSP Services (“Non-Personally Identifiable Information), including aggregated, anonymized information concerning Your use of the Jiff Services. For example, Jiff may collect Non-Personally Identifiable Information regarding the pages and services that You access through the Jiff Services, and information concerning the browser(s) and Internet platform service provider(s) used to access the Jiff Services. For more information, see Use of De-Identified Information and Aggregated User Data below.

We may also collect from You information you share about your contacts. This can include their name and email address in order to share content or to invite them to register for the Jiff Services. When You provide us with personal information about Your contacts, we will only use this information for the specific purpose for which it was provided. If You believe that one of Your contacts has provided us with your personal information and You would like to request that it be removed from our database, please contact us at

The Information We May Collect From Your Employer

In order to enable Your use of the Jiff Services, You hereby authorize Your Employer to provide Jiff Your first and last name, email address and employee ID. You also hereby authorize Your Employer to provide Jiff Your date of birth, mailing address and user photo, and any additional information as required to provide certain options or additional services.

As Part Of Jiff’s PSP Programs, The Personal Information Jiff Or PSPs May Collect And Share With Each Other (As Part Of Jiff’s Agreement With Your Employer To Provide Such Jiff Services And PSP Services) May Also Include:

  • User Data derived from physical activity (such as steps and active minutes), sleep, calories burned, standing time, calories consumed, heart rate, food activity data, nutrition data, satisfaction data, cognition, stress, survey comments, parenting advice, collaborative games, news feed comments and other data that You enter or upload into Your tracking device, wearables, webpage or mobile application.
  • User adoption data including enrollment, registration, account creation.
  • Healthcare claims data and pharmacy claims data from third-parties such as Your insurance company as requested or provided indirectly by Your Employer.
  • Completion status (i.e., “Started”, “In Progress”, or “Completed”).
  • Data concerning health status such as Health Risk Assessments (HRA), Lab data, Risk scores and user responses to questions in HRA with action steps for scheduling and completion of survey(s) and Biometric screenings – Biometric data such as BMI (body mass index), blood pressure, cholesterol, and related health screenings with action steps for scheduling and completion of tests towards incentives for achieving set thresholds or improving set thresholds, and other health status programs.
  • Data concerning managed health including Disease and care management for chronic conditions such as diabetes, asthma, autism – participation in program(s), action steps indicating completion of tasks towards incentives for achieving set thresholds or improving set thresholds, Employee Assistance Programs (EAP) – enrollment, participation and action steps towards incentives for completion of task(s), medication management – prescription and nonprescription medications used, dosage, frequency action steps towards incentives for completion of task(s), and other managed health programs.
  • Data concerning access to care including virtual care services such as second opinion and telemedicine – registration/enrollment, health profile, service utilization and action steps towards incentives for completion of task(s), in-person care such as retail clinics, medical and dental care providers – scheduled visit(s), primary diagnosis, ordered lab tests, biometric results and action steps towards incentives for completion of task(s), provider search and scheduling – user search terms, search results, scheduled appointments and action steps towards incentives for completion of task(s), medical and dental insurers – available plan options, plan membership, medical and dental claims, triggers for recommended services based on processed claims, and other access care programs.
  • Data concerning health maintenance and wellness including weight management – weight tracked, participation in programs and action steps indicating completion of tasks towards incentives for achieving set thresholds or improving set thresholds, pregnancy/fertility – weight, kicks, exercise, as well as personal health information such as due date, stress/resilience – cognitive and emotional assessments through games and videos with action steps for scheduling and completion of tasks, nutrition management – completion data towards incentives for achieving set thresholds or improving set thresholds, smoking cessation – tobacco use, nicotine replacement therapy, action steps towards incentives for completion of the task(s), physical fitness – fitness center check-ins, workout participation, and action steps towards incentives for completion of the task(s), sleep management – sleep duration, sleep quality and action steps towards incentives for completion of task(s), and other health maintenance and wellness programs.
  • Data concerning finance and wealth management including retirement services such as 401(k) – available retirement plan options, enrollment, participation and action steps towards incentives for completion of task(s), tax-advantaged savings services such as Health Savings Accounts (HSA), Flexible Spending Accounts (FSA) – available services, enrollment, participation, and action steps towards incentives for completion of task(s), financial wellness – available educational programs, content, participation action steps towards incentives for completion of the task(s), and other finance and wealth programs.

