Statement on use of Data and Privacy
Naitur AI Lotus is an ethical
data-driven
enterprise.
As part of our commitment to this, Naitur AI will continually stay abreast of, and adhere to data ethics best practices like those outlined by DataEthics.eu. These commitments include – but are not limited to – principles such as Naitur AI never selling the personally identifying information or personal health information of our users. In addition, Naitur AI de-identified, aggregated, and anonymized data will only be used for research purposes and will never be used for marketing purposes.
Beyond this, here are five key ways we attempt to maintain your privacy and operate as an ethical data driven business:
Privacy First
Privacy is of the utmost priority for Naitur AI. In designing our product, we kept privacy at the forefront of this process. You can learn about what information we collect, how we protect your identity, how we store your information, and what we do with your information below.
What Information We Collect
When you register and use our platform, we collect personal information such as your name, email address, and web behavior information (including your IP address). We collect personal health information and health outcome information through your intake forms, treatment information, and survey responses you, or your practitioner provides.
How We Protect Your Identity
Naitur AI makes use of aggregate information for conducting our research and delivering collective insights to the community and our practitioner customers. Aggregate information is data that has been amalgamated from multiple participants and is not linked to any specific individual. In addition, we will offer the ability to use Naitur AI entirely pseudonymously, further protecting your privacy by removing the need to provide any personally identifiable information during registration.
How We Store Your Information
This personally identifiable information and all registration information will be stored separately from any aggregate information used for research purposes to minimize any possibility of identities being discovered from our research data.
Third Party Technologies We Use
What We Do With Your Information
The information that our users (Practitioners and Clients) provide us with, as well as any passively collected data from interactions with our platforms, is used to communicate with our customers, optimize our services, conduct research, and deliver collective insights and benchmarks to our users. We will never sell or lease your personal data, and aggregate data will never be used for marketing purposes.
Your Data, Your Choice
Part of Naitur AI core mission is to help accelerate the rate of acceptance of psychedelic medicine. We believe that in order to do this, the world of psychedelic medicine needs better data to surface safe, effective practices for scale. For this reason, gathering collective insights from across our user base is of the highest priority. We believe that by amalgamating our aggregate data, we can help impact the rate of acceptance of this revolutionary approach to healing. You can learn more about how collective insights improve health outcomes, how your data is handled, and who has access to your data below.
Right to choose
Through your account preferences, users are provided with controls over how their data is used within the Naitur AI ecosystem. Users have the ability to opt-out of each individual way their data is used within our Services, including but not limited to, choosing whether to share your data in Naitur AI aggregate data, to participate in any research activities, as well as choosing how Naitur AI and our partners communicate with you and on what topics.You can regularly reassess and change the settings around how your information is stored, used, and shared at any time in your account preferences or by contacting privacy@naiturai.com directly.
Right to be anonymous
Naitur AI will provide users with the option to register entirely pseudonymously fully protecting their identity. Users who elect to do this will not have any limitations put on their experience apart from features being disabled to protect their identities (e.g. calendar sync).
Right to be forgotten
Naitur AI complies with all GDPR and CCPA legislation. As such, a GDPR “right to be forgotten” request, can be sent to security@naiturai.com. A sample letter for such a request can be found here. Please note that it takes up to 30 days to process such requests.
Research With Consent
Part of Naitur AI mission is to contribute to ongoing research and insights on the efficacy of psychedelic-assisted therapy. In order to successfully carry out our mission, Naitur AI supports research through a combination of analyzing our aggregate data, and direct market research activities. You can learn more about our opt-in/out policy, how we protect your identity, and the details of how we support third party research below.
Ability To Opt-in/Out Of Research
Naitur AI research consists of analyzing aggregate information, conducting research surveys, and working with selected third-parties to support their research goals. You can opt out of any or all of these at any time. You can regularly revoke, reassess, and change the settings regarding how your information is stored, used, and shared at any time in your account settings or by contacting privacy@naiturai.com directly.
How We Protect Your Identity In Our Research
Our research makes use of aggregate information. Aggregate information is data that has been amalgamated from multiple participants and is not linked to any specific individual. When your data is compiled into aggregated information, all personally identifiable information is removed and combined with other participants’ data so that no individual can reasonably be identified.
People who have chosen to participate in studies that involve the treatment of specific conditions may be asked to provide additional consent forms for researchers to reference their de-identified, individual-level information for ongoing research. As with everything, this is your choice.
Choose To (Or Not To) Participate In Third Party Research
The de-identified and aggregated data gathered may also contribute to the research of selected third-party institutions working with Naitur AI. These third-parties may also field research studies via our network to you. It will always be your choice to take part in these studies via an explicit opt-in.
Data For Good
Part of Naitur AI core mission is to help accelerate the rate of acceptance of psychedelic medicine. We believe that in order to do this, the world of psychedelic medicine needs better data to surface safe, effective practices for scale. For this reason, gathering collective insights from across our user base is of the highest priority. We believe that by amalgamating our aggregate data, we can help impact the rate of acceptance of this revolutionary approach to healing. You can learn more about how collective insights improve health outcomes, how your data is handled, and who has access to your data below.
Collective Insights Improve Health Outcomes
Naitur AI uses aggregate information to develop collective insights to help further the collective understanding and knowledge of psychedelic medicines, protocols, efficacy, and approaches. This insight is available within the Naitur AI Practitioner platform to help practitioners better understand how their approaches compare to the cross-practice benchmarks we develop using this information. This in turn helps to identify areas for improvement and helps our practitioner customers to improve their health outcomes.
How Naitur AI Handles Data For Use In Collective Insights
We collect your individual-level information into what is called aggregate information. All Personally Identifiable Information has been removed in aggregated information. We use and share this aggregated information with selected third parties in order to conduct our own research, develop research reports, educate our users, and improve our services.
Access To Your Data
Naitur AI will never sell or lease the personally identifying information or personal health information of our users. We will actively prevent your individual-level information from being viewable, downloadable, or exportable from our systems. In addition, Naitur AI de-identified, aggregated, and anonymized data will only be used for research purposes and will never be used for marketing purposes.
Zero Trust Security
Naitur AI believes that your health information requires very high level of security. Please read below to understand how we protect your information. You can learn more about user access and how our standards to secure and encrypt your information below.
Limited User Access
We limit data access to authorized personnel, based on job function and role. Naitur AI access controls include multi-factor authentication, and strict least-privileged authorization policy. All access to services deployed by Naitur AI are authenticated, authorized, and encrypted.
Standards and Procedures
Our practices include, but are not limited to, the following areas:
Zero-trust is a security principle believing that organizations should not inherently trust anything inside or outside of their perimeters and instead should verify anything trying to connect to their systems (without using a VPN).
Zero-Trust Cloud Networks at Naitur AI
With a secured Zero-Trust architecture as outlined above (based on BeyondCorp), we can build layered security on top of applications and resources without the need for a VPN, while still centrally managing access. This can even extend beyond GCP to applications hosted in other cloud platforms like AWS and Azure.
ISO/IEC 27001:2013 certification
Our information security management system, which protects Naitur AI systems, has been certified under the ISO/IEC 27001:2013 standard. View or download our certification here.
Encryption
Naitur AI uses industry-standard security measures to encrypt patient data both at rest and in transit in compliance with HIPAA standards.
While our engineering team periodically reviews and improves our security measures to ensure compliance with best privacy practices, no digital system is one hundred percent secure and it is impossible to guarantee security of any such system.