Castlight Health Privacy Policy

Last Updated November 10, 2017



At Castlight Health, Inc. (“Castlight”), our most important asset is our relationship with you. Castlight respects your privacy and takes Internet privacy very seriously. In this Privacy Policy, we would like to tell you what personal data we collect, what we use it for and when it may be disclosed.

By using www.castlighthealth.com or my.castlighthealth.com (including their subpages, collectively, “Castlight Health Corporate Websites”), you are agreeing to Castlight’s Terms of Service (which incorporates this Privacy Policy by reference) and to the practices described in this Privacy Policy, including consenting to the use and disclosure of certain information, including personal information provided to us as outlined in this Privacy Policy. This Privacy Policy only applies to the Castlight Health Corporate Websites.

This Privacy Policy describes how Castlight collects and uses the personal information you provide on the Castlight Health Corporate Websites or personal information we receive about you from third parties. It also describes the choices available to you regarding our use of your personal information.

If you have questions or complaints regarding our Privacy Policy or privacy practices, you can contact us at Castlight Health, Inc., 150 Spear Street, Suite 400, San Francisco, CA 94105, Attn: Chief Privacy Officer or privacy@castlighthealth.com or calling us at (888) 722-0483.


1. Collection of Information

We will not sell, share or rent personal information that is collected on the Castlight Health Corporate Websites in ways different than from what is disclosed in this Privacy Policy.


2. Information Collection, Use and Disclosure
  • Information Requests. If you wish to request more information about Castlight, you are required to provide contact information such as your name and email address. This information will be used by Castlight to contact you about our services.
  • Log Files. As with of most websites, Castlight automatically collects and stores in log files the Internet Protocol (IP) address of the computer you are using; the name of the domain and host from which you access the Internet; the browser software you use and your operating system; the date and time you access the service; and the Internet address of the website from which you directly linked to Castlight. We may combine this automatically collected log information with other information we collect about you. Castlight uses this log file information to analyze trends, monitor service traffic and usage patterns for internal marketing and security purposes, and to help make the Castlight Health Corporate Websites more useful.
  • Information from Third Parties. We may receive information about you from third parties. For example, we may supplement the information we collect with outside records or third parties may provide information in connection with a business relationship. If others give us your information, we will only use that information for the specific reason, if any, for which it was provided to us.
  • Information about Third Parties. We may also collect from your information about your contacts. Your disclosure of such information is completely voluntary. For example, we may collect names and email addresses in order to forward job postings. When you provide us with information about your contacts, we will only use this information for the specific reason for which it was provided.

Additionally, your information may also be used and disclosed as follows:

  • Survey you to evaluate and improve the Castlight service. If you choose to participate, we will request certain personal information from you. Participation in these surveys is completely voluntary. The requested information typically includes contact information (such as name and business address).  We use this information to improve the service accuracy and develop new products. We may use a third party service provider to conduct these surveys or fulfill any prizes associated with campaigns. We will not share the personal information you provide through a contest or survey with other third parties for a reason unrelated to the contest or survey unless we give you prior notice and choice.
  • Locator information, which may include your name, email address, physical address, and/or other data that enables someone to personally identify you. Castlight and your Internet Access Provider may use locator information as is necessary to enforce any of the terms of the Castlight Terms of Service.
  • Provide access to gated areas of the Castlight Health Corporate Websites such as for webinars.
  • Operate the Castlight service.
  • Provide information as required by law.
  • Update you on the Castlight service and its benefits.

3. Disclosure of Information
  • Compliance with Laws. Castlight will not disclose personal information to third parties other than as provided for in this Privacy Policy, except when required to do so by law such as to comply with a subpoena or similar legal process, or you have otherwise consented to additional use or disclosure of the information. We may also disclose your personal information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request, and if Castlight is involved in a merger, acquisition, or sale of all or a portion of its assets. You will be notified via email and/or a prominent notice on the Castlight Health Corporate Websites of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
  • Communications. Certain communications (for example, requests for more information) are recorded and maintained by Castlight. Castlight considers these communications to be personal and private and will not use or disclose these communications except as provided for in this Privacy Policy, where required by law, or unless you agree to additional use and disclosure of such information.
  • Third Party Websites. If you use Castlight to link to another website, you may decide to disclose personal information at that website. For example, you might provide your contact information to obtain an information packet from an organization. Please be aware that in contacting that website, or in providing information on that website, that third party may obtain personal information about you. This Privacy Policy does not apply when you leave Castlight and go to a third party website from Castlight. We encourage you to be aware when you leave our service and to read the privacy policy of each and every website that collects personal information.
  • Service Providers. We may provide your personal information to companies that provide services to help us with our business activities (e.g. marketing). We may also provide personal information you choose to share with us on our recruiting webpage with third parties who provide recruiting related services to us. These companies are authorized to use your personal information only as necessary to provide these services to us.

