Washington Consumer Health Data Privacy Policy

Washington Consumer Health Data Privacy Policy

Version 1.0 | Effective May 18, 2026

How Myner AG collects, uses, shares, and sells consumer health data of Washington State residents

Myner AG  •  Gartenstrasse 6, 6300 Zug, Switzerland  •  CHE-202.314.864

1. About This Policy

This Policy is published as required by the Washington My Health My Data Act, RCW 19.373 (the "Act"). It explains how Myner AG collects, uses, shares, and sells consumer health data of Washington State residents.

This Policy applies only to Washington State residents and only to data that qualifies as consumer health data under the Act. Non-consumer-health data of Washington residents is governed by our general Privacy Policy at mynerapp.com/privacy. Eligibility, account rules, and the contractual terms of your participation are set out in our Terms and Conditions at mynerapp.com/terms.

Where this Policy applies, it controls. Where it does not apply, the general Privacy Policy applies.

2. Who We Are

Myner AG (referred to in this Policy as "Myner," "we," "us," or "our") is a Swiss data intelligence company that collects behavioral, purchase, and transactional data from Members and sells structured consumer and market intelligence to commercial clients. We are the regulated entity responsible for the consumer health data described in this Policy.

Legal name

Myner AG

Legal form

Aktiengesellschaft (limited company under Swiss law)

Registered office

Gartenstrasse 6, 6300 Zug, Switzerland

Swiss UID number

CHE-202.314.864

Privacy contact

privacy@mynerapp.com

3. What Is Consumer Health Data

The Act defines "consumer health data" broadly. It includes personal information that identifies your past, present, or future physical or mental health status, including precise location that could indicate an attempt to receive health services or supplies, and inferences about health drawn from non-health data.

For Members of our Service, this category includes:

  • Location data showing visits to or proximity to healthcare facilities, collected through the app's location services.
  • Transaction and receipt data from health-adjacent merchants, such as pharmacies, drug stores, fitness clubs, health food stores, medical and dental offices, hospitals, medical laboratories, and similar.
  • Responses you provide to surveys covering health-related topics, when you choose to participate.
  • Behavioral inferences about health drawn from the data above, such as wellness segment classifications or inferred health-product affinities.

We refer to all of this as "CHD" in the remainder of this Policy.

4. Consumer Health Data We Collect, and From Where

4.1  Categories of CHD

The categories of CHD we collect are:

  • Location-derived CHD: precise location data indicating visits to or proximity to healthcare facilities.
  • Transaction-derived CHD: purchase records from health-adjacent merchants, including merchant identity, date and time, items purchased where extracted from receipts, amounts, and payment method type.
  • Survey-derived CHD: responses you provide to surveys covering health topics, when you choose to participate.
  • Inferred CHD: behavioral inferences about health drawn from the categories above, such as health-related lifestyle segment classifications.

4.2  Sources of CHD

We obtain CHD from the following sources:

  • You directly — through receipts you submit, surveys you complete, and profile information you choose to provide.
  • Your devices — through the location services and app usage data collected when you participate in Data Activities.
  • Your financial accounts — if you choose to connect a bank or credit account through our optional bank data feature (available to Members aged 18 and over).

5. How We Use Your Consumer Health Data

We use your CHD for the purposes below. Some uses (operating the Service, validating receipts, preventing fraud) apply to all CHD regardless of your sharing choices. Other uses (external sale and sharing) apply only if you have given the specific consents described in Section 6.

  • Operating the Service. Processing your Data Activity participation, crediting rewards, and providing the features of the Service.
  • Validating receipts and preventing fraud. Confirming that submitted receipts are authentic, detecting fraudulent or duplicate activity, and protecting the integrity of the Service. We use location data internally for these purposes for all Members regardless of sharing consent.
  • Generating behavioral intelligence. Building structured profiles of purchase patterns, brand affinities, and consumer segments. CHD elements are included in profiles intended for external clients only if you have given the separate sharing consents described in Section 6.
  • External sale and sharing. Selling structured consumer intelligence to commercial clients. We do this only if you have completed a separate annual written authorization (Section 6).
  • Legal and regulatory compliance. Responding to legal obligations, including data subject rights requests and lawful regulatory inquiries.

