Medium Stack

Last Updated: January 2026

Continuance LLC and its affiliated entities operate a number of websites and other services under the brand names “Blueprint,” “Don’t Die,” “Blueprint Quantified,” “Blueprint Biomarkers,” and/or “Bryan Johnson,” and any other brands we develop in future (collectively, “Continuance,” “we,” “us,” “our”). This Continuance Privacy Policy (“Privacy Policy”) describes how Continuance collects, uses, and discloses information from and about you when you use our websites that we to this Privacy Policy (each a “Site” and together the “Sites”), our “Don’t Die” mobile application (the “Don’t Die App”) and any other mobile application to which we link this Privacy Policy (each an “App” and together the “Apps”), any services or products offered through the foregoing including our relationship with any third-party telehealth partners, any other services for which we link this Privacy Policy, and any interactions you have with us in connection with any such services, the Sites, or the Don’t Die App (each a “Service” and collectively, the “Services”).

To the extent permitted by applicable law, by using our Services or otherwise providing your information to us, you consent to the collection, use, disclosure, and other handling of your information as described in this Privacy Policy. For individuals in the UK, European Economic Area (“EEA”), and jurisdictions with similar data protection laws, we are the controller of your information. Our contact information is in the “Contact Us” section of this Privacy Policy.

We may present you with additional privacy terms in connection with certain services we may provide or certain interactions you may have with us. Unless otherwise stated, any such terms are supplemental to this Privacy Policy.

This Privacy Policy does not apply to the practices of entities we do not own or manage, or to websites, apps, or services that we do not link to in this Privacy Policy. This Privacy Policy also does not apply to you as an employee of Continuance or an applicant for employment with us.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION. IF YOU DO NOT WANT US TO HANDLE YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

This Privacy Policy contains the following sections:

1. Information We Collect
2. How We Use Information
3. How We Disclose Information
4. Your Rights and Choices
5. Security
6. Data Retention
7. Third-Party Links and Content
8. Children’s Privacy
9. Information for Non-United States Residents
10. Changes to This Privacy Policy
11. Contact Us
12. Consumer Health Data Privacy Policy
13. California “Shine the Light” Disclosure

1. Information We Collect

a. Information You Provide to Us

We collect information that you provide to us, including any information provided when you interact with us in any way via the Services, email, a phone call, events, or otherwise. For example, we collect information from and about you when you create an account; input or provide information to the Services through a webform, user interface, or otherwise; place an order through the Services; engage with customer support; or communicate with us in any way.

The information you provide to us may vary based on the Services you use. For example, if you only interact with us via our “Blueprint Quantified” program, you will provide less information about yourself than if you use our Don’t Die App. Depending on the Services you use, and subject to applicable laws, the information you provide to us may include, but is not limited to:

• Contact information, such as your full name and/or alias, email address, physical address, and phone number.
• Login information, such as username and password.
• Health information, such as information about your vital signs, diet, nutrition, sleep, exercise, cognition, mental health, biomarkers, blood test results, and other mental health, bodily and physiological functions, including through integrations with wearable devices or other applications.
• Information about your transactions on the Services, such as your transaction history and purchases of products, services, subscriptions, etc.
• Demographic information, such as age or age range, date of birth, ethnicity, race, sex, sexual orientation, and gender or gender identity.
• General location information inferred from your IP address, and information such as your state, city, and/or zip code; and precise geolocation such as latitude and longitude coordinates subject to your consent as required by law for purposes as described to you in the Services, such as to find nearby testing locations or for identifying local meet-ups for the Don’t Die community.
• Reviews, testimonials, preferences, or feedback about the Services.
• Information you upload or post to the Services, including audio and visual content that you upload to the Services, such as a profile photo if you choose to provide one or video or audio recordings that you choose to provide.
• Other profile information, such as biographical details, links to profiles on social networks, and preferences.
• Biometric information as defined under certain laws, such as data generated from measurements or technological processing of your physiological, biological, or behavioral characteristics that identify you.
• Genetic information, such as results of genetic tests you order through the Services.
• Information about your interests, activities, and characteristics.
• Information about your employer or sponsor of the Services, such as if you access the Services through an employer-sponsored benefits plan.
• Information about your relationships with others, such as if you disclose your relationship with other parties, e.g. in providing family history.
• Information in connection with your application for “Don’t Die” certification, such as your business contact information, company and brand name, tax ID, Employer Identification Number, and business payment information (which may be collected by our payment processors).
• Inferences generated from information about you.

