INTRODUCING IPS: A PROGNOSTIC BIOMARKER FOR PATIENTS ON ICI THERAPY /// LEARN MORE INTRODUCING IPS: A PROGNOSTIC BIOMARKER FOR PATIENTS ON ICI THERAPY /// LEARN MORE

Tempus Privacy Policy

Last revised: May 1, 2024

Tempus AI, Inc. (“Tempus,” “our,” “us,” or “we”) respects the privacy of all visitors and users of its online services and is dedicated to maintaining the accessibility, confidentiality, and integrity of all such information. This Privacy Policy (“Policy”) applies to all visitors and users of the Tempus website www.tempus.com and all other Tempus-owned websites, domains, website services, applications, mobile applications, and products or any other interaction during which this Privacy Policy is presented or linked (“Services”).  

For California, this Privacy Policy describes how we collect, use, disclose, and retain your Personal Information. For additional information relating to your rights and our processing of your personal information collected, please navigate to the Additional Information for California Residents Section below. 

This Policy is in addition to, and does not replace our Notice of Privacy Practices, which explains how we may use and disclose your protected health information or Protected Health Information (“PHI”), our legal duties with respect to your PHI, and your rights with respect to your PHI and how you may exercise them. Please view our Notice of Privacy Practices to learn more about how we use and disclose your protected health information or PHI, our legal duties with respect to your PHI, and your rights with respect to your PHI and how you may exercise them.  This Policy does not apply to our collection or processing of PHI.

If you are a resident of Washington or Nevada, you may have additional rights with respect to your consumer health information.  Please see our separate Consumer Health Privacy Notice.

From time to time, we may make changes to this Policy, please periodically review this Policy for any changes.

Personal Information and What We Collect

“Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. It does not include information that is de-identified or aggregated.

We may collect Personal Information about you when you provide it to us, when you interact with the Services, and when other sources provide it to us.

From You: When you set up your account or interact with us regarding your account, for billing and payment, or when you otherwise interact with us. Your personal information may be collected by phone with a customer service representative, by mail, by text, by email, or through the Services.

From Providers: We work with and receive personal information from third parties such as service providers, vendors, contractors, and market researchers who provide services on our behalf.

From Your Use of Our Website and  Mobile Applications: We collect information about your visits and use of our website and mobile applications, including information through cookies and other logging technologies.

From Other Sources: We may supplement the information described above with information we obtain from other sources, including government agencies, public or third-party information sources, third-party service providers, or business partners. We also may collect information from industry and patient groups and associations, or combine information we have collected from multiple sources.

We may have collected the following information about you:

Identifiers, such as your name, postal address, email address, account username, IP address, phone number, or other similar unique identifiers. We use this information to provide you with our Services, maintain your account, operate our business, and to otherwise communicate with you. We may provide this information to service providers and contractors or to other third parties as required by law.

Information Subject to Protection under California Law.  We or our service providers may collect your bank account number, credit card number, or debit card number. We use this information to provide you with our Services. We may provide this information to service providers or to other third parties as required by law.

Payment and Financial Information. We or our service providers may collect your bank account, credit card or debit card information. We use this information to process payments for our services.  If you apply or participate in Tempus’ patient assistance program, we may collect information to verify your eligibility in the program. Payments and purchases are processed through our service providers.

Commercial Information, such as records of products or services obtained or considered, or other information related to purchasing or consumer histories. We use this information to better understand your use of our Services and for our internal business purposes.  We may provide this information to service providers and contractors or to other third parties as required by law.

Non-Specific Geolocation Data, such as information used to locate the device you use to access the Services. Location information may include: (i) the location of the device derived from WiFi use; (ii) the location derived from the IP address of the device or internet service used to access the Services, and (iii) other information made available by a user or others that indicates the current or prior location of the user. We may provide this information to service providers and contractors or to other third parties as required by law.

Professional Information, including information relating to your role as a representative or agent of a company or business, such as your work title and contact information. We may provide this information to service providers and contractors or with other third parties as required by law.

Education Information, including the highest level of schooling that you achieved. We may provide this information to service providers and contractors or with other third parties as required by law.

Internet and Other Electronic Activity Information, such as operating system, browser type and language, referring URLs, access times, pages viewed, links clicked and other information about your activities on the Services. We may provide this information to service providers and contractors or with other third parties as required by law.

Cookies and Other Tracking Technologies.  In some instances, we automatically collect certain types of information when you visit our websites and through e-mails that we may exchange.  Automated technologies may include the use of “cookies” and web beacons.  Further information about our use of cookies can be found below (Cookies & Other Data Technologies).

