Privacy Statement

At Insight Health AI ("Insight Health," "we," "us," or "our"), we prioritize the privacy and security of our users and customers ("you" or "your"), recognizing the sensitive nature of the data we handle in our capacity as a virtual care assistant for clinicians. Our services, including our virtual care assistant (VCA), mobile application, website, and other related offerings (collectively "Services"), are designed with the utmost commitment to safeguarding personal data and Personal Health Information (PHI).

In this Privacy Statement, we detail our practices concerning the collection, use, disclosure, and protection of your personal data. Our services cater primarily to healthcare providers, and as such, we often process PHI as part of our offerings. This Privacy Statement  does not apply to patients who's PHI we process as a Business Associate. If you're interested in learning more about how we process PHI, please click here.

We encourage you to read this statement thoroughly to understand how we manage your data, our commitment to protecting your privacy, and your rights and responsibilities as a user of our Services. This document is designed to provide clarity and transparency about our data practices, reinforcing our dedication to earning and maintaining your trust.

Insight Health AI, Inc. reserves the right to change this Privacy Policy from time to time. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your account, by placing a prominent notice on our application, and/or by updating any privacy information. Your continued use of the application and/or Services available after such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by that Policy.

This Privacy Statement applies to visitors to the Website, who view only publicly-available content (“Visitors”), customers who have signed up to access and use the Platform (the “Customers”), and Customer’s employees and contractors authorized by Customer to access and use the Platform (“Authorized Users”).

By visiting our Website, Visitors are agreeing to the terms of this Privacy Statement and the accompanying Terms of Use.

By accessing and/or using the Platform, each Customer and Authorized User is agreeing to the terms of this Privacy Statement and the accompanying Platform Terms of Service.

Capitalized terms not defined in this Privacy Statement shall have the meaning set forth in our Terms of Use.

At Insight Health AI, our mission is to provide comprehensive virtual care assistance to healthcare professionals. In fulfilling this role, we collect and process a variety of data types, ensuring the utmost respect for your privacy and confidentiality. Here's an overview of the information we may collect from you when using our Services:

Personal and Professional Data

• Identification Information: Includes your name, mailing address, email address, and phone number, which are essential for establishing and maintaining your account and communication with us.
• Professional Information: For healthcare professionals, this covers employer details, job title, and other work-related information, helping us tailor our services to your professional needs.

Technical Data

• Device and Usage Information: We collect data about the devices you use to access our Services, including operating system, browser type, IP address, and usage patterns. This data helps us improve system performance and user experience.
• Tracking Technologies Data: As detailed in Section 6, we employ tracking technologies for analytics and functionality enhancements. This includes cookies, web beacons, and similar technologies.

Account Data

• Account Credentials: For accessing our Services, we require you to set up an account with a username, password, and other necessary authentication details.

Third-Party Data

• Supplementary Information: With your consent, we may gather additional information from third-party sources like insurance companies, other healthcare providers, and wellness apps. This helps us provide a more integrated and comprehensive service.

Handling of Data

• Confidentiality and Security: All data is treated with the highest level of confidentiality. We employ stringent security measures to protect against unauthorized access, disclosure, or misuse.
• Use of Data: We use the information primarily to provide and improve our Services, support healthcare professionals, and comply with legal requirements.

At Insight Health AI, our utilization of the information we collect is guided by a commitment to privacy, security, and the ethical handling of data. Here is an overview of how we use the information gathered through our Services:

For Service Provision

• Healthcare Support: The primary use of personal data is to support healthcare providers in delivering patient care with our virtual care assistant (VCA) functionalities.
• User Account Management: Personal and professional data, along with account data, are used for managing user accounts, facilitating communication, and ensuring secure access to our Services.

For Enhancing User Experience

• Personalization: We leverage technical and usage data to tailor the user experience, ensuring that our Services are responsive to the needs and preferences of healthcare professionals.
• Service Improvements: Feedback, inquiries, and interactions across various communication channels are used to enhance service delivery and address user needs effectively.

For Communication Purposes

• Updates and Information: Users are informed about service updates, new features, and other relevant announcements, with the option to manage their communication preferences.
• Research and Surveys: With explicit consent, we may use collected data for conducting research and surveys to gain insights for service improvement.

Anonymization and De-identification

• Use of Anonymized Data: Where possible, we anonymize or de-identify personal data and make reasonable efforts to limit use of personal data to the minimum necessary to accomplish the intended purpose.

For Security and Compliance

• Fraud Prevention: Technical data plays a crucial role in detecting and preventing fraudulent activities, ensuring the security of our Services.
• Regulatory Compliance: We adhere to legal and regulatory requirements in all our data handling practices.