4. Opting Out or Opting In to Specific Uses of Information
  • If your personal information changes or if you no longer desire information regarding our service, you may correct, update, amend, or ask to have the information removed by emailing privacy@castlighthealth.com or Customer Support at support@castlighthealth.com, or by postal mail at Castlight Health, Inc., 150 Spear Street, Suite 400, San Francisco, CA 94105, Attn: Chief Privacy Officer. We will respond to your request within thirty (30) days.
  • In certain situations, Castlight has no direct relationship with the individuals whose personal information it processes (e.g. if someone submits your name and email address to refer you for a job posting). An individual who seeks access, or who seeks to correct, update, amend, or delete inaccurate data should direct their query to Castlight. We will respond to requests within thirty (30) days.
  • Updates and Castlight Service Marketing. Castlight may provide service updates, tips or education, or may promote the Castlight service to you as a potential user or if applicable, to provide information about available benefits. You can expect to receive one to two emails per month from Castlight. You will be able to opt-out of any such email communications at any time. To opt-out of Castlight email, please click the “unsubscribe” link at the bottom of any email or send an email with the subject line “Unsubscribe” to support@castlighthealth.com. To opt-out of any text messages from Castlight, please reply with “unsubscribe” in your message.

5. Storage and Maintenance of Information
  • Castlight will store and maintain your personal information in accordance with this Privacy Policy. We will also retain your information as needed to provide you services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.


6. Security
  • We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure and we cannot guarantee its absolute security. If you have any questions about security on the Castlight Health Corporate Websites, you can contact us at privacy@castlighthealth.com.


7.Tracking Technologies

Technologies such as: cookies, beacons, tags and scripts and other storage technologies to collect or receive information are used by Castlight and our partners (including digital advertising partners such as Facebook and Google), affiliates, or analytics or service providers (such as webinar providers). These technologies (such as Google Analytics) are used in analyzing trends, providing measurement services, administering the Castlight Health Corporate Websites, tracking users’ movements around the Castlight Health Corporate Websites and elsewhere on the internet, marketing our service (including via targeted remarketing ads), and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. More specifically, Castlight uses Crazy Egg’s Analysis Service for our https://my.castlighthealth.com site to learn more about how visitors are interacting with publically available content. You can visit Crazy Egg’s privacy policy here and its opt-out feature at here.

Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use the Castlight Health Corporate Websites, but your ability to use some features or areas of such Websites may be limited. You may opt-out of our partners’ use of cookies by exercising your choice here and here. Additionally, you can find out more about how Google uses data here.

We may use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Third parties with whom we partner to provide certain features on the Corporate Health Corporate Websites or to display advertising based upon your web browsing activity use LSOs such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML5 LSOs. To manage LSO storage, please click here.

We partner with a third party to manage our advertising on other websites. Our third party partner may use technologies such as cookies to gather information about your activities on these other websites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here [or if located in the European Union click here]. Please note this does not opt you out of being served ads. You will continue to receive generic ads.

The Castlight Health Corporate Websites may include social media features, such as the Facebook Like button and widgets, the share this button or interactive mini-programs that run on such Websites. These social media features may collect your IP address, which page you are visiting on the Castlight Health Corporate Websites, and may set a cookie to enable such features to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Castlight Health Corporate Websites. Your interactions with such features are governed by the privacy policy of the company providing it.

Questions. If you have any questions about this Privacy Policy or the use of your information via Castlight, please contact us at privacy@castlighthealth.com.


8. Changes to the Privacy Policy
  • Castlight will only use your personal information in the manner described in the Privacy Policy in effect when we collected the information from you. However, we reserve the right to change the terms of this Privacy Policy at any time by posting those changes on our service so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point, we decide to use personally identifiable information in a manner different from that stated at the time it was collected or if we make any changes which materially reduce your rights under this Privacy Policy, we will document such change on the Castlight Health Corporate Websites. We urge you to check here for any updates to this Privacy Policy from time to time.


9. EU-U.S./EU-Swiss Privacy Shield
  • Castlight participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework. Castlight is committed to subjecting all personal data received from European Union (EU) member countries or Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

    Castlight is responsible for the processing of personal data it receives under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Castlight complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

    With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Castlight is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Castlight may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) here.

    Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.