Menu Close

Privacy Policy

Effective June 2018 • Updated September 2020

Together is an online resource powered by St. Jude Children's Research Hospital (“St. Jude,” “we,” “our,” or “us”) for anyone affected by childhood cancer offering trusted information, practical resources, and shared stories. This Privacy Policy (“Policy”) explains how St. Jude collects, uses, and discloses information about users (“user,” “you,” or "your”) of the Together website https://together.stjude.org, Together online community, and any related digital services that St. Jude provides in connection with Together (“Together”), including any other websites, linked pages, features, content, and mobile applications (collectively, referred to below as the “Services”).

By accessing or using the Services, you consent to the processing of your information as described in this Policy, which is incorporated into our Terms of Use. If you do not understand the Terms, please contact us using the information below. IF YOU DO NOT AGREE TO THESE TERMS, YOU MAY NOT USE THE SERVICES.

Health Insurance Portability and Accountability Act

This Privacy Policy does not apply to Protected Health Information (“PHI”) that St. Jude may collect when acting as a Covered Entity or Business Associate subject to the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"). St. Jude maintains PHI in accordance to its Notice of Privacy Practices and, to the extent applicable, its contractual obligations as set out in Business Associate Agreements. If you have any questions about St. Jude’s use or disclosure of PHI in connection with the Services, please contact by using the information found in the “Contact Us” section at the end of this Privacy Policy.

Information We Collect

We may collect and store information about you in various ways. For example, we may collect information that you provide to us, information that we automatically collect through your use of the Services, and information from publicly-available sources or non-affiliated third parties.

Information You Provide to Us

When you access or use the Services, you may be invited to provide or upload information. For example, you may provide information on forms you fill out on or submit through the Services, including requests to receive newsletters, or through communications with us or other users via the Services. St. Jude may collect the following categories of Personal Information when you use the Services:

  • Personal Identifiers, including username, password, email address, and likeness captured by photographs or videos;
  • Demographic Information, including name, city-level location, educational background, family information;
  • Medical Information, including information about your diagnosis, previous treatments, general health, and health insurance.

If you submit any Personal Information relating to another individual directly to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

Information that Is Collected Automatically and/or Passively

In addition to the information you provide to us directly, we may automatically collect information about your use of the Services as follows:

  • Internet Network Activity. When you use our Services, we may collect and analyze information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device types and IDs), referring and exit pages and URLS, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services, error logs, and other similar information. We use this information (including the information collected by our third-party service providers) for analytics (including to determine which portions of the Services are used most frequently and what our Users like or do not like). Additionally, if you receive an email from us, we may collect information related to whether you open the email, and what content you select to view via the email.
  • Geo-Location. We may collect geo-location information, such as the city and state associated with the IP address of the device that you use to access the Services.

Information from Third Party Sources

We may collect certain categories of Personal Information about you from publicly and commercially available sources, as permitted by law, which we may combine with other information we receive from or about you.

Information We Collect From Social Media and Other Content Platforms

If you access the Services through a third-party connection or log-in (e.g., through a social network) (“Third-Party Platform”), you may allow us to have access to and store certain information from your Third-Party Platform profile. The information we collect under such circumstances may include your name, gender, profile picture, your “likes” and check-ins, your location, and your list of friends, depending on your settings on such Third-Party Platform. If you do not wish to have this information shared, do not use a Third-Party Platform to access the Services. For a description on how Third-Party Platforms handle your information, please refer to their respective privacy policies and terms of use, which may permit you to modify your privacy settings.

When you “like” or “follow” us on Facebook, Instagram, X, YouTube or other social media sites, we may collect some information from you including your name, e-mail address, and any comments or content you post relevant to us.

Cookies and Other Technologies

We and our third-party service providers may use cookies, clear GIFs, pixel tags, beacons, and other technologies that help us better understand user behavior, personalize preferences, perform research and analytics, and improve the services we provide. We or our third-party service providers also may use certain of these technologies in emails to you, to help us track email response rates, identify when our materials are viewed, and track whether our emails are forwarded. You may choose to accept or decline certain cookies. Most web browsers automatically accept cookies, but your browser may allow you to modify your browser settings to decline certain cookies if you prefer. If you disable cookies, you may be prevented from accessing or taking full advantage of the Services. To learn more about cookies, please visit http://allaboutcookies.org.