We may take anonymous, aggregated, or de-identified data for product improvement and data analysis. Since this data cannot identify you or any individual personally, we may use it for general research and development purposes without further notice or consent.

We utilize tracking technologies like cookies, web beacons, pixels, SDKs, and other identifiers for certain functionalities, to collect usage statistics and data analytics, optimize site functionality, and provide you with a personalized experience.

Tracking Technologies for Site Functionality and Analytics

• Purpose: We use tracking technologies to collect usage statistics and data analytics, which help us optimize site functionality and understand user behavior. This, in turn, enhances your experience with our Services.
• Control: You have control over the use of these cookies and tracking technologies at the individual vendor level. Opt-out methods specific to Insight Health tracking are provided, as detailed in Section 10.

Examples of Tracking Technologies Used

• Analytics Services: Google Analytics, Mixpanel, Segment.
• Communications Services: Twilio, SendGrid.
• Infrastructure: AWS Cloud Services.
• Authentication: Frontegg.
• Other Vendors: Deepgram, Eleven Labs.

There are limited situations where we may share your personal information with third parties:

• Service Providers: We may share your data with vendors and partners that provide services critical for our operations, such as website hosting, cloud infrastructure, payment processing, and customer support. These third-parties are bound by stringent privacy terms and conditions.
• Legal Requirements: We may disclose your information if required by law enforcement, regulators, or other government authorities. We may also disclose your information if required to protect our legal rights, users, or the safety of the public.
• Business Transactions: If we undergo a merger, acquisition, bankruptcy, or other transaction involving the transfer of our business assets, your data may be transferred as part of this transition. You will be notified of any such event.

Other than the above, we do not share, sell, rent, or trade your personal information without your explicit consent, except to comply with laws, lawful requests, or legal process.

We take extensive measures to protect the security of your data including:

• Encryption of data in transit using TLS/SSL, and encryption of data at rest using AES-256 or similar protocols
• Strong access controls such as multi-factor authentication, strict password policies, and role-based access restrictions
• Regular security monitoring, penetration testing, and vulnerability assessments
• Timely breach notification protocols in case of any suspected or actual incidents
• Securing the infrastructure hosting your data as per industry security standards
• Restricting employee access to your data only on a need-to-know basis

We retain personal data in an identifiable format only for as long as necessary to fulfill the purposes outlined in this statement, as required by law, or pursuant to your consent.

You may exercise the following rights over your personal data:

• Access or edit your personal data that we hold
• Object to the processing of your data for certain purposes
• Opt out of non-essential communications and direct marketing
• Request erasure of your personal data
• Restrict our use of your personal data
• Port parts of your data to other services
• Receive an electronic copy of your personal data

To make privacy requests, please contact us via the details in Section 14. We will address all requests in line with applicable laws.

You may control the use of cookies and opt out of tracking by third-parties for advertising purposes:

• Managing Cookies: Adjust cookie consent settings available on our website footer. You can choose which cookies to allow.
• Global Opt-Outs: Opt out of targeted advertising by members of the Network Advertising Initiative by visiting http://optout.networkadvertising.org or Digital Advertising Alliance by visiting http://optout.aboutads.info.
• Analytics: Opt out of Google Analytics data collection by installing the browser add-on available at https://tools.google.com/dlpage/gaoptout.
• Communications: Click "unsubscribe" on any marketing email from us. This will not opt you out of essential account notifications.

We currently do not transfer your personal data outside the United States. Our operations as of now are exclusively within the US. If this changes, you will be notified with options to determine whether your data may be transferred.

We do not knowingly collect or solicit Personal Information from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services or send any information about yourself to us. If we learn that we have collected Personal Information from a child under age 16, we will delete that information as quickly as possible. If you believe that a child under 16 may have provided us Personal Information, please contact us at privacy@insighthealth.ai

We may update this Privacy Statement from time to time by posting an updated version and revising the date at the top. Please check back periodically for updates. Continued use of our Services after any changes constitutes your acceptance of the revised statement.

For any inquiries or concerns about this Privacy Statement or our privacy practices, please contact us at:

Email: privacy@insighthealth.ai

Address: PO BOX 170945, Austin, Texas 78717-0037, United States

Under the California Consumer Privacy Act, California residents have certain rights with respect to their personal information, such as the right to request access, deletion, and being informed about personal data collection, use, and disclosure practices. To make privacy requests, California residents can contact us as outlined above.

• Non-Discrimination: We will not discriminate against any California resident exercising their CCPA rights.
• Do Not Sell: We do not sell personal information of our users.
• Shine the Light: California residents may request a list of third parties to whom we have disclosed certain personal information (as defined under California law) for direct marketing purposes.

Nevada residents have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that information. At this time, we do not engage in such activities. However, if you have any privacy concerns, you can contact us as provided above.