To comply with privacy regulations Partners are required to get consent from their users before a first scan is done. This requirement is necessary so that both Prism Labs and its Partners comply with specific regulations, such as Washington’s My Health My Data Act (MHMDA) and the Biometric Information Privacy Act (BIPA).

Partner User Consent Screen

As a Prism Labs Partner, you will need to add the following consent screen (not the look and feel) before each user does a first body scan.

Partner x Prism App Terms & Consent.png

Requirements

  1. Until a user accepts the terms and consent, accessing the body scanning flow will not be possible. If the user sees the terms, but closes the app before accepting, then the next time the user comes back to the body scanning feature, the terms and consent will pop up again.
  2. The following statements need to be included in the consent screen:
    1. Consent context: When you do a body scan, we send your images and data (including gender, height & weight, but not name or contact info) to Prism Labs to make 3D scans from head to toe (including basic face geometry), calculate insights like body composition, and improve the tech. We then get a 3D scan and body insights, which we use to display body metrics.
    2. Acknowledgment checkbox (must be disabled by default): ”I consent to the collection, use, disclosure, and storage of my images, bodymaps and data as described in more detail in Prism’s policy and [Insert Partner’s Company Name] policy” → see Partner recommendations here.
  3. The terms and consent need to be shown to every account and profile within a Partner account (if this structure exists).
  4. The Partner should keep a record of the terms the terms the user has accepted (version of policy and timestamp).
  5. Hyperlinks should be formatted as an obvious hyperlink (underlined, w/ color).
  6. Prism hyperlink should point to: www.prismlabs.tech/privacy
  7. Have the ability to show the terms page again to all users if new Policies are put in place (we can do this after launch, as the policy are not expected to change often).

Recommendations for Partner’s Privacy Policy (not legal advice)

<aside> ⚠️ Please note that none of the following recommendations are legal advice. We recommend that the Partner reviews this with their own legal team.  Neither Prism nor Prism’s lawyers are acting as the Partner’s lawyers.

</aside>

We suggest you include a new paragraph in a section related to How We Share And Disclose Personal Information section of your privacy policy. We suggest that the phrase “[Partner Name] policy” in the consent flow of the app feature to be a hyperlink straight to this new paragraph below in your Privacy Policy, as opposed to a hyperlink to the top of your privacy policy.

Body Scans