6. How We Share or Sell Your Consumer Health Data

The Act requires that we obtain your specific affirmative consent before collecting or sharing your CHD, and that we obtain a separate written authorization before selling your CHD. We do both, and they are separate from each other and separate from your acceptance of our Terms and Conditions and general Privacy Policy.

6.1  Enrollment Consents

When you enroll as a Washington Member, we ask for seven separate consents that govern your CHD: four for collection and three for sharing. Each is presented as a distinct prompt and may be given or withheld independently.

Collection consents:

  • Consent to collect location-derived CHD.
  • Consent to collect transaction-derived CHD from receipts and bank transactions at health-adjacent merchants.
  • Consent to collect survey-derived CHD from your responses to health-related survey questions.
  • Consent to collect or derive inferred CHD from behavioral data.

Sharing consents:

  • Consent to share transaction-derived CHD.
  • Consent to share survey-derived CHD.
  • Consent to share inferred CHD.

You may decline any of these consents and still create a Myner account. The specific consents you give determine which CHD we collect and which CHD may be included in external data products if you also complete the annual authorization described below.

6.2  Annual Written Authorization

Before any of your consumer health data is sold or otherwise shared with external parties, we require a separate written authorization from you. This authorization is required by the Washington My Health My Data Act, and it is separate and distinct from the collection and sharing consents described in Section 6.1, from your acceptance of our Terms and Conditions, and from our general Privacy Policy.

Form and content. The authorization is presented to you as a standalone document, separately from your enrollment consents and from our other policies. It identifies the categories of consumer health data that may be sold, the categories of recipients, the specific purposes for which it may be used, the fact that data sold may be subject to redisclosure by recipients and may no longer be protected by this Policy, your right to revoke the authorization, the expiration date, and the signature and date.

Per-category authorization. The authorization form contains separate authorization elements for the three consumer health data categories you have consented to share under Section 6.1 and that Myner sells: transaction-derived, survey-derived, and inferred consumer health data. Myner does not sell location-derived consumer health data and accordingly does not include it as an authorization element on the form.

Validity period. The authorization is valid for one year from the date you sign it. We will prompt you to renew it annually if you wish your consumer health data to continue being included in external data products. If you do not renew, your data remains collected per your enrollment consents under Section 6.1 and used internally as described in Section 5, but is not included in any external sale or sharing after the expiration date.

Revocation. You may revoke the authorization, in whole or for any category, at any time and through any of the channels described in Section 8. Revocation takes effect when we receive it and stops the relevant external sale or sharing of new consumer health data from that point forward. Revocation does not undo processing already carried out under valid authorization. We cannot recall consumer health data already incorporated into research deliverables provided to clients before revocation.

Relationship to enrollment consents. The authorization under this Section does not replace the collection and sharing consents under Section 6.1. Both are required before consumer health data may be sold or externally shared: the sharing consent under Section 6.1 establishes that you have agreed to share the category at all, and the authorization under this Section 6.2 establishes that you have agreed to the sale of that category for the specified purposes and recipients. Withdrawing a sharing consent under Section 6.1 also stops the corresponding sale under this Section 6.2, regardless of any active authorization.

No effect on account. The authorization does not affect your account access, your ability to participate in non-CHD Data Activities, or your existing Vested Balance. If you do not give or do not renew the authorization, you remain a Member, your account remains active, and you may continue to participate in any Data Activity for which the authorization is not required.

6.3  Categories of Recipients

Where you have completed the annual authorization, we share or sell CHD with the following categories of entities:

  • Brands and retailers, for consumer behavior insights.
  • Investment firms, including private equity firms, for market and competitive analysis.
  • Data analytics companies, for derivative analytics products.
  • Commercial market research firms.

We do not currently share CHD with named affiliates. If we begin to do so, we will identify the affiliate in this Policy before any sharing occurs.

We also share data with service providers that help us operate the Service. They process your data only on our instructions and are not "recipients" for the purposes of the Act. Categories of service providers are listed in our general Privacy Policy at Section 6.4 and on our public sub-processor page at mynerapp.com/subprocessors.

