Research Beyond Walls by Mayo Clinic Privacy Policy

March 25, 2026

Welcome to the Research Beyond Walls by Mayo Clinic app (“RBW App” or “App”), an online information and communications service provided by Mayo Clinic and all affiliates (“Mayo Clinic” or “We” or “Us”).

This Privacy Policy applies to the RBW App. Other Mayo Clinic and non-Mayo applications and online properties may have their own Privacy Policies and Terms of Use that apply to those digital properties.

We take your privacy seriously, and we want you to know how we collect, use, share, and protect your information. We have specific additional policies and a Notice of Privacy Practices related to your patient information (protected health information or PHI).

In addition to this Privacy Policy, you may also wish to review the RBW End User License Agreement (EULA), Mayo Clinic website Terms of Use and Privacy Policy as well as the Privacy Policies, EULAs or Terms of Use for any apps with which you allow the RBW App to share data.

Information We Collect

Information you give us: We respect the right to privacy of all users of the RBW App and all visitors to our Mayo Clinic sites. We receive and store information that you provide through the App, which may include:

  • Data that may personally identify you. This may include your name, email, mailing address, IP address, telephone number and other demographic information (collectively, “Personal Data”).
  • Health information you input into or share with the App.
  • Information that you provide by filling in forms, including information you provide when you register to use the App. We may also ask you for information when you report a problem with the App.
  • Records and copies of your correspondence (including email addresses), if you contact us.; and
  • Your responses to surveys that we might ask you to complete for research, development, and marketing purposes.

Information we collect automatically: We collect information about you automatically as you use the App. Information collected automatically may include usage details, IP addresses, and information about the equipment you use to run the App:

  • Usage Details. This may include the dates and times you use the App, error information, and information about how you use the App.
  • Device Information. Information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, browser type, and App version information.
  • Location Data. If you enable location data, we may collect and use geolocation information. You may disable this functionality on your mobile device by removing permission for the RBW App to use location services at any time.

The information allows us to:

  • Conduct research and facilitate your participation in Mayo Clinic research studies, including clinical trials;
  • Identify errors and troubleshoot the App;
  • Improve our product and services;
  • Customize the App according to your individual interests; and
  • Recognize and/or authenticate you when you use the App.

We may combine this information with any other information we have about you, including, if you are a Mayo Clinic patient, any PHI we have about you. If we combine this information with your PHI, we will treat all of that information as PHI and will only use or disclose that information as set forth in our Notice of Privacy Practices.

Email communications, newsletter, and related services

Our App may provide you with the opportunity to receive communications from us or third parties. For example, you may be able to use the App to sign up for free Mayo Clinic email newsletters. Any participation is voluntary and you can always unsubscribe from any communications at any time.

Email or other communications that you send to us via the App may be shared with our research staff, a customer service representative, employee, medical expert, or agent that is most able to address your inquiry.

We make every effort to respond in a timely fashion once communications are received.

Surveys

You may be asked to complete research surveys through the RBW App. Your responses are shared with your research team and any research partners on the study per the study terms.

We also occasionally survey users of the App. The information from these surveys is used to improve the App. Participation is voluntary. Aggregate and deidentified information may be shared with third parties with whom we have a business relationship. If a survey asks for personal information (such as an email address), it is shared only with those people who need to see it to respond to the question or request, or with third parties who have appropriate agreements in place to protect the privacy of your data.

Texting

If you sign up to receive texts, you are consenting to receive text messages related to your use of the App, including updates and reminders. These texts are unencrypted and message and data rates may apply. Message frequency may vary. Carriers are not liable for delayed or undelivered messages.

You can always opt-out of SMS messages by texting STOP. Your opt-out request will generate one final message confirming that you have been unsubscribed. You can rejoin at any time.

If you are experiencing issues with messaging, you can reply with the keyword HELP for more assistance.

Data retention

We will retain your information for as long as your account is active or as needed to perform our research, provide you services, comply with our legal obligations, resolve disputes, and honor our agreements. You may request that we delete your data by contacting us as provided below. However, we may not be able to honor that request in all instances given the laws and regulations that apply to us. For example, under US state and federal law, we may be required to maintain some data that is specific to you and that may identify you, such as your medical records or other health information. We may also have a legal basis or obligation to maintain medical and other information about you to provide care and treatment or to comply with our professional, legal, and other obligations.

Disclosure of your information

We may share the information we collect about you with third parties who assist us with our research or who we have engaged to help us design and maintain the App. Your Personal Data may also be disclosed to affiliates, contractors, service providers, and other third parties we use to support our business. Again, any use of protected health information will comply with our Notice of Privacy Practices and any authorization or consent you have provided.

The services provided by these organizations may include facilitating our research and providing IT and infrastructure support services. We will ask you before sharing your information for any marketing or advertising. In every case, we will ensure that these third parties have agreed to safeguard your data.

We may provide third parties with aggregate and deidentified data collected during your use of the RBW App for research, educational, performance analysis, product development, and publication purposes, but this data will not contain information that personally identifies you unless you have given us permission to share that information.

We may also disclose your Personal Data:

  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Mayo Clinic about our RBW App users are among the assets transferred;
  • To fulfill the purposes for which you provide it;
  • For any other purpose disclosed by us when you provide the information;
  • With your consent;
  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • To enforce or apply the RBW EULA, our Terms of Use and other agreements; and
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Mayo Clinic, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Your rights regarding your information and accessing and correcting your information

For non-patient information, you can Contact Us through the Contact Information below to access and/or find out what information we have about you and to correct that information.

