🔐 CNRL Privacy Policy
Confidentialité / Privacy
This Privacy Policy explains how the CNRL Strive for Health experience collects, accesses, uses, stores, protects, and shares personal information and health-related data when users access the website, mobile application, wellness tools, trackers, challenges, questionnaires, appointment features, and related services.
Last updated: May 2026
Applies to web and mobile
Health data disclosure included
Overview
Privacy Summary
CNRL Strive for Health uses personal and health-related information only as needed to provide wellness features, support user participation, operate trackers and challenges, manage appointments, generate program insights, and maintain the security and performance of the platform.
🩺
Health Data
Health-related information may be collected when users complete questionnaires, participate in wellness trackers, join challenges, or use supported health features.
🔒
Security
Reasonable administrative, technical, and physical safeguards are used to protect personal and sensitive information.
📊
Reporting
Program reporting may be provided to authorized parties where required, and may be aggregated or de-identified where applicable.
🗑️
Access & Deletion
Users may request access, correction, or deletion of personal information, subject to legal, contractual, security, and operational requirements.
Personal Information
1. Collection and Use of Personal Information
CNRL Strive for Health may collect personal information that users voluntarily provide when they register, sign in, use wellness services, complete questionnaires, participate in trackers or challenges, book appointments, submit questions, or contact support.
This information may include name, email address, employee or member identifier, organization or employer, language preference, country or region, account profile information, appointment information, and other information required to deliver the wellness services.
Important:
Because the platform includes health and wellness features, some information may be considered personal or sensitive health-related data. The section below explains how this data may be collected, accessed, used, retained, and shared.
Google Play Disclosure
2. Health Data Access, Collection and Use
CNRL Strive for Health may collect or access health-related data only when it is required to provide user-facing wellness features, such as health questionnaires, wellness trackers, corporate challenges, appointment booking, progress tracking, participation tracking, points, badges, reporting, and related wellness services.
Health-related data is used to deliver the services requested by the user or made available through the wellness program. Health data is not sold and is not used for advertising.
- Collected or accessed
- Collected when the user submits a health questionnaire, wellness assessment, or similar form.
- How it is used
- Used to provide wellness insights, support program participation, personalize the user experience, and generate program reporting.
- Shared with
- Authorized platform administrators, service providers, and client organizations where required for wellness program delivery or reporting. Reporting may be aggregated or de-identified where applicable.
- Retention / deletion
- Retained only as long as required to provide the service, meet contractual obligations, support reporting, maintain security, or comply with applicable law. Users may request deletion subject to legal and contractual limits.
- Collected or accessed
- Collected when the user participates in wellness trackers, goals, corporate challenges, team activities, or related wellness features.
- How it is used
- Used to calculate progress, participation, points, badges, leaderboards, challenge rankings, and program results.
- Shared with
- Authorized administrators, service providers, and client organizations where required to operate the challenge or wellness program.
- Retention / deletion
- Retained for the duration of the program and any required reporting, audit, security, or contractual period.
- Collected or accessed
- Collected when the user books, updates, cancels, or manages an appointment, clinic visit, screening, or related wellness service.
- How it is used
- Used to schedule services, confirm attendance, manage reminders, support clinic operations, and provide service-related communications.
- Shared with
- Authorized service providers, administrators, or operational teams involved in delivering the appointment, clinic, or screening service.
- Retention / deletion
- Retained only as needed for appointment management, program administration, reporting, support, and applicable legal or contractual requirements.
- Collected or accessed
- Accessed only when the user authorizes a supported health, fitness, or device integration, where this feature is available.
- How it is used
- Used to sync approved activity data such as steps, distance, exercise activity, or other supported fitness metrics for trackers and challenges.
- Shared with
- Used within the platform and with authorized service providers required to deliver the feature. This data is not sold and is not used for advertising.
- Retention / deletion
- Users may disconnect the integration where available. Data already synced may be retained according to program retention requirements unless deletion is requested and legally permitted.
- Collected or accessed
- Collected automatically through cookies, logs, analytics tools, crash diagnostics, security tools, and similar technologies.
- How it is used
- Used to maintain security, troubleshoot issues, analyze usage, improve performance, support authentication, and improve service delivery.
- Shared with
- Analytics, hosting, security, monitoring, and technical service providers used to operate and support the platform.
- Retention / deletion
- Retained according to analytics, diagnostic, security, and operational retention periods, unless deletion is requested and legally permitted.
Review before publishing:
The connected fitness/device data section should only remain if the mobile app actually uses or plans to use a health, fitness, wearable, or device integration. Remove or revise any data category that does not match the app’s real behaviour.
Disclosure
3. Disclosure of Personal Information
Personal information and health-related data may be disclosed to authorized parties only as needed to operate, support, secure, improve, and report on the wellness services.
- Authorized administrators who manage the wellness program.
- Service providers that support hosting, analytics, security, communications, reporting, appointment booking, technical operations, and platform support.
- Client organizations where reporting is required for the wellness program, subject to applicable contractual and privacy requirements.
- Legal, regulatory, security, or investigative authorities where required or permitted by law.
The platform does not sell personal information or health-related data. Health-related data is not used for advertising.
Full Details
4. Full Privacy Details
The platform may use cookies, server logs, analytics tools, crash diagnostics, security tools, and similar technologies to recognize sessions, support authentication, maintain security, understand usage patterns, improve user experience, and troubleshoot technical issues.
These technologies may collect technical information such as browser type, device information, operating system, IP address, pages viewed, session activity, usage events, error reports, and app performance data.
Reasonable physical, technical, and administrative safeguards are used to help protect personal and sensitive information against unauthorized access, use, disclosure, alteration, or loss.
Security measures may include access controls, authentication, logging, monitoring, encryption in transit where applicable, secure hosting practices, and restricted access to authorized personnel or service providers.
Personal information and health-related data are retained only for as long as necessary to provide the services, operate wellness programs, meet contractual obligations, maintain security, support reporting, resolve disputes, and comply with applicable laws.
Users may request access, correction, or deletion of personal information by contacting the privacy contact listed below. Some information may need to be retained where required by law, security, audit, contractual, reporting, or legitimate operational requirements.
Users may request access to personal information they have provided through the platform and may request that it be corrected, updated, or deleted, subject to applicable legal, contractual, reporting, security, and operational restrictions.
The platform may contain links to third-party websites, services, or resources that are not operated by CNRL or its authorized service providers. Users should review the privacy policies of those third-party services before submitting personal information.
The platform is not intentionally designed for or directed to children. Personal information from children is not knowingly collected or maintained. If such information is inadvertently received, it will be deleted where required.
By using the platform, users consent to the collection, access, use, disclosure, retention, and protection of personal information and health-related data as described in this Privacy Policy and any applicable in-app disclosures.
Where required, additional in-app consent may be requested before specific health-related data is collected, accessed, or synced.