*Please note*: some of this information is considered “sensitive” under certain laws, and we process this information in accordance with applicable legal requirements.

If you make purchases on the Sites or Apps, your payment information is collected and managed by third-party payment processors, not Continuance. We do not collect or store your full payment information, though we may receive limited information about your payment method, such as the last four digits of your payment card.

You are not required to provide us with such information, but certain features of the Services may not be accessible or available absent the provision of the requested information.

Please note that information you provide via one of our branded Sites or Apps may be used by a differently branded Site or App. For example, you may have the option to purchase tests (such as blood tests or genetic tests) through the store on one of our Blueprint-branded Sites or through a third-party service (such as our Amazon store). If you take one of these tests and you use the Don’t Die App, your test results will show up in the Don’t Die App to give you a more holistic picture of your wellness.

b. Information Collected Automatically

When you interact with the Services, we and third parties may collect information about your browser, device, and use of the Services, including but not limited to your IP address, device type and model, operating system, unique device identifier, cookie identifiers, other device or online identifiers, browser type, language, frequency of use of the Services, web logs, crash reporting, parts of the Services visited, and navigation through those pages. We may also collect technical information when you interact with emails or other communications from us (e.g., whether you opened an email). Some of this information is collected using cookies or other similar technologies. For more information, see the “Your Rights and Choices” section below.

c. Information Collected from Other Sources

The information we collect about you from other sources may vary depending on the Services you use and how you interact with us.

We may collect information about your interactions with Continuance on third-party platforms, such as our social media accounts and the Don’t Die community hosted by Discord. This information includes, but is not limited to, your likes and shares of our content.

If you log into a Service using your social media credentials, we may collect information about you from the social media site based on the authorizations and permissions set with the social media site. Logging into the Services through social media credentials is optional, and you will have the opportunity to grant permission when you attempt to connect.

We store some information that we receive from social media sites with other information that we collect about you. For information about how the social media sites may collect, use and disclose your information, including any information you make public, please consult its privacy policy. We have no control over how any third-party site uses or discloses the personal information it collects about you.

If you choose to connect the Services to third-party platforms or tools, or with other apps on your device, you will allow us to have access to and store additional information from such third party services and tools as such information relates to your use of the Services. For example, you may connect the Services with health or fitness monitoring platforms or tools to integrate your health or fitness data within the Services. You may also choose to connect the Services with the contacts list/address book on your device and authorize us to check on a regular basis if any of your contacts are users of the Services. If you do not wish to have this or other information from your device or apps disclosed, do not initiate these connections.

We may at times offer products and services operated by third parties, including testing kits, telehealth, and related services. These third parties may provide us with information related to your use of their products and services. For example, we may make certain tests available to you through the Services that are provided by independent third parties, and in some cases, these third parties, not Continuance, collect and analyze your test data. If you order one of these tests through the Services and take the test, such third parties may provide us with your results and other test data so that, for example, you can receive the data in the Don’t Die App. If you use telehealth services or prescription services, you may also direct those services to disclose certain data to us, such as the types of medications prescribed for you. Third-party telehealth partners do not otherwise make the medical information they collect about you accessible to us.

Please note that the Don’t Die App may collect certain information when it is not open on your device, such as through integrations. For example, if you have integrated the Don’t Die App with a fitness app or technology, and that fitness app or technology records a workout, the Don’t Die App will collect this workout data even if the Don’t Die App is not open at the time the data is generated.