Profile and Inference Information, such as information about your preferences and characteristics.  We may provide this information to service providers and contractors or with other third parties as required by law.

Some of the information we collect may be considered Sensitive Personal Information under privacy laws, such as your social security number, financial information, and information about your health that we collect via automatic technologies. We use your Sensitive Personal Information for legitimate business purposes, including to (i) perform services or provide goods reasonably expected by an average person; (ii) detect security incidents; (iii) resist malicious, deceptive or illegal actions; (iv) ensure the physical safety of individuals; (v) for short-term, transient use; (vi) perform or provide internal business services; or (vii) verify or maintain the quality or safety of a service or device.  We do not sell your Sensitive Personal Information for money, but our use of certain tracking technologies may be considered a “sale” under California law.  If you are a California resident, you can read more about your rights here.

How We Use Your Personal Information

Personal Information that you provide to us and that is subject to this Privacy Policy will be used as described in this Policy.

To Provide and Manage the Services.  This includes, for example, enabling you to participate in features provided by the Services, performing our contracts with you or your employer or business, or with your doctors or other healthcare providers. We also may use information we gather to better understand and serve users and to improve our Services.

To Communicate with You. We may use your personal information to respond to questions you submit via the Services or to communicate with you regarding news, updates, or educational and marketing materials. You may opt-out of receiving commercial email messages from us by following the instructions in those messages.

As Required by Law. We may use your personal information to comply with any applicable legal or regulatory obligations or for any other purpose permitted by law or with your lawful consent. 

De-identification, Pseudonymization, Aggregation and Anonymization.  We may de-identify, pseudonymize (where permitted by applicable law), or anonymize your Personal Information, which means that information that can be reasonably used to identify you will be removed. We create and use such de-identified information as permitted by law or with your consent.  If we de-identify data, we will not attempt to re-identify it unless required or permitted under applicable law. 

How We Share Your Personal Information

At Tempus. We may share your Personal Information internally among our business units and our affiliates in order to provide you our Services and generally to improve our product and service offerings.

With vendors and other service providers. We may share your Personal Information with service providers who perform services for us and act at our direction. These services may include activities such as cloud storage and services, fulfillment services, and other IT services.  We contractually prohibit these service providers from using your Personal Information for purposes other than providing services to us.

In the event of a corporate transaction. In the event we go through a business transition like a merger, acquisition, reorganization, or sale of all or a portion of our assets, we may disclose your Personal Information to the party or parties of such transaction.

To comply with our legal obligations or protect our rights. We will disclose your Personal Information if we think doing so is necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others or when otherwise required by statute, regulation, subpoena, court order, or other law, or if necessary to protect the rights, property, or safety or us, our employees, or others.

With your consent. We may otherwise use information and share information about you with third parties with your consent. We also may provide to third parties information that is not directly identifiable as connected to you, such as information that has been aggregated or de-identified.

Cookies & Other Data Collection Technologies

A cookie is a small file placed on the hard drive of your computer. We use cookies if you have a Tempus account, use our Services, or visit other websites that use the Services. Cookies enable Tempus to offer the Services to you and to understand the information we receive about you, including information about your use of other websites and apps, whether or not you are registered or logged in.. To the extent that your browser broadcasts a “Do Not Track” signal, our website is configured to recognize “Do Not Track” signals.  We also recognize opt-out preference signals contained in HTTP header fields. When we receive an opt-out preference signal, we will process that signal as required by applicable law.

For further information about the types of cookies we use, why and how you can control your cookies, please see our Cookie Notice.

Data Security

We use technical, physical, and administrative safeguards that are designed to improve the confidentiality, integrity and accessibility of your Personal Information. We incorporate secure storage and transmission technologies including encryption, firewalls, access control and audit. We cannot, however, ensure or warrant the security of any information you transmit to us via the Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our technical, physical, or administrative safeguards.

Children’s Privacy Policy

Our Services are not designed nor intended to be used or accessed by children under the age of 16. No one under age 16 should provide any information to or through the Services. We do not intentionally collect Personal Information from children through the Services. If you are under the age of 16, do not use or provide any information on or through the Services. If we learn we have collected or received Personal Information from a child under the age of 16 without verification or parental consent, we will delete that information. If you believe that we may have collected any information, including Personal Information from or about a child under 16, please contact us immediately at privacy@tempus.com.

Data Retention

We will retain your personal information for as long as is reasonably necessary to fulfill the relevant purposes set out in this Privacy Policy and during the period required or permitted by law. The retention period will primarily be determined by relevant legal and regulatory obligations and/or duration of our business relationship with you. We will securely delete or erase your personal information if there is no valid business reason for retaining your data.

