Privacy Policy
Introduction
This Privacy Policy is designed to inform users of Whiterabbit.ai, Inc. (“Company,” “we,” and “us”) websites, mobile applications and services (collectively, the “Application”). This Privacy Policy covers how Company treats your Personally Identifiable Information (“PII”), Protected Health Information (“PHI”), and other data that you may share when you use the Application (“Data”) (PII, PHI and Data collectively hereafter “Personal Information”). We established this Privacy Policy to let you know the kinds of information we may collect, why we collect your information, what we use your information for, how you can manage your information, and under what circumstances, if any, it is disclosed. By using the Application, you are accepting the practices described in this Privacy Policy.
This Privacy Policy does not apply to information that you may share with us offline or with third-parties, including websites or applications that may be linked to the Application.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, do not download, register with, or use the Application. By downloading, registering with, or using the Application you agree to this Privacy Policy.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. You should check this page occasionally to review any changes. If we make material changes affecting you as determined by Company, we will notify you by posting the revised Privacy Policy on our websites and, if you are a registered user of our Mobile Application, by providing notice through the Company’s Mobile Application or by email. This helps you to always be aware of what information we collect, how we use it and under what circumstances, if any, it is disclosed. Your continued use of the Application and/or continued provision of Personal Information to us will be subject to the terms of the then-current Privacy Policy.
Type of Information Collected
Company collects Personal Information when you register for the Application or when you directly use the Application. Depending on how you use the Application, we collect different kinds of information about you. This information may include:
Personal Health Information (PHI)
If you are using the Application as part of your treatment from a health care provider who has entered into an agreement with us, then any information that identifies you as a patient of the health care provider or regarding your health may be “protected health information (PHI)” (as that term is defined in Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
Personally Identifiable Information (PII)
PII is any information that can individually identify you and includes your name, and contact information, such as e-mail address, telephone number, or postal address.
Non-Personally Identifiable Information
Non-personally identifiable information includes information that does not personally identify you, but it may be linkable to you. If non-personally identifiable information is directly linked to personally identifiable information, it will be considered PII while it is linked. Aggregate and de-identified information is not considered PII.
Personal Data
Among the types of Personal Data that the Application may collect from you, by itself or through third parties, these are: Geolocation, Cookies, Usage Data, first name, last name, email address, phone number and images. Personal Data may be freely provided by the user of the Application, or, in case of Usage Data, collected automatically. Failure to provide the requested Personal Data may make it impossible for Company to provide its Application to you.
Whenever you visit our websites or applications, Company receives and records information on our server logs from your browser, including your IP address, Company’s Cookie information and the pages you request, and relates it to the Personal Information you provide. Any use of Cookies – or of other tracking tools – serves the purpose of providing, customizing or improving the Application.
Users are responsible for any third-party Personal Data obtained, published or shared through the Application and confirm that they have the third party’s consent to provide the Data to Company.
Collection and Combination of Information from Other Sources
We also may collect information about you that we may receive from other sources or from our offline interactions with you to, among other things, enable us to verify or update information contained in our records and to better customize the Application for you. We may combine information gathered from multiple parts of the Application into a single record.
How we collect and use your information
Company collects and uses Personal Information from you for the following purposes:
1. Registration – When you register for the Application, we collect your Personal Information as part of the registration process, including but not limited to your name, phone number, and email address. SMS messages and email may be used during the registration process to send a one-time code and link to access the Application.
2. Notifications – Registered users may receive push notifications or desktop notifications according to user settings.
3. Self-Reported Health Information – We collect the information that you enter while using the Application, such as information regarding your health and/or medical condition and related behaviors.
4. Provider Reported Health-Related Information – We collect information about you that is submitted with your permission by your authorized healthcare provider.
5. Automatically Tracked Information – We collect data such as cookies, geographic location and data about surroundings and geographic position data in order to provide specific features. Most browsers and operating systems will allow you to opt out of the Application’s collection of geolocation information.