We may also collect information about you from our affiliates, and from other unaffiliated sources, such as publicly available sources, data aggregators, enterprise customers, and marketing partners.

2. How We Use Information

We use the information we collect for various purposes, depending on the type of information and the way you interact with the Services, including:

• To provide, manage, and improve the Services;
• To administer your account, including to process your registration and verify your information, and establish and maintain your profile;
• To personalize the Services, including remembering the devices from which you have previously logged in and remembering your selections and preferences as you navigate the Services, and understanding your interests;
• To process transactions (as explained above, payment information is collected and processed by a third-party payment processor, not by us);
• To communicate with you about your use of our Services, to respond to your inquiries, to fulfill your orders, and for other customer service purposes, which may include communicating with you via email;
• To engage in analysis and research regarding the Services and how they are used, including to communicate with you about events or contests regarding the Services;
• To test and create new products, features, and services;
• For advertising, marketing, and promotional purpose, including to develop a more complete understanding of you and to send you newsletters and advertise our services to you on third-party websites (subject to any opt-out preferences you have communicated to us or in compliance with our legal obligations (such as obtaining your consent for certain data or in certain locations);
• To provide surveys, sweepstakes, promotions, or contests;
• For security, auditing, and similar business operational purposes, such as sending you security codes;
• To comply with legal requirements, relevant industry standards, and our policies, including to audit our internal processes;
• To protect the safety, rights, property or security of Continuance, our users, employees, third parties, members of the public and/or our Services;
• To prevent fraud and enforce our legal terms and policies;
• With your consent, and
• For any other lawful purpose (subject to your consent where legally required).

We may combine information that we collect from and about you (including automatically generated information) with information that we obtain about you from other sources and use such combined information in accordance with this Policy. We may also generate inferences about you from the information we collect about you; we process such inferences in accordance with applicable law.

We may aggregate and/or de-identify information collected through the Services. We may use and disclose appropriately aggregated or de-identified data for any purpose.

The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to process your information. Our legal bases for processing your information as described in this Policy are (1) where the processing is necessary to perform our obligations under a contract or commitment to you; (2) where the processing furthers the legitimate interests of Continuance or others; (3) where the processing is necessary to comply with applicable legal obligations; or (4) where you have consented to our processing of your information for a particular purpose.

3. How We Disclose Information

We may disclose your information as follows:

• Vendors and Advisors. We may disclose your information to companies that provide services to us, such as providers of data storage, web hosting, website support, billing and payment processing, data integration, security, analytics, marketing, shipping, and fraud prevention services; providers of certain services that help you better understand your wellness (e.g., certain testing services); and to professional advisors such as consultants and legal counsel.
• As Necessary to Provide Services You Request. We may disclose your information as necessary to provide services you request, such as certain testing services that are provided by independent third parties and made available to you through the Service.
• Legal Compliance and Rights. We may disclose your information if we believe in good faith that this is required or appropriate to comply with applicable law, regulations, or legal process; to establish or exercise our legal rights; to defend against legal claims; to seek legal representation or advice; and to enforce our legal terms, agreements, and policies.
• Protection of Continuance and Others. We may disclose your information if we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; and to protect and defend the rights, property or safety of Continuance, our users, our employees, or others.
• Corporate Transactions. We may disclose your information as part of, or to take steps in anticipation of, a sale of all or a portion of our business, a divestiture, merger, consolidation, asset sale, bankruptcy, or other significant corporate event.
• Your Consent/Direction. If you have consented to or directed us to disclose your information, we will disclose your information consistent with your consent or direction. For example, if you use telehealth services, you may direct us to disclose certain of your information to that telehealth provider. We use encryption and other security measures to transfer that information to the telehealth provider you select. Identifiable health information collected by a telehealth provider may be subject to and protected as protected health information under HIPAA.
• Advertising and Related Analytics. Subject to applicable law and rights you may have under such law depending on your location and the type of data, we may disclose or make available some of your information with advertising and related analytics partners to serve advertisements on our behalf across the internet and to provide analytics related to such advertisements. These entities may use cookies and tracking technologies to allow us to, among other things, deliver advertising and content targeted to your interests and track and analyze advertising performance, engagement, and other metrics. To learn more about how your information is used for advertising and related analytics purposes and your choices for managing this, please see the “Online Analytics” and “Tailored Advertising” sections below.
• Other Disclosures. We may also disclose your information as otherwise permitted or required by law.