How We Use The Personal Information We Collect

Jiff and PSP’s use Your Personal Information:

  • to administer, monitor and moderate the Jiff Services and PSP Services.
  • to direct You to programs, actions, content and events that are most relevant and helpful to You
  • to implement and provide You with Jiff Services and PSP Services customized to Your needs.
  • in an aggregated and anonymized format, to help Your Employer understand and select the types of programs they should offer their employees.
  • to send important notices or other communications to You from time to time.
  • to update terms, conditions, and policies.
  • for internal purposes such as auditing, data analysis and research, to improve our content, to develop, deliver, understand performance, to perform internal market research, project planning, troubleshooting problems, and to detect and protect against error, fraud or other criminal activity.
  • improve and promote the Jiff Services and PSP Services.
  • to administration of any sweepstakes or promotions, purchases, donations or other activities that You are involved in using the Jiff Services and PSP Services.
  • to help our PSP support their programs for You on the Jiff Platform.
  • to enforce the Jiff “Terms of Service” which can be found necessary and applicable to You.
  • to create aggregated anonymous analytical data.
  • to support incentives that encourage You to use programs that can help You achieve Your goals.
  • to ensure that that You have registered or completed setting up an account, that You are using a product regularly, or that You have started or completed some set of activities or achieved a desired goal using the Jiff Services or the PSP Services.
  • as underlying data used to create reports (that are aggregated and anonymized so Your Employer cannot see data at the individual level) to help employers understand how programs are being used by their employees.
  • so Your Employer will be able to see how many people started or completed a program, but not see who did so.

If required by Your Employer, we may provide, and You consent to Jiff providing, Your Personal Information to third-party administrators (that have signed a confidentiality agreement with Jiff or Your Employer agreeing to protect Your Personal Information) who will access Your Personal Information, de-identify it and create aggregated anonymous analytical data for Your company’s health and wellness programs.

Sharing Options With Spouse, Domestic Partners, Family Or Friends.

Some programs allow You to have a spouse, Domestic Partner (DP), other family member or other third person that You designate to share Your Personal Information with while using a Jiff Services and PSP Services. Additionally, You are able to tag Your friends to follow them or allow others to follow You, add comments and notes, have conversations and otherwise share Your Personal Information. Jiff is not able to remove comments, postings or content, once it has been posted by You or an individual following or mentioning You.

Disclosure To Third-Parties And Jiff Platform Providers

The Jiff Services may contain links to third-party websites and applications. If You disclose information to any third-party in connection with Your use of the Jiff Services (including, for example, a third-party application provider using the Jiff platform to provide independent goods and services directly to You), different rules may apply to their use or disclosure of the information You disclose to them. When You click on links You may leave the mobile or web location providing You the Jiff Services.

If You order a device, application, or service on the Jiff Services that is marketed or sold by a third-party, Jiff may provide Your name and contact information to such third-party. Your payment information will not be shared with these third-parties. If You do not want us to share Your Personal Information with these third-parties, contact us at (

Jiff may share the information it collects from You, including Personal Information, with companies who provide services such as: information processing; fulfilling customer orders; delivering products, rewards, incentives to You; managing Employer data; providing customer service; conducting customer research or satisfaction surveys; and other subcontracted services for Jiff or Your Employer through Jiff. These companies are authorized to use Your Personal Information only as necessary to provide these products and services to You and are obligated to protect Your information. For example, if You use a credit card in the Jiff Store, Your credit card information will be shared with Jiff’s credit card processing company. If you do not wish to have Your credit card information passed to our credit card processing company, please refrain from providing us such information.

Jiff’s Statement does not apply to You once You leave the Jiff website or mobile application and go onto the PSP website or mobile application. You may be subject to the privacy policies of any PSP and Non-PSP third party. Jiff is not responsible for the privacy practices or policies on such third-parties and we encourage You to read their privacy statements. If You go onto a PSP’s site from the Jiff website or mobile application, You should read the PSP’s privacy policy.

Disclosures To Your Employer

Jiff may, to the extent permitted under applicable laws including HIPAA (Health Insurance Portability and Accountability Act of 1996), provide Your Employer on an ongoing basis with data necessary to enable Your Employer to manage incentive, reward, and wellness programs, including providing points earned to administrate subsidies and other benefits related accounting processes. This may include aggregated data related to program performance and population health to employers for the ongoing administration and evaluation of the programs. Unless permitted under HIPAA, Jiff will not disclose Protected Health Information (“PHI”) (as defined in HIPAA) to Your Employer.

Cross-Border Transfer

Your Personal Information and the information collected by us with respect to Your usage of the Jiff Services may be stored and processed in any country where we have facilities or service providers, and by using the Jiff Services or by providing consent to us (where required by law), You agree to the transfer of information to countries outside of Your country of residence, including to the United States, which may provide for different data protection rules than in Your country. You authorize Jiff to store Your Personal Information in the United States in one of Jiff’s licensed data centers.


