Privacy Statement

Effective: 4/1/2016

(If you are a CA resident, this statement includes your California Privacy Rights)


The Healthyroads ®  program and website (collectively, "") is designed to provide individuals with an evidence-based educational resource for fitness planning and health-related lifestyle improvement. is provided by American Specialty Health Management, Inc. ("ASH Management"), a subsidiary of American Specialty Health Incorporated (“ASH”). values its users, respects user privacy and is committed to using personal information responsibly. 

For the purposes of this Privacy Statement the terms “we” and “our” refer to and ASH Management, and the terms “member” or “you” mean an authorized user of will not release, sell, rent, or trade your personal information to any third party without your permission, except when we believe in good faith that the law requires it, or to protect our own rights and properties, or as outlined in this Privacy Statement. 


You should read and familiarize yourself with this Privacy Statement and with the Terms & Conditions . By using, you acknowledge and consent to our collection, processing and use of your information as described in this Privacy Statement. For any questions about this Privacy Statement, please contact us directly. will respond to any questions within 10 business days from the date of receipt. Contact directly through any means noted at the end of this Privacy Statement. If information practices change, will post the revised policy on and/or will notify users through direct communication. 


ASH Management does not track users across third party websites, nor does it allow third parties to collect personally identifiable information on  


Under California Civil Code Section 1798.83 (known as the “shine the light” law), California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.

We do not knowingly share your personal information with third parties for their direct marketing use without your permission. California residents may send requests for information-sharing disclosure under this law by emailing . Please note that under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email address. 

What kind of personal information may collect, and how is it collected?

  • When you register on, we collect your name, date of birth, address, e-mail address, and home phone number. 
  • If you use the Personal Health Assessment feature of, we collect your responses to the health assessment questionnaire.   
  • If you participate in Biometric Screening , we receive your biometric screening results from the participating screening vendor to populate your personal health scorecard on 
  • If you use the Challenges feature of, we collect the date you join the challenge; your current weight and goal weight (within weight challenges); device activity (if you decide to join an activity tracking challenge that utilizes your activity or fitness tracking device); and healthy eating and healthy habit entries. If you participate in a group Challenge, we will also collect your name; date accepted, invited, or declined; and rank within the challenge. If you use the Challenge Chatter feature within Challenges, we may collect social comments between participants, first name, last name and initials. 
  • If you use the Accountabilities feature of, we collect the date you send an accountability invitation; the subject and recipient of the invitation; and your message content.
  • If you use the Healthyroads Connected! ® feature of, you allow us to receive your activity information, such as steps taken in a day, height, weight, and calories, from your activity or fitness tracking device (e.g., Fitbit®, Jawbone®, Garmin®, etc.). When you use the Healthyroads Connected! feature, your activity information will be transmitted from your device by your device manufacturer, to Validic (a third-party data aggregator that we use). After receiving the information from Validic, we will upload the information into your member profile/account on  By using the Healthyroads Connected! feature, you also allow us to receive profile information from your device, if applicable, or from your own input, including gender, birth year, height, weight, and time zone.  
  • If you use the Heathyroads CheckIn! ® mobile app feature of (which allows members to electronically log their fitness center visits), we will receive the location information of the fitness center you visit and your check-in and check-out times at such facility.  NOTE: In order to use the Healthyroads CheckIn! mobile app, you must enable and allow GPS location tracking on your activity or fitness tracking device, and if you do not wish for your device location to be tracked, please do not use the Healthyroads CheckIn! mobile app because, without the location information, the app will not be able to log your fitness center visits. To learn more about what data we collect through or within the Healthyroads CheckIn!  mobile app and how we use the data, please view the Healthyroads CheckIn! mobile app Privacy Statement within the app, or you may request a hard copy through one of the contact methods listed in the “How to Contact for Questions” section below.
  • If you enroll in a fitness center through, we may receive your fitness center location and date of visit information directly from the fitness center if the fitness center is in our network and, by enrolling in such a fitness center for the purpose of participating in the Healthyroads program, you acknowledge and agree that the fitness center may provide your visit information to us on your behalf. Alternatively, depending on availability within your program, you can submit to us your fitness center visit information directly, either through the Healthyroads CheckIn! mobile app or by sending to us via email, fax or postal mail your visit logbook signed by the fitness center or in a printout form provided by the fitness center.  
  • If you use the Contact Us page of to submit a comment, inquiry or request to us, we collect your name, phone number, e-mail address, user type, fitness center location, and your comment or inquiry message.
  • Additionally, we may collect demographic information from members, such as age, gender, and areas of interest, as well as users’ IP addresses (which are numerical numbers that are automatically assigned to users’ computers and mobile devices when they are surfing the Internet) and information obtained by tracking the "clickstreams" from usage of (page requests, pages visited, content viewed, clicks, search queries made, etc.).