Disclosures via Social Features. The Services may include “social” features where you may be able to post, upload, provide, or otherwise disclose information to other users of the Services, including, without limitation, forums, newsfeeds, groups, communities, and direct messaging features. You are not required to use these features to use the Services, and you may be able to limit who can view your information through the privacy section of the user settings screen of the relevant Services. Please check these settings before posting, uploading, or otherwise disclosing information, because your information will be disclosed in accordance with your settings. If you choose to disclose information via any such social features, you do so voluntarily and at your own risk. We take no responsibility and assume no liability for such disclosures or any consequences thereof, including what other users may choose to do with any information you disclose via social features. Please use discretion when deciding whether to disclose any of your information to other users.

4. Your Rights and Choices

a. Your Rights

The laws of your jurisdiction of residence (such as California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, the European Economic Area, and the United Kingdom) may provide you with certain rights with regard to your information. These rights may include the right to request:

• Access to, or a copy of, your information.
  • A list of “third parties” to whom we disclose personal information (for Minnesota and Oregon residents), as “third party” is defined under applicable law.
• Confirmation that we are processing your information and information about how we use and disclose your information.
• Correction or amendment of your information.
• Deletion of your information.
• Transfer of your information to a third party.
• Restriction or objection to certain uses or disclosures of your information.
• Withdrawal of consent previously provided for the handling of the information (without affecting the lawfulness of prior use and disclosure of the information).
• To be opted out of processing of your personal data for purposes of profiling that furthers decisions that produce legal or similarly significant effects, if applicable (note that we do not engage in such processing).

To exercise any of these rights, please email us at privacy@bryanjohnson.com. Please explain the right you want to exercise and the information with respect to which you want to exercise that right.

Many of the rights described above are subject to limitations or exceptions under applicable law. For example, we may need certain information in order to provide the Services to you or comply with applicable law, and if you ask us to delete your information in these cases, we may deny your request and/or it may mean we cannot provide services to you. We may take reasonable steps to verify your identity before responding to your request, including by asking you to provide us with information necessary to reasonably verify you. Depending on the sensitivity of the data you are requesting and the type of request you are making, this may include verifying your name and email address. If we cannot verify your identity, we may be unable to respond to your request.

Depending on your residency, you may be able to designate an authorized agent to make requests on your behalf. For us to verify an authorized agent, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may verify your identity directly with you before processing the authorized agent’s request, as permitted by applicable law.

In some cases (e.g., if you are an EEA or UK resident), you have the right to lodge a complaint with the data protection authority in your country of residence, but we encourage you to contact us first, as we would like to do our best to resolve any concern you may have.

In certain locations, you may appeal the denial of a request by emailing us at privacy@bryanjohnson.com. We will provide information about making an appeal in our response denying the request. You also have the right not to be discriminated against for exercising your privacy rights, as set forth in applicable data protection laws.

Please note that we can only process related to personal data subject to this Privacy Policy. If for example you have provided information to a third-party telehealth provider, you must direct your requests for PHI or other information to that provider.

b. Opt-Out Rights

We may “sell” certain “personal data” for “targeted advertising” purposes or use certain personal data for “targeted advertising” purposes, as such terms are defined in U.S. state data protection laws. Because of how such laws define “sale” and “targeted advertising”, these terms may include allowing third parties to receive certain personal data for advertising and related analytics purposes.