In certain situations, Jiff may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose Your Personal Information as required by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect Your safety or the safety of others, investigate fraud, or respond to a government request. Your Personal Information could be transferred to or acquired by a third-party in the event of a Jiff merger or acquisition. You will be notified via email and/or a prominent notice on the Site, of any change in our current ownership, uses of Your Personal Information, and choices You may have regarding Your Personal Information. We may also disclose Your Personal Information to any other third-party with Your prior consent.

Push Notifications And Other Communications

In certain situations, Jiff may provide Push notifications to You from time-to-time in order to update You about any events or promotions that we may be running. If You no longer wish to receive these types of communications, You may turn them off at the device level. To ensure You receive proper notifications, we will need to collect certain information about Your device such as operating system and user identification information.

User Access And Choice

Upon request Jiff will provide You with information about whether we hold any of Your personal information. If Your Personal Information changes, or if You no longer desire our Jiff Services, You may correct, update, amend, delete/remove, ask to have it removed from a public forum, directory or testimonial on our Site or deactivate it by making the change on our member information page or by emailing our Customer Support at or by contacting us by telephone or postal mail at the contact information listed at the end of this Statement (see JIFF CONTACT INFORMATION below). We will respond to Your request within a reasonable timeframe.

In certain situations, Jiff has no direct relationship with the individuals whose personal information it processes. An individual who seeks access, or who seeks to correct, update, amend, or delete inaccurate data should direct their query to your Employer (the data controller). We will respond to requests within thirty days or a reasonable time frame.

We will retain Your information for as long as Your account is active, as needed to provide You the Jiff Services or based on information we receive from your Employer. We will retain and use Your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

How Jiff Uses Cookies And Other Tracking Technologies

We, Jiff, and our vendors (e.g., marketing partners), affiliates, or analytics or service providers (e.g. PSPs, online customer support providers, etc.), use cookies or similar technologies to analyze trends, administer the Site, tracking users’ movements around the Site, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis. You can control the use of cookies at the individual browser level, but if You choose to disable cookies, it may limit Your use of certain features or functions on our website or service.

When You visit a website, its server may generate a piece of text known as a “cookie” to place on Your computer. The cookie allows the server to remember specific information about Your visit while You are connected. The cookie makes it easier for You to use the dynamic features of web pages. Persistent cookies remain on Your phone, tablet or computing device after You log off from a website, close Your browser, or close the applicable app. Session cookies are deleted from Your phone, tablet or other computing device when You log off a website, close Your browser, and/or close Your browser or the applicable app. Cookies from Jiff web pages collect only information about Your browser’s visit to the Site. Jiff does not use cookies to collect Personal Information.

Jiff uses cookies to collect information about Your browser’s visit to the Site. Jiff uses persistent cookies to save Your registration ID and login password for future logins to the Site. Jiff uses session cookies to better understand how You interact with the Site, and to monitor aggregate usage by customers of the Site and web traffic routing on the Site. Third-party advertisers on the Site may also place or read cookies on Your browser. You can instruct Your browser, by changing its options, to stop accepting cookies or to prompt You before accepting a cookie from the websites You visit. If You do not accept cookies, however, You may not be able to use all portions or all functionality of the Site.

We may also occasionally use web beacons (also known as “clear gifs,” “web bugs,” “1-pixel gifs,” etc.) that allow us to collect Non-Personally Identifiable Information about Your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a web page or e-mail that can tell us if You have visited a particular area of the Site. For example, if You have given us permission to send You emails, we may send You an email urging You to use a certain feature of the Site. If You do respond to that email and use that feature, the web beacon will tell us that our email communication with You has been successful. Because web beacons are used in conjunction with persistent cookies (described above), if You set Your browser to decline or deactivate cookies, web beacons cannot function.

Internet Protocol (“IP”) Address

We collect the IP address of all visitors to our website. An IP address is a number that is automatically assigned to Your computer when You use the Internet. We use IP addresses to help us diagnose problems with our server, administer our website, analyze trends, and gather broad demographic information for aggregate use to improve our site, and deliver customized, personalized content. IP addresses are not linked to Personal Information.

As with most websites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, ISP, referring/exit pages, operating system, date/time stamp, and/or clickstream data.

We may combine this automatically collected log information with other information we collect about You. We do this to improve services we offer You, to improve marketing, analytics, or site functionality.