6. Customer support – We may use your contact information to send you information about our Application or information relating to your health, to respond to technical support inquiries, or to help prevent spam, fraud or abuse. When you enter Personal Information into an inquiry or contact form in any portion of the Application, Company uses the information provided to reply to requests for information or other requests as indicated by the form.
7. Managing contacts and sending messages – We may collect your email address, phone number and other contact information to communicate with you for purposes of registration or customer support, and to track usage of certain features in the Application, such as clicking on links included in a message.
8. System logs and maintenance – For operation and maintenance purposes, we may collect files that record your interactions with the Application (system logs) or other Personal Data (such as IP address).
9. Surveys and user research– From time to time, we may send you survey questions or contact you with questions related to your experience to help us improve our Application. We collect any responses you provide. Participation in such surveys or user research is voluntary and does not impact your access to the Application.
10. Analytics – Company may collect and use your device’s unique identifier for analytics purposes or to store your user preferences. Company may use third party Applications to monitor and analyze user behavior.
11. Research – Information collected by Company in conjunction with your use of the Application may also be used by Company for research purposes. In such event, use of your information will be subject to the terms of any applicable informed consent and/or other authorizations from you. Agreement to this privacy policy is not an implied agreement to participate in future research.
How we share and disclose your information
Personal Information
With regard to personal information, Company appreciates its sensitivity and the need to limit its disclosure. Accordingly, we limit our sharing of your personal Information with third party as follows:
● As required by law, such as to comply with a subpoena, search warrant, court order, judicial proceeding or similar legal process;
● When Company obtains your or your provider’s express consent;
● When Company believes in good faith that disclosure is necessary to protect the Application and the information on it, protect your safety or the safety of others, protect our rights and the rights of third parties, investigate fraud, or respond to a governmental agency or court order;
● When Company provides such information to trusted Application providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this Policy and Applicable law.
Third Party
We do not share your personal information with third parties for those third parties’ direct marketing purposes. We are not responsible for the privacy policies and practices of such third parties and, therefore, you should review the privacy policies and practices of such third parties prior to agreeing to receive such information from them.
Links to other websites.
The Application may contain links to websites that are not owned or operated by Company. Please be aware that we are not responsible for the privacy practices of these websites. If you visit these websites or provide any information directly to parties other than Company, different policies may apply to the collection and use of your information. We encourage you to investigate and ask questions before accessing third-party websites or disclosing information to third parties.
Insurance companies:
We will only share your information with insurance companies as necessary to provide you with the products or services you have requested through the Service.
Third-party advertisers.
The Application may include links to third-party businesses. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.
Merger/Acquisition
If Company is involved in a merger, acquisition, or sale of all or a portion of its assets. You will be notified via email and/or a prominent notice on our Application of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information to any other third party with your prior consent to do so
Consent and Authorization
Company may request your consent or authorization in connection with its own use of or its sharing of your information with others, either because this Policy or applicable laws and regulations require us to obtain such consent or we deem such consent to be appropriate. No request by Company to obtain your consent in any way narrows the scope or applicability of this Policy.
Because the Application allows users to share information, you should take care in selecting the persons with whom you share your personal and health information. Although the Application processes and facilitates such transmissions, Company takes no responsibility or assumes any liability for the actions of other users or persons with whom you share such information.
If you have agreed to receive marketing announcements from Company, we will allow you to opt out of receiving those announcements. To opt out of such commercial emails or texts, please click the link labeled “unsubscribe” at the bottom of any email or text we send you. If you have any questions about your choices or if you need any assistance with opting out, please contact us by sending an email to privacy@whiterabbit.ai. You can also write us at the address in the How to Contact Information section below.
Confidentiality of Health Care Information
When will only use or disclose PHI on behalf of a healthcare provider who has entered into an agreement with us, we do so as the provider’s “business associate,” as that term is defined in HIPAA. Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”) extended the privacy and security provisions of HIPAA to the business associates of covered entities. As a business associate, we are prohibited from using PHI to the same extent that the healthcare provider itself is prohibited from using it.