If you reside in a U.S. state with an applicable privacy law, you may opt out of our use of your personal data for purposes that are considered a “sale” or “targeted advertising” by visiting this link. Please note that you must complete this opt-out on each browser or device you use to access the Service. If you have a legally recognized browser-based opt out preference signal turned on through your browser, we recognize the preference expressed by this signal in accordance with applicable law.

c. Marketing Communications

You may use the unsubscribe link found at the bottom of emails we send to you to opt out of receiving future marketing emails. If you are currently receiving SMS/text messages from us and wish to opt out of receiving such messages, you may do so by replying STOP. You can also notify us of your desire to opt out of marketing via phone calls or direct mail using the information in the “Contact Us” section below. We process requests to be placed on do-not-mail, do-not-phone, and do-not-contact lists as required by applicable law.

Note that if you opt out of marketing communications, you may continue to receive certain non-promotional communications about services you request or engage with (e.g., a confirmation of purchase email) and service-related communications regarding us and our Services and opting out of marketing communications will not halt those communications (e.g., communications regarding our Services or updates to our legal terms, including this Policy).

d. Cookies

We and third parties use cookies and other similar technologies (such as web beacons and pixels) (“Cookies”) to collect information about your use of our Services. Cookies are files that are stored on your device through your web browser. Web beacons and pixels, which we may place on our Services and in our emails, operate in your browser or in your email program and can run operations on your device (such as reading and writing cookies) and can send information from your device to us or third parties. Cookies perform a variety of functions, including enabling the Services to function, securing the Services, personalizing the Services, helping us analyze and understand use of the Services, and assisting with advertising and marketing.

You can disable Cookies through your browser or device settings. Please consult your browser “Help” menu and device settings for more information. Certain Cookies (“essential” or “strictly necessary” cookies) may not be disabled as they are essential for the Services to function.) If you disable Cookies using a browser or device setting, that setting will apply only to the browser or device you are using, so you will need to reset the setting on a different browser or device. If you disable some or all Cookies, the Services may not function as intended and some features may be unavailable.

e. Online Analytics

We and our vendors may use third-party analytics services on the Services to help us understand how users engage with the Services, including Google Analytics. These parties may use Cookies and other technologies to help collect, analyze, and provide us with reports and/or data. For more information about Google Analytics and how it collects and processes data, please visit: https://policies.google.com/technologies/partner-sites. To opt out of Google Analytics using your information for analytics purposes, see: https://tools.google.com/dlpage/gaoptout.

f. Tailored Advertising

We and third parties may use certain of the information we collect to tailor the advertising you see online. You have choices about how information about you is used for this purpose.

Some tailored advertising is carried out using Cookies.

For Services offered via an Internet browser, you may be able to set your browser to refuse certain types of cookies or alert you when they are being used, as explained above. In addition, you may go to the Digital Advertising Alliance (“DAA”) Consumer Choice Page and the Network Advertising Initiative (“NAI”) Consumer Opt-Out Page for information about opting out of tailored advertising and your choices regarding having information used by DAA and NAI members, respectively. If you are a resident of the EEA, UK, and Switzerland, you may also visit the Your Online Choices website to learn more and manage your ad choices regarding participating companies.

For Services offered via mobile devices, including our Don’t Die App, mobile devices often include settings to help you manage how your device collects and discloses information for advertising purposes. For more information on how to manage those devices settings, please visit the NAI’s mobile choice page. You may also visit the DAA’s AppChoices page for information about the DAA’s AppChoices tool.

We make no representation about the accuracy, effectiveness, or continued availability of these third-party opt-out mechanisms. We do not control and make no representations about whether any of the third parties providing us with tailored advertising services participate in any of these third-party opt out mechanisms.