Our third-party vendor may use technologies such as cookies to gather information about Your activities on this Site and other websites in order to provide You advertising based upon Your browsing activities and interests. If You wish to not have this information used for the purpose of serving You interest-based ads, You may opt-out by clicking (or if located in the European Union click on Please note this does not opt You out of being served ads. You will continue to receive generic ads.

We use mobile analytics software to allow us to better understand the functionality of our Jiff Services on Your phone. This software may record information such as how often You use the Jiff Services, the events that occur within the Jiff Services, aggregated usage, performance data, and where the Jiff Services was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information You submit within the Jiff Services.

California Do Not Track Disclosures

Our websites and web portals are not configured to respond to do-not-track settings in Your browser.

How Jiff Uses Email

We may use a third-party vendor to help us manage some of our email communications with You. Although we may supply this vendor with email addresses of those we wish them to contact, Your email address is never used for any purpose other than to communicate with You on our behalf. When You click on a link in an email, You may temporarily be redirected through one of the vendor’s servers (although this process will be invisible to You) which will register that You have clicked on that link, and have visited our Jiff Services. We never share any information, other than Your email address, with our third-party email vendor, which does not share these email addresses with anyone else. You may opt-out at any time by clicking on the “Unsubscribe” link at the bottom of these emails, accessing the email preferences in Your account settings page, or You can contact us at

Jiff may also share email addresses with our PSPs for the programs that You have registered for so they can send information concerning the program pertaining to You.

Use Of De-Identified Information And Aggregated User Data

Jiff, or designated third-parties subject to appropriate confidentiality requirements, may de-identify the Personal Information we collect, by removing any data from that information which could be used to identify, contact or locate an individual. We may provide such de-identified information to Your Employer, our customers, vendors and PSPs.

Jiff, or designated third-parties subject to appropriate confidentiality requirements, may also generate aggregate usage information in order to understand how often and in what ways people use the Jiff Services to provide You with an optimal online experience. Such aggregate data may derive from or incorporate Your Personal Information, but will not include information which could be used to identify, contact or locate an individual. If appropriate, Jiff, or designated third-parties subject to appropriate confidentiality requirements, may provide aggregated data related to program performance and population health Your Employer for program administration and evaluation.

User Profiles And Submissions

Certain user profile information, including Your name, location, and any video or image content that YOU upload to the Jiff Services may be displayed to other users to facilitate user interaction within the Jiff Services. You may limit the profile information that can be seen by other by adjusting Your account privacy settings. Please remember that any content You upload to Your public user profile, along with any Personal Information or content that You voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by others. Jiff reserves the right to delete any comments it deems inappropriate, at Jiff’s sole discretion. Your user name may also be displayed to other users if and when You send messages or comments or upload images or videos through the Jiff Services, and other users can contact You through messages and comments. Jiff does not control the policies and practices of any other third-party site or service.

Social Media Widgets

Our Site includes “Social Media Features” such as the Facebook “Like” button, and “Widgets” such as the “Share This” button or interactive mini-programs that run on the Site. These features may collect Your IP address, which page You are visiting on the Site, and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third-party or hosted directly on the Site. Your interactions with these features are governed by the privacy statement of the company providing it.

Our Commitment To Children’s Privacy

Protecting the privacy of children is very important to us. The Children’s Online Privacy and Protection Act of 1998 (“COPPA”) defines a “Child” as anyone under the age of 13. Jiff strictly adheres to COPPA. For that reason, we do not collect or maintain information obtained through the Jiff Services from those we actually know are under 13, and no part of our Site is structured to attract anyone under 13.


Your account is protected by a password for Your privacy and security. You must prevent unauthorized access to Your account and Personal Information by selecting and protecting Your password and/or other sign-on mechanism appropriately and limiting access to Your computer or device and browser by signing off after You have finished accessing Your account.

We endeavor to protect the privacy of Your account and other Personal Information we hold in our records. We employ SSL to encrypt communications between our servers and client applications, and do our best to protect our systems so third-parties cannot access Your private information. However, we cannot guarantee complete security — unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information, which we share with our third-parties for marketing purposes, and providing contact information for third-parties. If You are a California resident and would like a copy of this notice, please submit a written request to:


You may direct questions, complaints or claims regarding the Jiff Services to 150 Spear Street, Suite 400, San Francisco, CA 94105, email:, phone: +1-650-323-3500. Questions about this Statement should be directed to

Our Statement may change from time to time. We will not materially reduce Your rights under this Statement without Your explicit consent. We will post any privacy statement changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy statement changes).