You may also notify us through the Contact Information below of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or if we have a legal basis or obligation to maintain it, or if it would cause the information to be incorrect.

If you are a patient of Mayo Clinic, you can access the patient-related information that we maintain about you through our Patient Portal or through our health information management department. For more information about requesting your medical records, ask us or go online to the Patient and Visitor Guide for the location where you receive your care, then explore the release of information options: https://www.mayoclinic.org/patient-visitor-guide.

You also can request a correction to your patient information through our Patient Portal or health information management department. You may also remove the RBW App from your device; however, we are still required to maintain your patient-related information under the Health Insurance Portability and Accountability Act (HIPAA) and other federal and state laws.

Security

We use reasonable security measures to protect the confidentiality of personal information under our control, and we appropriately limit access to it. We use a variety of information security measures to protect your online transactions with us. The RBW App and Mayo Clinic sites use encryption technology, such as Secure Sockets Layer (SSL), to protect your personal information during data transport. SSL protects information you submit via our website, such as your name and address. That being said, Mayo Clinic cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. We have taken reasonable steps to ensure the integrity and confidentiality of personally identifiable information that you may provide. You should understand, however, that electronic transmissions via the internet are not necessarily secure from interception, and so we cannot absolutely guarantee the security or confidentiality of such transmissions.

International Users

If you reside outside the United States in a country with an applicable international data protection law, the following information applies with respect to personal data collected through your use of the RBW App.

Personal data collected from you outside of the United States will be subject to applicable data protection laws. We will honor your rights under applicable law. Any information collected from or generated by you while in the US will be subject to the federal and state laws of the United States.

Types of personal data we collect: Some of the categories of information that we may collect or you may provide are special categories of personal data, such as:

  • Your name, contact information, and other demographic information;
  • Your sex at birth, gender identity, sexual orientation, sexual activity, age, year of birth, body weight and height;
  • Religious, philosophical and political beliefs to the extent such beliefs are relevant to the services provided to you;
  • Biometric and genetic information;
  • Your race and ethnicity;
  • Your health and medical records, information, and data, including your health status, medical history, medications, and referrals; and
  • Billing and financial information.

Mayo Clinic will use, process, and disclose your personal data as described in this notice.

Purposes of processing and legal basis for processing: As explained above, we process personal data in various ways depending upon your use of our services. We process personal data on the following legal bases: (1) as necessary to perform our agreement to provide services; (2) with your consent; (3) as necessary to promote and protect public health, public interests, and the vital interests of you or others, (4) to perform scientific research; (5) as required under the laws of the jurisdictions where we operate and to comply with our legal obligations; and (6) as necessary for our legitimate interests in providing our services where those interests do not override your fundamental rights and freedoms related to data privacy. Note that when we rely upon consent, we will provide you with an opportunity to opt-in or opt-out. You can inform us of any changes in your preferences by contacting us at privacyoffice@mayo.edu.

Transfers: Personal data we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or processors maintain facilities. We will ensure that international transfers of personal data have appropriate safeguards.

Your rights: To exercise your rights under applicable international data protection law, please contact Mayo Clinic’s Privacy and Data Protection Officer at privacyoffice@mayo.edu. In addition to the rights discussed above, you may ask to receive copies of your personal data. You may also ask us to erase your personal data if it is no longer necessary for the purpose for which we collected it, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing. You may also restrict or object to our processing of your personal data if we are processing it based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling), or using your data for direct marketing (including profiling). Note that in some instances we are legally required to retain records pursuant to the record retention laws of the jurisdictions where we operate. In order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you.

Complaints or concerns: You are welcome to raise any complaints or concerns to Mayo Clinic by contacting Mayo's Privacy and Data Protection Officer at privacyoffice@mayo.edu. You also have the right to lodge a complaint with a supervisory authority.

Protecting children's privacy

Other than our Patient Portal, our sites and apps, including the RBW app, are not intended for users under 18 years of age. No one under age 18 may provide any information to or through the App. We do not knowingly collect Personal Data from users under 18. If you are under 18, do not use or provide any information on or in the RBW App, our sites or any of their features, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received Personal Data from a user under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from a user under 18, please contact us at the contact information below.

Our Patient Portal is available to patients 18 years of age and older. It is also available to patients who are between the ages of 13 years old and 17 years old with the permission of their parents or legal guardians.

Links to other websites

Our sites may link to other websites that have their own privacy policies. Be sure to review the privacy policy on the site you're visiting.

Privacy policy updates

We may need to update our Privacy Policy as technology changes and Mayo Clinic evolves. If we make significant changes to this Privacy Policy, we'll post a prominent message on our websites.

California residents

Mayo Clinic is a not for profit exempted from the California Consumer Privacy Act (CCPA).

California Civil Code Section 1798.83 (California's “Shine the Light” law) permits users of our sites that are California residents and who provide Personal Data in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of Personal Data to third parties for their own direct marketing purposes. If applicable, this information would include the categories of Personal Data and the names and addresses of those businesses with which we shared your Personal Data with for the immediately prior calendar year. You may request this information once per calendar year. To make such a request, please contact us using the information below.

Contact information

If you have questions or concerns about a research study or clinical trial that you are participating in, please contact the Principal Investigator or a member of the study/trial team for assistance.

If you have a question or concern regarding your privacy, please contact Mayo Clinic's Privacy Officer using the contact information below:

Mayo Clinic Privacy Officer
200 First St. SW
Rochester, MN 55905
507-266-6286
privacyoffice@mayo.edu