Modifying your browser or device settings or opting out of tailored advertising via your browser or device may have different results depending on the type of device or web browser you use and the version of your device operating system. Opting out of tailored advertising does not prevent you from seeing ads online; instead, the ads you see are less likely to be customized to your interests. Opting out is generally effective only on a device-by-device, or browser-by-browser basis. If you use more than one browser or device, the effect of any opt-out mechanism may be limited to the device on which you used the mechanism.

g. “Do Not Track”

Do Not Track (“DNT”) is a setting that users can enable in certain web browsers. DNT signals do not have a commonly agreed-upon meaning and we do not currently recognize or respond to DNT signals.

5. Security

Although we take certain measures to protect your information, no method of security is perfect. By using our Services, you acknowledge and accept that we cannot guarantee the security of your information, and that you provide information to us at your own risk. You are responsible for keeping your username and password confidential.

While this Privacy Policy does not govern the security practices of entities we do not own or manage, or to websites, apps, or services of third parties, certain third parties subject to HIPAA are required to handle medical information in accordance with HIPAA standards. This may include secure storage of PHI, clinician only access, encrypted transmission, and responsible medical recordkeeping.

6. Data Retention

We may retain your information until we determine that retention no longer is necessary to fulfill the purpose for which it was collected and retained, and as required by applicable law. Retention periods may vary depending on the type of information and the context and purpose of its collection and use.

7. Third-Party Links and Content

The Services may have links and embedded content to third-party websites, apps, or other digital properties that may have privacy policies that differ from ours. We are not responsible for the practices of such third parties or their sites, apps, or properties. You should check their privacy policies to understand how they may handle your information.

Likewise, the Services may have third-party content. We do not make any representations concerning the accuracy of such information and are not responsible in any way for third-party content on our Services. You interact with third-party content at your own risk.

8. Children’s Privacy

We do not knowingly solicit or collect personal information (as defined in applicable law) from children under the age permitted by applicable law without parental consent. If we become aware that a child has disclosed information to us in a way that is prohibited by applicable children's privacy laws, we will delete such information in accordance with applicable law.

9. Information for Non-United States Residents

Please note that Continuance is located in the United States. If you are located outside of the United States, you should be aware that any information you provide to us is transmitted to us and processed in the United States. Your information will be protected subject to this Policy and United States laws, which may not be as protective as the laws in your country, and data may be accessible to law enforcement and national security authorities under certain circumstances. To understand your rights with regard to your information, please visit the website of the appropriate data protection authority for your region.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make any changes, we will update the Last Updated date above. We encourage you to read this Privacy Policy regularly to check for changes. If we make a material change to this Privacy Policy, we will provide you with appropriate notice in accordance with legal requirements. Your continued use of the Services after we publish changes to this Privacy Policy constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at privacy@bryanjohnson.com, or write to us at 5042 Wilshire Blvd. #26878, Los Angeles, CA 90036.

If you have questions about how unaffiliated entities process your information, such as third-party telehealth providers we partner with, please contact them directly.

12. Consumer Health Data Privacy Policy

This Consumer Health Data Privacy Policy (“CHD Policy”) supplements the Continuance Privacy Policy (“Privacy Policy”) and applies to information defined as “consumer health data” (“CHD”) by the Washington state My Health My Data Act (“MHMDA”) and Nevada’s Consumer Health Data Privacy Law (“Nevada CHD Law”) (collectively, “CHD Laws”). Undefined capitalized terms shall have the meanings set forth in the Privacy Policy.

This CHD Policy is effective as of the date of the “Last Updated” date above, and we will provide notice of any changes to this CHD Policy as set forth in the “Changes to This Policy” section of the Privacy Policy. You can contact us about this CHD Policy using the information in the “Contact Us” section of the Privacy Policy.

a. Categories of CHD Collected

As described further in our Privacy Policy, and depending on applicable law and your interactions with us, we may collect the following categories of CHD, as broadly defined in the CHD Laws.