Additional Information for Certain State Residents

Additional Information for Nevada Residents

If you are a Nevada resident, you have the right to opt out of the sale of certain personal information to third parties.   At this time, we do not sell your information to third parties 

You may also have additional rights with respect to your consumer health information.  Please see our separate Consumer Health Privacy Notice.

Additional Information for Washington Residents

If you are a resident of Washington, you may have additional rights with respect to your consumer health information.  Please see our separate Consumer Health Privacy Notice.

Additional Information for California Residents

If you are a resident of California, you may be entitled to the privacy rights described below under the California Consumer Privacy Act (“CCPA”). Please note that certain categories of Personal Information, such as PHI, are not covered by the CCPA.

We collect the categories of information described in the “Personal Information and What We Collect” section of this Policy.

We use the personal information we collect for the purposes described in the “How we Use Your Personal Information” section of this Policy.

We have not sold personal information for any monetary value. However, our use of certain website cookies may be considered a “sale” of information under California law. We may have disclosed your health information, internet activity or non-specific geolocation with third parties whose cookies are on our websites. These cookies are used to analyze usage of our website, provide you with relevant advertising and products, and provide additional, dynamic functionality to our websites. You can opt-out of the use of these cookies by using the “Do Not Sell My Personal Information” link. We also recognize opt-out preference signals contained in HTTP header fields.  We do not “share” personal information as that term is used under California law.

We maintain your personal information for the periods described in the “Data Retention” section of this Policy.

In addition, as a resident of California, you may have certain rights with respect to your personal information:

Right to know. You have the right to request:

  • the specific pieces of Personal Information we have about you;
  • the categories of Personal Information we have collected about you in the last 12 months;
  • the categories of sources from which that Personal Information was collected;
  • if we sold or disclosed your Personal Information in the last 12 months and the categories of your Personal Information that we sold or disclosed;
  • the categories of third parties with whom we share your Personal Information; and
  • the purpose for collecting and selling Personal Information.

Right to deletion. You have the right to request that Tempus delete the Personal Information that we have collected or maintained about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.

Right to correct inaccurate personal information. You have the right to request that we correct inaccurate personal information that we maintain about you.

Right to opt-out of the “Sale” of your Personal Information.  You have the right to opt-out of the “sale” of personal information.  To do so you can (i) use the “Do Not Sell or Share My Personal Information” link in the footer of this webpage or (ii) submit a request using the instructions in the “How to make a CCPA request” below.  We also recognize opt-out preference signals contained in HTTP header fields, which permit users to opt-out of any cookies.  You can also update your cookie preferences in our cookie preferences center.

Non-discrimination. Tempus will not discriminate against you in any way if you choose to exercise your rights under the law. However, if we delete your Personal Information based on a request you make, understand that you may be unable to use or access certain features of our Services.

How to make a CCPA request. To exercise your CCPA rights, contact us at 800-739-4137 or email us at privacy@tempus.com. Please note that you may exercise your right to know twice a year free of charge. We endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

We will take steps to verify your identity before processing your CCPA requests. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we collected Personal Information. If you have an account with us, we will use our existing account authentication practices to verify your identity. If you do not have an account with us, we may request additional information about you to verify your identity. We will only use the Personal Information provided in the verification process to verify your identity or authority to make a request and to track and document request responses, unless you initially provided the information for another purpose.

You may use an authorized agent to submit a CCPA request and parents may submit requests on behalf of their children. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

California Confidentiality of Medical Information Act. California law grants California residents, including children, the right to request access to their medical information, in certain circumstances, including mental health records.  You may request access to your medical information by emailing privacy@tempus.com, or by writing us at the address in the Contact Information section below.

Other California Privacy Rights. California’s “Shine the Light” law also gives California residents the right to request certain information regarding our disclosure of their Personal Information to third parties for those third parties’ direct marketing purposes. You may request information regarding the disclosure of your Personal Information to third parties for those third parties’ direct marketing purposes by emailing privacy@tempus.com or by writing us at the address in the Contact Information section below. Please indicate “California Rights” in the subject or attention line of your communication.

Our Legal Basis for Processing Personal Information Under GDPR. 

In most cases, our use of your Personal Information is necessary and in reliance on the legal bases below:

Performance of the service contract. Where we offer Services or enter into a contract with you to provide Services, we will collect and use your Personal Information where necessary to enable us to take steps to offer you the Services, process your acceptance of the offer and fulfill our obligations in the contract with you

Legal and regulatory obligations. The collection and use of some aspects of your Personal Information is necessary to enable us to meet our legal and regulatory obligations and/or cooperating with regulators and other authorities.