We also may use Adobe Flash technology (including Flash Local Shared Objects ("Flash LSOs")) and other technologies to, among other things, collect and store information about your use of the Services. If you do not want Flash LSOs stored on your computer, you may be permitted to adjust the settings of your Flash player to block Flash LSO storage using the tools contained in the website storage settings panel for the web browser(s) you use to access the Services. You can also control Flash LSOs by going to the Adobe Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash LSOs (referred to "information" on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash LSOs that are not being delivered by the operator of the page you are on at the time). Please note that setting the Flash Player to restrict or limit acceptance of Flash LSOs may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with the Site or our online content.

Web Logs

In conjunction with the gathering of data through cookies, Web servers may log records such as your device type, operating system type, device advertising identifier, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. The Web server logs also may record the address of the Web page that referred you to the Services, the IP address (and associated city and state or province for the IP address) of the device you use to connect to the internet, and data about your interaction with the Services, such as which pages you visit.

Online Analytics

We may use third-party web analytics services, such as those provided by Google Analytics. These service providers use cookies and other technologies described in this Policy to help us analyze how Users use the Services. The information collected by the technology will be disclosed to or collected directly by these service providers. To prevent Google Analytics from using information for analytics, a user may install the Google Analytics Opt-Out Browser Add-on. For more information on Google Analytics, visit https://support.google.com/analytics.

We also use Adobe's analytics service, which uses cookies and web beacons to help us understand more about how our websites are used, so that we can continue to improve them. You can learn more about Adobe’s service, and you may learn how to opt out.

Do Not Track Signals and Similar Mechanisms

Some web browsers incorporate a “Do Not Track” feature (“DNT”) that signals to the websites that you visit that you do not want to have your online activity tracked. We do not recognize or respond to browser-initiated DNT signals, as the internet industry is currently still working on DNT standards, implementations, and solutions. To learn about DNT and for information about how to opt out of receiving targeted advertising, please click www.aboutads.info/choices.

How We Use the Information We Collect

We may use your Personal Information for or one or more of the following purposes:

  • For the purposes for which you provide it;
  • To enable you to use the Services, including verifying your identity when you access your account and ensure the security of your personal information;
  • For customer support and to respond to your inquiries, corresponding with you to respond to your comments or questions, sending You emails;
  • For internal recordkeeping purposes;
  • To analyze, improve and maintain the Services and for product development;
  • To address fraud or safety concerns, or to investigate complaints or suspected fraud or wrongdoing;
  • To provide you with a personalized experience on the Services;
  • With your consent, to contact you by telephone regarding the Services or information you have requested;
  • To contact you with information about your use of the Services;
  • For other research and analytical purposes; and
  • To protect, enforce, or defend the legal rights, privacy, safety, security, or property of St. Jude, its employees or agents, or other users, and to comply with applicable law, including laws outside your country of residence; to comply with legal process; to respond to requests from public and government authorities, including public and government authorities outside your country of residence; to enforce our Terms of Use; to protect our operations or those of any of our affiliates; to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and to allow us to pursue available remedies or limit the damages that we may sustain.
  • To help us understand your needs and preferences and improve the content and functionality if the Services, we may conduct a voluntary questionnaire or survey and aggregate your responses as statistical information that does not identify you personally.
  • To publish, with your consent, a personal testimonial, including your name and photograph, on the Services. If you wish to update or deactivate your testimonial, please contact us at together@stjude.org.

We may combine information that we collect from you through the Services with information that we obtain from affiliated and non-affiliated third parties, and information derived for any other products or services we provide. We may also aggregate and/or de-identify information collected through the Services and use de-identified or aggregated data for any purpose, including without limit for research and marketing purposes and may also share such data with any third parties.

How We Share Information

The following provides information about entities with whom we may share your Personal Information. Our practices may vary depending on the type of information.

  • Affiliates. We may share information with our affiliates.
  • Service Providers. We may share information with third parties that help us operate our business and provide our services, such as contractors that provide us with technology, services, data or content. These service providers are limited to use the personal information we share with them only for the purpose(s) stated within our contracts.
  • Other Parties When Required by Law or as Necessary to Protect Our Users and the Services. We may share information when we believe that doing so is necessary to protect, enforce, or defend the legal rights, privacy, safety, or property of St. Jude, our employees or agents or users, or to comply with applicable law or legal process, including responding to requests from public and government authorities.
  • Parties to Business Transfers. We may transfer the information we hold in the event we sell or transfer all or a portion of our business or assets (such as in connection with a merger, acquisition, reorganization, dissolution or liquidation) or in connection with steps we take in anticipation of such a transaction.
  • Aggregated or De-Identified Information. We may share aggregated or de-identified data without restriction.
  • Otherwise with Your Consent or at Your Direction. In addition to the sharing described in this Policy, we may share information with third parties whenever you consent to or direct such sharing.