• Individual health conditions, treatment, diseases, or diagnoses (e.g., current medications, disease history, allergies, blood test results).
• Social, psychological, behavioral, and medical interventions (e.g., surgical interventions, mental health treatment).
• Health-related surgeries or procedures (e.g., surgeries or procedures you have undergone).
• Use or purchase of prescribed medication (e.g., list of medications you are currently taking).
• Bodily functions, vital signs, symptoms, or measurements of health information (e.g., blood pressure, pulse, temperature, height, weight, blood type, sleep data).
• Diagnoses or diagnostic testing, treatment, or medication (e.g., current medications, disease history, blood test results, genetic test results).
• Gender-affirming care information (e.g., if any of the treatments or procedures you report are gender-affirming in nature).
• Reproductive or sexual health information (e.g., pregnancy status).
• Biometric data (e.g., data generated from measurements or technological processing of your physiological, biological, or behavioral characteristics that identify you).
• Genetic data (e.g., genetic test results).
• Precise geolocation data (e.g., your location when you check in via the Don’t Die App).
• Data that identifies you as seeking health care services (e.g., your plans to undertake certain health treatments or procedures).
• Other information that may be used to infer, derive, or extrapolate data related to the above or other health information.

b. Sources of CHD

As described further in our Privacy Policy, we collect information that may include CHD from the following sources: (1) directly from you; (2) automatically through your use of our websites and apps; and (3) other sources such as integrations with other apps or devices and certain entities that provide you or us with services related to the Services (e.g., testing providers).

c. Purposes for Collection of CHD

We describe the purposes for collection and use of CHD in the “How We Use Information” section of our Privacy Policy. As further described there and subject to applicable law, we may collect and use CHD as directed by you or with your consent, or (1) to provide and manage the Services, including to communicate with you; (2) to analyze and improve the Services; (3) for research and development, including to create new products and services; (4) with your consent, for our own marketing and advertising purposes; (5) for security purposes and to protect us and others, including by preventing fraud; and (6) for legal purposes, such as to comply with applicable laws or to establish, exercise, or defend our legal rights.

d. How and Why We Disclose CHD

We may disclose each of the categories of CHD described above for business purposes to the categories of entities described in the “How We Disclose Information” section of our Privacy Policy. As further described in our Privacy Policy and subject to applicable law, we may share the categories of CHD:

• To provide and manage the Services;
• To engage in research, development, analytics, marketing, and advertising;
• To enable our vendors to provide us with services that allow us to operate our Services, such as data storage, research and development, billing, marketing, analytics, and customer service;
• To protect us and others, including to enforce our Terms of Service, Privacy Policy, or other contracts with you, and for fraud prevention;
• To comply with our legal obligations; and
• In connection with any negotiation or completed acquisition, merger, or purchase involving our business assets.

As described in our Privacy Policy, we reserve the right to create aggregate/de-identified data from the information we collect through the Services and our disclosure of such aggregate/de-identified data is in our discretion.

As further described in our Privacy Policy, and subject to applicable law (e.g. subject to your consent in certain situations), we may share CHD with the following categories of third parties:

• Vendors and service providers;
• Other entities that provide you with services (e.g., testing providers);
• For the protection of us and others (e.g., to governmental or regulatory agencies);
• For legal purposes (e.g., to governmental entities in response to legal process);
• As necessary for business transfers; and
• At your direction or with your consent.

e. How To Exercise Your Rights Under CHD Laws

Depending on your jurisdiction and subject to exceptions, the CHD Laws extend certain rights regarding CHD, which may include the right to request to (1) confirm whether we are collecting, sharing or selling your CHD; (2) access your CHD; (3) delete your CHD; (4) correct your CHD; and (5) withdraw your consent to the collection or sharing of your CHD.

You can seek to exercise these rights by emailing us at privacy@bryanjohnson.com. Depending on the nature of your request, we may request further information if appropriate to authenticate your identity.