How does ASH Management use information collected on

We use information collected on to enable users to access and use the Healthyroads program tools and features provided on For example:

  • If you register on, we will use your registration information to set up, administer, service, and communicate with you regarding your account. Registration on is required for users to gain access to special tools and features of the Healthyroads program, such as Personal Health Assessment , Scorecard, Challenges , Accountabilities, and Connected!  
  • If you use the Personal Health Assessment feature of, we will use your responses to calculate your health stratification and populate your personal health scorecard with actions and recommendations driven by your responses to the health assessment and, if part of your program, your biometric results.
  • If you participate in Biometric Screening , your biometric screening results will be used to populate your personal health scorecard and recommend program features, such as coaching if available under your plan.
  • If you use the Challenges feature of, we will use your information to track your participation and progress in a challenge and determine if you have met the challenge or won the challenge. If you participate in a group Challenge, we will also incorporate your name and rank within the challenge on the challenge leaderboard.
  • If you use the Accountabilities feature of, we will use your information to communicate with your designated accountability partner and enable such partner to utilize the communication tools of the Accountabilities feature, such as providing daily cheers to encourage you to stay on track and posting encouraging messages via the Challenge Chatter feature.
  • If you use the Healthyroads Connected! feature of, we will record your fitness center visit and exercise, and your other independent activity information over time, and will use such recorded information to verify and determine whether you are eligible for applicable incentives or rewards under the Healthyroads program (and/or under another member rewards program applicable to you). ASH Management may also disclose your Healthyroads Connected! activity information, such as steps taken over time, to your health plan or plan sponsor to assist in the administration of your benefit and/or for incentives, rewards and reimbursement fulfillment purposes only. If you enter your gender, birth year, weight, and height into your Healthyroads Connected! profile, we may use this information to calculate and display your calorie metrics based on activity reported through your Healthyroads Connected! -enabled device.  
  • If you use the Healthyroads CheckIn!  mobile app feature of, we will record the location information of each fitness center you visit and your check-in and check-out times at each such fitness center over time and will use such recorded information to verify and determine whether you are eligible for applicable incentives and/or rewards under your program (and/or under another member rewards program applicable to you).
  • If you enroll in a fitness center through, we will use your information to process your enrollment and will use your fitness center location and date of visit information (whether submitted to us directly by you or provided to us on your behalf by the fitness center) to verify and determine whether you are eligible for applicable rewards under your program (and/or under another member rewards program applicable to you).  
  • If you use the Contact Us page of, we will use your information to process and respond to your comment, inquiry, or request (as the case may be).
  • We use user demographic information, IP addresses and clickstream data collected on for internal purposes, such as improving and associated tools and features; measuring and analyzing user interests, traffic, and usage patterns; etc.

Under what circumstances does share user information collected with third parties?

We may provide your information to your employer, health plan, or other entities that have contracted with your employer or health plan to provide you with health-related services on behalf of your employer and/or your health plan, or to help administer your benefits. In certain limited situations, we may be required to provide your personal information to your employer, health plan, or in some cases your designated fitness center, in order to confirm your eligibility, conduct billing, and perform other operational tasks required to administer your benefits. In these situations, we require that the recipient have internal controls in place to ensure that personal information is only disclosed to those who perform the benefit administration process described above.

We may also share your information with third parties in the following circumstances:

  • as reasonably necessary to enable third-party service providers to provide services and support for the operation and maintenance of and associated tools and features;  
  • as reasonably necessary to comply with law or legal process (including a court or government order or subpoena);
  • as reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues;
  • as reasonably necessary to enforce this Privacy Statement and/or the Terms & Conditions for;
  • as reasonably necessary to protect the rights, property or safety of ASH and ASH Management, our members and users, and/or the public.

Furthermore, if we are involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users (including personal health information and other personally identifiable information) may be transferred to one or more third parties involved in such transaction and, upon such transfer, the relevant third-party privacy policy or policies may govern further use of the information. In the event of such a change, we will endeavor to notify our users of the change as well as any choices our users may have regarding the change.

In addition, we may share with select third parties (including, without limitation, our members’ employers and health plans) aggregate statistics regarding members, such as member demographics, interests, traffic, and usage patterns. The information so shared will not include personal health information or other personally identifiable information of members.

If I participate in an employer-sponsored wellness program, does ASH Management share my information with my employer?  

As noted above, ASH Management will only share your information with your employer or plan sponsor for billing purposes and/or to help process your wellness incentives. We will not share with your employer individually identifiable Protected Health Information, unless you provide your explicit consent to do so, or as otherwise noted in this Privacy Statement. We may also share your information with other third-party health or wellness vendors that contract directly with your employer or plan sponsor to manage your benefits, as noted above. If we share your information with such a contracted third party vendor, we will only share the minimum necessary information in order to manage your benefits and the vendor to whom we disclose your information will be bound by similar privacy obligations as ASH Management. If you have any questions on how your information may be used or disclosed in the coordination and management of your benefits, you should consult your group health plan’s Notice of Privacy Practices, if applicable to your plan sponsor, or your plan sponsor’s benefit administrator. 

ASH Management will not share the following information with your employer, though your employer may direct us to send this information to other administrators of your employee benefits with whom your employer has contracted for fulfillment, analysis, or other operational purposes, but only as permitted by law:

  • Your actual responses to the Personal Health Assessment. 
  • The details of your coaching sessions or interactions with a Healthyroads Coach ®. 
  • Your specific biometric scores or reported results from wellness/biometric screenings.

ASH Management may share the following information with your employer:

  • The number of coaching sessions you have completed may be reported as need to qualify you for a related incentive.
  • The incentive point value associated with participating in the wellness/biometric screening.
  • Other participation-based (not outcomes or results based) information related to your wellness program.
  • Aggregate (group level, not individually identifiable) statistical information on how your group’s overall health and wellness metrics perform in relation to other Healthyroads enrollees. This is known as aggregate “benchmarking” data and is used only to help your employer understand the overall value of the program.

Can users opt out of collection of personal information on

No. The functionality of and associated tools and features requires that we collect and receive certain personal information from and about participants in the Healthyroads program.  Accordingly, if you do not wish to have your personal information collected or received by us, you should not use or participate in the Healthyroads program. 

Can users access, update, and delete their information collected on

If you have an active account on, you can log into your account to view your account/profile information. Members may update their account/profile information by submitting a written request to using the “Member Request to Amend Protected Health Information” form, which is available upon request through the contact information at the end of this Privacy Statement. Failure to fully complete all sections of the form may result in the form being returned to you. Response to the request for amendment will be issued within 30 days of receipt of the completed form. However, we may obtain one 30-day extension by sending the member a written notice stating the reason for the delay and the expected date of the response. We may deny the member’s amendment request under the following circumstances:

  • We cannot verify and confirm the identity of the member making the request. 
  • The request for amendment was made verbally. 
  • The request does not state a reason for the amendment. 
  • We cannot change member information provided to us by or on behalf of a health plan or a plan sponsor.


NOTE: Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, member information (including personal health information and other personally identifiable information) collected on can not be deleted or removed from our database and will be retained for a minimum of 10 years in accordance with our record retention policy. User accounts, however, may be disabled upon written request, using the contact information provided at the end of this Privacy Statement.

How can users opt out of receiving certain communications from

If you have provided your email address, postal address, and/or telephone number to us, you may opt out of receiving marketing/promotional communications from us by using the contact information provided at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from us. Please note that email unsubscribe requests may take up to 30 days to process once received.

For users who have requested to be removed from our email, postal mail, and/or telephone contact lists, once their requests are processed, we will maintain an internal do-not-contact list to ensure that the request is honored. 


NOTE: Your opt-out regarding our marketing/promotional communications will not stop our communications of a transactional or member relation nature or as required by law (e.g., communications regarding your account or your participation in the Healthyroads program; communications in response to a request or inquiry you have made with us; notices regarding material changes to or our information practices; notices regarding an actual or suspected security breach that affects your information stored by or for us; etc.).

How does ASH Management protect the privacy of minors?

We are concerned about the safety of children when they use the internet. is not intended for use by persons under the age of majority (e.g., under the age of 18 in California).   If we become aware that a user is under the age of 18 and has provided personal information to us without prior parental consent, we will remove all information provided by such underage user from our database.


How does ASH Management use cookies and other similar technologies on

We use cookies on to help us remember who you are; to enhance and personalize your experience; to understand and save your preferences for future visits; to compile group information about our users; and carry out other tasks relating to the operation or improvement of and associated tools and features. We may also use information collected from cookies together with other information we have collected from our users. We do not, however, use cookies to access information on your computer or mobile device.  

Most web browsers are initially set to accept cookies, but you can change your browser settings to notify you when you are sent a cookie, giving you the ability to accept or reject it, or you can choose to routinely and manually delete cookies stored on your computer or mobile device. Each time you revisit the Healthyroads Website, your ability to restrict our use of cookies on that service is subject to your browser settings and limitations at the time. Please note that if you choose to disable or reject cookies from, tools and features of the Healthyroads Website may become inaccessible or may not function properly.  

For more information on how to manage cookies, visit .

To manage Adobe Local Shared Objects (also known as LSOs or Flash cookies), visit .

We may also use “web beacons” (also known as “clear GIFs,” “pixel tags,” etc.) – which are small bits of code embedded in web pages or in emails – to deliver or communicate with cookies, count users who have visited a web page, and understand usage patterns. We may include web beacons in emails to help us recognize activities such as when an email was opened, how many times an email was forwarded, which links in the email were clicked on, etc. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.

How does ASH Management safeguard user information?

In order to maintain the confidentiality of and safeguard the security of personal information of members, we enforce strict company-wide policies regarding member information privacy, security, and confidentiality.

We have an organizational commitment to protecting member information privacy and security. All employees who work for are made aware of security policies and practices through employee orientation and annual refresher training. Personal information of members is stored in an isolated database with tightly restricted access. Employees authorized to view this information are authenticated prior to gaining such access. We review web security on an ongoing basis. In addition to daily security administration and response activities, undergoes an overall security review on an annual basis. uses Transport Layer Security (TLS) technology to protect the security of members’ personal information. You will see an unbroken key or a closed lock (depending on the browser used) in the upper part of the browser window when TLS is active and the server is secure. The URL line of the browser will also contain "https" instead of "http". When you register on, your account/profile information will be transmitted to us in encrypted form and your registration will be assigned a unique User ID to which only our authorized employees will have access.

What is’s advertising policy?

We do not allow third-party advertising on

What is’s policy regarding links to other websites and services?

For your convenience, may provide links to third-party websites and online services not owned or controlled by or affiliated with us (each, a “Linked Third-Party Website/Service”). Linking does not mean, and should not be deemed or construed to mean, that we endorse or approve or are affiliated with a Linked Third-Party Website/Service. We are not responsible for the information privacy and security policies or practices of a Linked Third-Party Website/Service. When you leave the Healthyroads Website to visit a Linked Third-Party Website/Service, this Privacy Statement no longer applies, and any information collected from or about you by a Linked Third-Party Website/Service will be governed by that site/service’s privacy policies and practices, which may be substantially different from those of ours. A Linked Third-Party Website/Service may set or use its own cookies, web beacons, etc. to your computer or mobile device, and may collect information from and about you and use the information in ways that we would not. You access a Linked Third-Party Website/Service entirely at your own risk. You should always read the privacy policy associated with a Linked Third-Party Website/Service before disclosing any personal information.


How can I contact for questions?

Questions may be submitted online using’s Contact Us page. is available through American Specialty Health Management, Inc., which is a subsidiary of American Specialty Health Incorporated (ASH), a privately held corporation. All site operations are conducted and maintained by staff affiliated with ASH. ASH is a Delaware corporation domiciled in California, with the corporate office located at 10221 Wateridge Circle, San Diego, CA 92121.


U.S. Mail: Healthyroads Customer Service  
P.O. Box 509040  
San Diego, CA 92150-9040
Phone:  1-877-330-2746


Changes to Privacy Statement  

We reserve the right to make changes to this Privacy Statement at any time by posting the new policy on Except where otherwise stated by applicable law, changes to this Privacy Statement will become effective when the new policy is posted on, and such posting will constitute our notice to you regarding the changes, and by continuing to use following such posting, you accept and agree to be bound by the new policy.

If we make changes to this Privacy Statement that will materially change the way we collect or use personal information of members, we will obtain member consent to such changes where required by applicable law, and the changes will apply to members on a prospective basis only (unless otherwise agreed in writing by members). 


We encourage you to check the website regularly to see if we have made any modifications to this Privacy Statement.