Children’s Privacy

We do not knowingly collect any Personal Information from children under the age of 13 without parental consent, unless permitted by law. If we learn that a child under the age of 13 has provided us with Personal Information (as defined by the Children’s Online Privacy Protection Act), we may delete it. If a parent or guardian becomes aware that his or her child has directly provided us with Personal Information, please contact us by using the contact information below.

Security

We employ administrative, technical, and physical security measures to help protect information from unauthorized access. These measures vary depending on the sensitivity of the information we have collected. However, no method of transmission over the internet or via mobile device, or method of electronic storage, is absolutely secure. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

If you are a registered user, please note that your account is protected by a password for your privacy and security. It is your responsibility to prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your account.

Retention

The information collected through the Services is stored and managed by our trusted third-party service providers (including but not limited to CareHubs/Accountable Care Transactions, Inc.; ActiveCampaign; Amazon Web Services) on servers based in the United States. We will retain your Personal Information for as long as we maintain a relationship with you or as long as is reasonably necessary thereafter for legitimate business purposes.

Third Party Links and Services and other St. Jude Websites

The Services may contain links to third-party websites or services. If you choose to use these sites or services, you may disclose your information not just to those third parties, but also to their users and the public more generally depending on how their services function. Because these third-party websites and services are not operated by St. Jude, St. Jude is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your Personal Information and other information will be subject to the privacy policies of the third-party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third parties.

You also may be able to access other St. Jude websites through the Services or through links provided through the Services (e.g., linking to St. Jude Children’s Research Hospital). Your information will be subject to the Privacy Policy posted on those other St. Jude websites.

How to Access or Update Your Information & Other Privacy Choices Available to You

Your preferences about how we use your information are important to us. We offer the following choices that you can exercise with regard to your personal information:

  • Unsubscribe. Where you have elected to participate in one of our programs or services or to receive marketing communications from us, we offer you the ability to discontinue your participation or to opt out of receiving those communications in the communication itself. Alternatively, you can contact us to opt out using the contact information found in the “Contact Us” section at the end of this Privacy Policy.
  • Manage Your Account Information. If you have an account, you may access, change, or correct your personal account information at any time by logging into your account. You may also make the request to us using the contact details below, in which case we may need to verify your identity before granting access or otherwise changing or correcting your information. You may also request that we update, correct, or modify your account information by contacting us at together@stjude.org. For your protection, we may need to verify your identity before implementing your request.
  • Deactivate your account. If you wish to deactivate your account, you may make the request to us using the contact details below. We generally retain information about you only as long as reasonably necessary to provide you the Services. However, even after you deactivate your account, we may retain archived copies of information about you for a period of time that is consistent with applicable law.
  • Cookies and Other Technologies. For information about opt-out options relating to data collected using cookies and other automated technologies (e.g., for analytics), please review the information and hyperlinks in the “Cookies and Other Technologies,” and “Online Analytics” sections of this Privacy Policy, above.

International Users and Consent to Transfer

The Services are controlled an operated from the United States. If you visit our Services or contact us from outside of the United States, please be advised that (1) any information you provide to us or that we automatically collect will be received in the United States and may be transferred to other jurisdictions; (2) that by using our Services or submitting information, you explicitly authorize its processing in the United States and subsequent transfers outside the United States in accordance with this Privacy Policy; and that U.S. law may not offer the same privacy protections as the law of your jurisdiction.

Modifications to This Policy

Modifications or changes to the Policy will be reflected in the most current Privacy Policy, which is available through the Services. We reserve the right to modify this Policy at any time, so we encourage you to review it frequently. If we make a material change to our privacy policy, we will take reasonable steps to notify you as may be required by law prior to putting the changes into effect. Your continued use of the Services following any changes signifies your acceptance of our Privacy Policy as modified.

Contact Us

If you wish to provide feedback to us regarding the Services, please contact us at together@stjude.org.

If you have any questions about St. Jude Children's Research Hospital or our privacy protections, please contact us at hipaaprivacy@stjude.org.