If we deny your request in whole or in part, you may appeal that decision by emailing us at privacy@bryanjohnson.com.

If you are a resident of Washington and your appeal is denied, you can contact the Washington State Attorney General at www.atg.wa.gov/file-complaint. If you are a resident of Nevada and your appeal is denied, you can contact the Nevada Attorney General at https://ag.nv.gov/Complaints/File_Complaint/.

13. California “Shine the Light” Disclosure

If you are a California resident, the California Consumer Privacy Act (“CCPA”) requires us to provide you with the following additional information about: (1) the purpose for which we use each category of “personal information” and “sensitive personal information” (as defined in the CCPA) we collect; and (2) the categories of third parties to which we (a) disclose such information for a business purpose, (b) “share” information for “cross-context behavioral advertising,” and/or (c) “sell” such information. Under the CCPA, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. We “share” information to provide more relevant and tailored advertising to you regarding our Services. Our use of third-party analytics services and online advertising services may result in the sharing of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a “sale” under the CCPA. Please see the following chart for the rest of this information:

We collect the categories of personal information above from the following sources: (1) directly from you; (2) through your use of the Services; and (3) other parties, such as social media companies.

For more detailed information about how we use and disclose your personal information, please see the "How We Use Information" and "How We Disclose Information" sections of this Privacy Policy above. Please note that the ways we use your information may also differ depending on applicable legal obligations, such as where you opt out of a particular use, we will no longer use your information for that purpose.

Your Choices Regarding “Sharing” and “Selling”

As described more in the "Your Rights and Choices" section of our Privacy Policy, you have the right to opt out of Continuance’s sale/sharing of your personal information for purposes of online advertising and related purposes through the use of cookies, pixels, and similar online tools by clicking here.

You may opt out of our use of your personal data processed through cookies or similar technologies for purposes that are considered a “sale” or “share” by emailing privacy@bryanjohnson.com.

Please note that we will also honor legally-required browser-based opt out signals (such as the Global Privacy Control) in accordance with our legal obligations.

In addition to advertising activities using cookies and pixels, we may also share personal information such as user email addresses with advertising partners to provide you with more relevant advertising. To opt out of this activity, please email privacy@bryanjohnson.com.

We do not knowingly “sell” or “share” the personal information of children under 16.

CCPA Rights

Please see the “Your Rights and Choices” section of our Privacy Policy above for information about the additional rights you have with respect to your personal information under California law and how to exercise them. You may also have the right to receive information about the financial incentives that we offer to you (if any).

The CCPA also allows you to limit the use or disclosure of your “sensitive personal information” if your sensitive personal information is used for certain purposes. We may collect the following categories of sensitive personal information: (1) username and password; (2) geolocation data; (3) health data; (4) biometric data. Please note that we do not use or disclose sensitive personal information other than for purposes for which you cannot opt out under the CCPA (e.g., to provide the Services to you).

Retention of Your Personal Information

Please see the “Data Retention” section above.

Shine the Light Disclosure

California’s Shine the Light Law (CA Civil Code § 1798.83) allows residents with which a business has an established business relationship to request a list of the third parties to which the business has disclosed certain “personal information” (as specifically defined by the Shine the Light law) during the preceding year where the business knows or reasonably should know that the third parties used the personal information for the third parties’ own "direct marketing purposes,” defined by the Shine the Light law as the use of personal information to solicit or induce a purchase, rental, lease, or exchange of products, goods, property, or services directly to individuals by means of the mail, telephone, or electronic mail for their personal, family, or household purposes. However, the business is not required to provide this information where the business adopts and discloses, in its privacy policy, a policy of not disclosing “personal information” to third parties for their “direct marketing purposes” 1) unless the resident first affirmatively agrees or 2) if the resident has exercised an option that prevents that information from being disclosed. Continuance maintains such a policy and thus is not required to provide this information. To exercise your opt out right from this activity, please click here and follow the directions.