We may use your Personal Information for complying with a request or order from a competent court, law enforcement authority or other government agency as well as to enforce, exercise or defend legal claims.

Legitimate interests. The collection and use of some aspects of your Personal Information is necessary to enable us to pursue our legitimate commercial interests. For example, we have legitimate interests in:

  • providing Services;
  • operating our business, and managing and developing our relationships with clients, suppliers and with you;
  • maintain the security of the Service, including compliance and fraud prevention
  • understanding and responding to inquiries;
  • receiving information from third parties and Tempus affiliates to provide services;
  • sharing data in connection with mergers and acquisitions and transfers of business;
  • improving our Services; and
  • understanding how you and our clients use our Services and websites.

Where we rely on this legal basis to collect and use your personal information, we shall take appropriate steps to ensure the processing does not infringe the rights and freedoms conferred to you under the applicable data privacy laws.

Consent.  Where we rely on your consent to collect and use your information, you are not obliged to provide your consent and you may choose to subsequently withdraw your consent at any stage once provided. However, where you refuse to Provide Information that we reasonably require to provide the Services, we may be unable to offer you the Services.  We may reply on your consent to personalize the experience of Services’ users on the Services and send marketing communications.

Substantial public interest. If applicable law allows, we may collect and use your information for a substantial public interest. For example, to prevent or detect unlawful acts or in public health.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your Personal Information. If you have any questions or need more information regarding the legal basis and purpose for processing your Personal Information, please contact us at privacy@tempus.com.

Your European Union and United Kingdom Privacy Rights

If you are a resident of the European Union or the United Kingdom, you have certain data protection rights under the General Data Protection Regulation and its UK implementation (GDPR).

Tempus is committed to providing individuals greater control over the processing of their Personal Information. You are entitled to certain rights under GDPR:

  • Right to request information. You have the right to ask us questions about our processing of your Personal Information, including if you feel information is missing from this Privacy Policy.
  • Right to access. You have the right to request access to your Personal Information.
  • Right to rectification. You have the right to ask us to correct errors, or to complete omissions, in your Personal Information.
  • Right to erasure. You may have the right to ask us to delete your Personal Information. Some people call this the “right to be forgotten.”
  • Right to restriction of processing. You may have the right to limit our processing of your Personal Information.
  • Right to data portability. You may have the right to receive, or have us transmit to another person, a portable copy of your Personal Information.

You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

In addition, you can always reach out to your local data protection authority for more information on your rights. The identity of your local data protection authority depends on where you live, so we are unable to identify it for you. If you live in Europe, we have found this link to be helpful:  https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en

International Transfers

Your personal information may be transferred to, and processed in, countries other than the country in which you are resident.  These countries may have data protection laws that are different to the laws of your country.  Specifically, our Website servers are located in the United States and our group companies and third party service providers and partners operate around the world.  This means that when we collect your personal information we may process it in any of these countries.  However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice. These include implementing the European Commission’s Standard Contractual Clauses and the UK Addendum for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA and the UK in accordance with data protection laws. If you have any questions about cross-border processing, please do not hesitate to reach out to privacy@tempus.com.

Other International Visitors (non-EU or UK)

This website and our Services are hosted in the United States and are intended for visitors located within the United States. Your use of the Services and provision of your information is subject to the laws and regulations of the United States and the State of Illinois. If you choose to use the Services from other regions of the world with laws governing data collection, use and disclosures that may differ from United States law, then you acknowledge and agree that (a) you are transferring your Personal Information outside of those regions to the United States, and (b) the laws and regulations of the United States regarding data privacy and security governing the use and disclosure of Personal Information may differ from those of your country of residence.

Links to Non-Tempus Websites and Services

While using our Services, you may encounter and choose to access websites or online services that may not be associated with us by clicking on hypertext links or icons. These websites may collect data or Personal Information about you and your online activities. Tempus does not control and is not responsible for what these other parties do in connection with their websites or online services, or how they handle your Personal Information.

Changes to This Privacy Policy

It is our policy to post any changes that we make to our Privacy Policy on our website. If we make material changes to how we treat our users’ Personal Information, we will update this Privacy Policy, and where required by applicable law, will make reasonable attempts to notify you of the fact that this Privacy Policy has been updated. The date our Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting our website and this Policy for changes. For any questions or comments regarding this Privacy Policy, please contact us at privacy@tempus.com.

Contact Information

The data controller of your Personal Information is Tempus AI, Inc.  Please contact us with any questions or comments about this Policy, your Personal Information or our Notice of Privacy Practices, or your consent choices by email at privacy@tempus.com or by mail to 600 West Chicago Avenue, Suite 510, Chicago, IL 60654 Attn: Privacy Officer.