Privacy Policy for mHealthy Buckeyes

This Privacy Policy describes how information is collected, used, and protected within the mHealthy Buckeyes mobile application. Developed by The Ohio State University, this app is part of an IRB-approved research study designed to promote healthy eating and physical activity behaviors among cancer survivors and their caregivers. The app supports a 12-week behavioral intervention and is intended for use only by individuals who are actively enrolled in the study or part of the study team.

The app collects several types of information to support study goals and provide a personalized experience. Self-reported information includes responses to weekly symptom check-ins, surveys, behavior tracking tools (such as logging meals and activities), and reflections related to behavior change. If participants choose to connect a Fitbit device, the app may access activity data via a secure, encrypted OAuth connection. This includes, but is not limited to, health-related data such as daily step counts, heart rate, sleep metrics, and activity intensity levels. During the study, and in alignment with the IRB-approved protocol, the study team creates login credentials for Fitbit accounts on behalf of participants to facilitate data retrieval for research purposes. Additionally, the app passively records usage data such as timestamps of logins, engagement with educational modules, and completion of weekly assignments. No GPS location data, contact lists, or other sensitive mobile data are collected.

The information collected is used to support the delivery of the intervention, enable personalized recommendations, and facilitate health coaching sessions. Deidentified data will also be used for research analysis, in accordance with the approved research protocol. Only study personnel approved by the IRB will have access to identifiable data, and no identifiable information will be sold or shared with third parties. Deidentified, aggregated data may be shared in scientific presentations and publications.

Some limited third-party integrations are used. Fitbit data is only collected if the user voluntarily connects their device and grants permission. Fitbit’s privacy and data use policies apply to this data, and users are encouraged to review Fitbit’s own privacy policy. Other than this optional integration, no third-party entities receive access to data collected by the app.

All data is stored on secure, Ohio State approved servers and is encrypted both in transit and at rest. Participant data stored on their mobile device is minimal and consists only of temporary session information needed for app functionality. Data will be retained for five years following study completion, consistent with Ohio State’s research data retention policies. Participants may request access to their data, request corrections, or ask that their data be deleted by contacting the study team. If a participant withdraws from the study, no further data will be collected, but previously collected data may be retained in accordance with the research protocol.

The app is not intended for use by individuals under the age of 18. No data is knowingly collected from individuals under the age of 18. Participants have the right to withdraw from the study at any time without penalty. For questions about this policy or the study, participants may contact the Principal Investigator, Dr. Roberto M. Benzo, at Roberto.Benzo@osumc.edu. Questions or concerns about research participant rights can be directed to the Office of Responsible Research Practices at hsconcerns@osu.edu.

This privacy policy may be updated over the course of the study. Any significant updates will be communicated to participants directly through the app or via email.

Back