Other Covered Entities

Jiff, Inc.


  • Healthcare
  • Health Information Technology


EU-U.S. Data Privacy Framework Framework: Inactive - Lapse

Original Certification Date: 12/7/2017
Inactive Start Date: 12/9/2021

Swiss-U.S. Data Privacy Framework Framework: Inactive - Lapse

Original Certification Date: 12/7/2017
Inactive Start Date: 12/9/2021

Purpose of Data Collection

Purpose: to provide wellness and healthcare navigation services to users Data types may include PII, PHI How Personal Information May Be Used & Disclosed 1. Complete Service i. Surveys: Your Personal Information may be used and disclosed for surveys ii. Business Partners: The Castlight Companies may work with business partners in making the Complete Service available to our users iii. PSPs: We may share email addresses with PSPs for the programs in which you have registered so they can send you information concerning the program pertaining to you iv. Disclosures to Your Employer: To the extent permitted under applicable laws including HIPAA, we may provide necessary data to your Employer to enable your Employer to manage, administer and evaluate its health and wellness programs v. Other Third Parties: We may disclose your Personal Information to any other third-party with your prior affirmative consent vi. Your Personal Information may also be used and disclosed to: 1. Operate, promote, improve, administer, monitor and provide the Complete Service and PSP Services 2. To ensure that that you have registered or completed setting up an account for the Complete Sites, that you are using the Complete Service, or that you have started or completed some set of activities or achieved a desired goal using the PSP Services or the Complete Service 3. Help us decide what services will meet our users’ needs 4. Communicate with you about support or service issues 5. Inform you about Complete Service features and the benefits of such features 6. To customize your experience 7. Enforce our Terms of Use 8. Diagnose or troubleshoot problems, administer the Complete Sites and to detect and protect against error 9. Comply with laws 10. Protect your safety or the safety of others, investigate fraud, respond to a government request, or protect our rights 11. To help a PSP support its programs for you in the Complete Service 12. Facilitate a merger, acquisition, or sale of all or a portion of our assets 13. To direct you to programs, actions, content and events that may be pertinent and helpful to you 2. Care Guidance Service i. Facilitating and Coordinating Benefits: Your Personal Information, such as healthcare related claims data, may be used and disclosed to facilitate and coordinate your receipt of insurance benefits ii. Health Plan: Any disclosures of Personal Information to your health plan will be in strict compliance with the limitations imposed on disclosures of Protected Health Information (defined by HIPAA) to group health plans under the HIPAA Privacy Rule 3. Wellbeing Service i. Sharing Options with Spouses, Domestic Partners, Family or Friends: Some programs allow you to share your Personal Information with a spouse, domestic partner, other family member or other third person that you designate, while using the PSP Services and Wellbeing Service ii. Third Party Orders: If you order a device, application, or service through the Wellbeing Service that is marketed or sold by a third-party, we may provide your name and contact information to such third-party to facilitate the order iii. Disclosures to Third Party Administrators (TPAs): If required by your Employer and you consent, we may provide your Personal Information to TPAs who will access your Personal Information, de-identify it and create aggregated anonymous analytical data for your Employer's health and wellness programs iv. Disclosure of User Profiles and Submissions: Profile information and any video or image content that you upload in the Wellbeing Service may be displayed to other users to facilitate user interaction within the Service v. Your Personal Information may be used to: 1. Support incentives 2. Administer any sweepstakes or promotions, purchases, donations or other activities

Dispute Resolution

Questions or Complaints?

If you have a question or complaint, please contact Castlight Health, Inc. at:

Jeff Bryner
Chief Information Security Officer
Castlight Health, Inc.
150 Spear Street, Suite 400
San Francisco, California 94105

Appropriate statutory body with jurisdiction to investigate any claims against Castlight Health, Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission