Participant Services Privacy Policy
Naitur AI, PBC (referred to as Naitur AI, us, or we) provides web apps and any related offerings ("Services") pursuant to our SaaS End User License and Services Agreement ("License") with you. This Privacy Policy (“Policy”) is a disclosure of Naitur AI privacy practices. More specifically, this policy outlines the data we collect, how we use this information, and in what circumstances we may share this information to third parties.
Use of www.naiturai.com or other Naitur AI websites and Naitur AI Research Surveys (www.naiturai.com/privacy-policy) are governed by their own privacy policies. Please contact privacy@naiturai.com if you have any questions.
Your healthcare provider (Provider) has a contract with Naitur AI to use our software platform to manage, measure, and illustrate health outcomes. Naitur AI services to you are offered as a component of Naitur AI services to your Provider.
BY USING THE SOFTWARE AND SERVICES, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE OR SERVICES.
Data We Collect
Naitur AI Services are used to collect and create multiple types of data, which include:
Participant-Identified Data means data stored within Naitur AI Services which is uniquely associated with you, the Participant, and can include information about the past, present, or future health status, health care, or payment for health care, or any other individually-identifiable information about you, the Participant.
De-Identified Data means data, derived from Participant-Identified Data, which has been deidentified using a process approved under the HIPAA Privacy Rule Naitur AI collects information you willfully provide. For example, any forms you fill out with personally identifiable information, such as your name, email address, phone number or other information will be stored. Your Provider may ask you to complete health histories, health outcome surveys, or other questionnaires related to your health, all of which are stored.
When you use our Services, we also collect non-personally identifying information, including the browser type, language preference, referring site, and the date and time of each visit. This information is used by Naitur AI to understand how users interact with and in optimization of our Services.
Naitur AI also collects potentially personally identifiable information like Internet Protocol (IP) addresses for users that log into our Services.
Naitur AI collects other data relating to the provision, use and performance of various aspects of the Services and related systems and technologies, for example, the features and functions of the system that you use, and the speed of system processing.
Use of Data
Naitur AI may communicate with you if you have provided us the means to do so. For example, if you have given us your email address, we may send you emails on behalf of Naitur AI related to promotions, product updates, as well as general brand information, or email you about your use of the Services. Also, we may receive a confirmation when you open an email from us. This confirmation helps us improve our communications with you. If you do not want to receive communications from us, please indicate your preference by sending an email to unsubscribe@naiturai.com.
Naitur AI’s uses of data collected include: (i) Naitur AI uses information collected to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Naitur AI offerings, (ii)Naitur AI uses Participant-Identified Data to create De-Identified Data, (iii) Naitur AI uses De-Identified Data in connection with its business, including to deliver services to other customers (iv) Naitur AI uses information collected for clinical research and other outcomes studies.
Sharing of Data
Any disclosures of any Participant-Identified Data, which may include Protected Health Information as defined by HIPAA, are strictly limited and performed only in accordance with law, including the HIPAA regulations and the terms and conditions of the HIPAA Business Associate Agreement between Naitur AI and your Provider. Naitur AI always provides the opportunity for users to Opt-Out or revoke the permissions granted at a later date.
Naitur AI may disclose De-Identified Data as follows: (i) Naitur AI may discloses De-Identified Data in connection with its business, including to deliver services to other customers, (iii) Naitur AI may sell or share De-Identified Data with third parties, and (iv) Naitur AI may release high-level findings based on and including the De-Identified Data publicly, including to the press, media, and public websites. Naitur AI offers Opt-Out provisions for certain sharing of De-Identified data as detailed in the Participant SaaS End User License and Services Agreement.
Third Party Technologies We Use
- Google Cloud Platform Primary cloud application and data service which hosts the Naitur AI api, databases and related data infrastructure, and web applications.
- Auth0 Primary authentication and authorization platform that secures Naitur AI web application and provides SSO to 3rd party services.
- Sendbird A SaaS company that provides electronic messaging services to the Naitur AI Platform.
- SendGrid An email SaaS company that provides a programmable email API and email delivery for the Naitur AI Platform communications.
- Stitch Data A data SaaS company providing an ELT service that can ingest data from multiple data sources into a traditional data warehouse.
- Zoho One Zoho One is an online CRM software that Naitur AI uses to manages our sales, marketing and support in one CRM platform. Zoho Desk is used for our support ticketing system.
Disclosures to law enforcement, judicial bodies, and regulatory authorities
Under certain circumstances, the information that you have provided can be subject to disclosure to law enforcement agencies, for compliance with a judicial or another government subpoena, warrant or order, or in response to requirements of regulatory or other governmental authorities. If this occurs and there is no specific obligation that prevents us from doing so, we will notify you of the disclosure.
Please note, after response to a subpoena there is always a risk that the disclosed data could be accessed by the requesting party. Naitur AI cannot provide any further protection against this.
Insurance company & employer requests. Naitur AI will not provide any person's data (PHI, PII, or non-PII) to an insurance company or employer. We are supporters of legislative efforts intended to prevent discrimination and to safeguard individuals' privacy.
Security
The security of your Personal Information is important to us, but some security weaknesses could exist. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
Our practices include, but are not limited to, the use of the following security controls:
- Security certifications. All data is stored only using hosting services that have complied with rigorous security certifications including HITRUST, ISO 27001, SOC 2 and others.
- Segregation of Data. Sensitive data such a Participant-Identified Data is stored separately from less sensitive data, to reduce the possibility that non-authorized individuals could access the sensitive data.
- Encryption. Naitur AI uses industry-standard security measures to encrypt patient data both at rest and in transit.
- Limited access to essential Naitur AI personnel. Access to data is strictly limited to authorized personnel based on a need-to-know.
While our engineering team periodically reviews and improves our security measures to ensure compliance with best security practices, it is impossible to guarantee that breaches in security will not occur. As we value our users' opinions, we encourage you to provide feedback and contribute to ongoing best practices by contacting us at privacy@naiturai.com.
Links to External Sites
Naitur AI website may include links to external websites that are not controlled nor operated by Naitur AI. By clicking on a third party link, you will be redirected to that website. Please review the Privacy Policy and terms of conditions on their website for further information.
Cookies
Naitur AI Lotus uses cookies and similar tracking technologies when you visit our Services to improve your experience of using our Services. Cookies are text files that contain small amounts of information that are downloaded to your computer/mobile device/tablet when you use an application. This information includes personal preferences (such as language or login information). Cookies keep track of which browsing device has visited a certain application before.
There are two types of cookies: session cookies and persistent cookies. A session cookie collects information while a browser has an application open. This information is automatically deleted when you close your browser. A persistent cookie is information that remains until you or your browser deletes the cookies.
There are also first- and third-party cookies. First party cookies are set by our application. These cookies provide Naitur AI with analytics. Third party cookies are set by external parties and can recognize your device while you are on our application and when you use other websites. These third-party cookies can be collected when you click on an external website link. We encourage you to review all third-party privacy policies and cookie policies as we are not liable for their policies once you leave our application.
Users who do not wish for Naitur AI to collect or use cookies should set their browsers to refuse cookies before using our applications. Please note that certain features on the application may not be available without the aid of cookies.
State Law & Privacy Rights
California Residents Rights
Under California Civil Code Sections 1798.83-1798.84, some California residents have specific rights regarding their personal information. These rights are subject to certain exceptions that can be found here. Further, if you are a current, former, or prospective employee or if we have collected or processed your personal information in connection with our business with a company, partnership, sole proprietorship, nonprofit or government agency, and you are an employee, owner, director, officer, or contractor of that entity, rights 1-3 below are not available to you until at least January 1, 2021.
Right to Disclosure of Information: You have the right to request that we disclose certain information regarding our practices with respect to personal information.
Right to Delete Personal Information: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
Right to Opt out of Sales of Your Personal Information: You have the right to direct a business that sells your personal information to third parties not to sell your personal information. This right is referred to as “the right to opt-out.”
Right to Non-Discrimination: You may exercise your rights under the CCPA without discrimination.
Direct Marketing and Do Not Track Signals: Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year about the personal information we shared with other businesses for their own direct marketing purposes.