6.4  Restrictions That Apply Regardless of Your Consent

Certain restrictions apply to your CHD regardless of any consent or authorization you give:

  • We do not share your precise location data with external parties under any circumstances. We use location data internally for receipt validation and fraud prevention only.
  • We do not authorize clients to use our data products as a primary input in any decision regulated under the Fair Credit Reporting Act, Equal Credit Opportunity Act, Fair Housing Act, or in individual insurance underwriting.
  • We do not use geofencing around healthcare facilities to target or trigger the collection of consumer health data, as prohibited by the Act. We use Washington location data internally for receipt validation and fraud prevention only; we do not share it externally under any circumstances.

7. Your Rights Under the Act

You have the rights below with respect to your CHD. You may exercise these rights through the channels described in Section 8.

Right to know

Receive confirmation of whether we are collecting, sharing, or selling your CHD, and access a list of all third parties and affiliates with which we have shared or sold your CHD, along with active contact information for each.

Right to access

Receive a copy of the CHD we hold about you.

Right to delete

Request deletion of your CHD. We will delete the data and direct our service providers and any third parties to whom we sold or shared the data to do the same, subject to limited exceptions in the Act for legal obligations and fraud prevention.

Right to withdraw consent

Withdraw any collection or sharing consent at any time. Withdrawal stops further collection or sharing from the time we receive it. It does not affect processing already carried out.

Right to withdraw authorization

Withdraw your annual sale authorization at any time. Withdrawal stops further external sale or sharing from the time we receive it. We cannot recall CHD already incorporated into research deliverables.

Right to non-discrimination

Exercising any of these rights will not affect your account access or your existing rewards. Earning further rewards from CHD-related Data Activities does require active consents and, for external sharing, an active authorization.

Right to complain

Lodge a complaint with the Washington State Attorney General at atg.wa.gov or with another competent regulatory authority.

8. How to Exercise Your Rights

You can exercise any of the rights in Section 7 through any of the following channels:

  • The in-app privacy center.
  • Email to privacy@mynerapp.com.
  • Post to Myner AG, Gartenstrasse 6, 6300 Zug, Switzerland.

We respond to verifiable requests within 45 calendar days of receiving a complete request. We may extend response time by up to 45 additional days for complex requests, and will notify you within the initial period if we do. Requests are free of charge. We will verify your identity before processing.

If we deny a request, you may appeal by replying to our response within 45 days. We will respond to the appeal within a reasonable time and will explain our reasoning. If we deny the appeal, you may complain to the Washington State Attorney General at atg.wa.gov.

9. Withdrawing Consent and Authorization

You may withdraw any of the consents or the authorization described in Section 6 at any time, through the channels in Section 8. Withdrawal takes effect when we receive it and stops the relevant collection, sharing, or sale of new CHD from that point forward.

Withdrawal does not undo processing already carried out under valid consent. We cannot recall CHD that has already been incorporated into research deliverables provided to clients.

Withdrawing one consent does not affect your other consents, your account, your existing Vested Balance, or your participation in Data Activities that do not involve CHD.

You may re-consent or re-authorize at any time through the same channels.

10. Data Retention

We retain CHD for as long as necessary to fulfill the purposes described in this Policy and to comply with our legal obligations. The criteria we apply are the same as those set out in Section 8 of our general Privacy Policy. Records of your consents and authorizations are retained as required to demonstrate compliance with the Act and applicable law.

11. Security

We apply technical and organizational measures to protect your CHD against unauthorized access, alteration, disclosure, or destruction, including encryption in transit and at rest, role-based access controls, and incident response procedures. The security measures described in Section 12 of our general Privacy Policy apply to CHD. No security system is impenetrable. If a breach affects your CHD, we will notify you and the relevant authorities as required by law.

12. Changes to This Policy

We may modify this Policy from time to time. When we do, we will publish the updated version, set a new effective date, and notify you by email or in-app notification. The notification will identify the change and the effective date. Where the change involves collecting a new category of consumer health data, we will obtain your fresh affirmative consent before that new category is collected from you, as required by the Act.

13. Contact Us

For questions about this Policy or to exercise any of your rights, contact our privacy team at privacy@mynerapp.com, by post at Myner AG, Gartenstrasse 6, 6300 Zug, Switzerland, or through the in-app privacy center.

You may also lodge a complaint with the Washington State Attorney General at atg.wa.gov.

Looking for another document or a past version? Find it in Policy Archives.