We are required to take appropriate measures to safeguard the confidentiality, integrity and availability of PHI which it collects, stores and processes on behalf of such providers.
This privacy policy and the security practices described in it are intended to comply with HIPAA and HITECH. As such we maintain PHI in compliance with these rules and our contractual obligations with the healthcare providers that are “Covered Entities” under the federal healthcare privacy and security rules in HIPAA and HITECH.
California Privacy Right
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. California's "Shine the Light" law (Civil Code Section § 1798.83 permits users of the Application that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@whiterabbit.ai.
Children’s Online Privacy Protection Act (COPPA)
With regard to COPPA (Children’s Online Privacy Protection Act), we do not seek to collect any information from anyone under 13 years of age. Our website, products and Applications are all directed to people who are at least 13 years old or older.
Company does not knowingly collect personal information from children. If Company learns that it has obtained personal information from a child, Company will delete that information as soon as practicable. If you discover that your child has provided us with personal information without your consent, please contact Company immediately.
While observing any applicable provisions of COPPA, the Application does not prevent persons above the age of 18 years—such as healthcare providers, parents and guardians—to provide, share and store personal information about others, including minors and children. Any user providing, storing or submitting information on behalf of a child assumes full responsibility for the submission, use and transmission of such information.
Security and safety of the application
Company employs technical measures to help safeguard the confidentiality, integrity and availability of personally information that you might store and share through the Application. Applicable law requires us to investigate potential or suspected threats to the Application and to the confidentiality, integrity or availability of the information which Company stores. Company may use, retain and disclose information—including your personal and non-personal information—when it has a good-faith belief that it is necessary or advisable in order to:
● detect, prevent and address potential or suspected threats to the Application or the confidentiality, integrity or availability of any information we store on our Application;
● to detect, prevent and otherwise deal with illegal activity;
● to detect, prevent and otherwise deal with violations of Company’s End User License Agreement by which all users are bound by consenting and agreeing to this Policy, by using the Application, and by entering into such other binding agreements as Company may require; and
● to otherwise protect Company, you and third parties.
As stated above, Company may also use, preserve and disclose such information as required by law, e.g., to comply with a subpoena or similar legal process. The governmental entity initiating such legal process may prohibit Company from notifying the users or other individuals or entities identified in the requested information or take other actions that would otherwise be a violation of this Policy. Company may for these reasons preserve information from both active and disabled accounts for extended periods of time as necessary to comply with applicable law or as it deems appropriate under the circumstances.
Company utilizes and periodically evaluates the effectiveness of a number of technical, physical and administrative measures to prevent unauthorized access to the Application, maintain data accuracy and ensure the appropriate use of your personal and non-personal information. These measures include encryption, firewalls, system alerts, and the use of industry-standard encryption technology. We also house such information in secure facilities that restrict physical and network access. Company applies what it regards as reasonable and accepted measures widely used in the IT industry to protect the confidentiality, integrity and availability of individually identifiable health information residing on and processed by the Application. No security system, however, can be expected to prevent all potential security breaches no matter what technology is used.
Company may notify you and inform you of potential countermeasures if Company learns of a security vulnerability or risk. Company strongly encourages you to be conscientious in using well known and readily available technology to improve the security of your own system and devices.
Access limited to U.S. users
Access to the Application is administered in the United States and is intended solely for users within the United States, unless Company in advance and in writing authorizes specific users in specified locations outside of the United States who have executed such binding legal agreements and other documentation as Company may require. You should be aware that access by foreign nationals to systems located in the United States constitutes the exportation of technology under applicable U.S. law and may require compliance with U.S. export controls.
Under no circumstances are you to use the Application in any jurisdiction where accessing or using the Application would violate U.S. law or any other law. Any information that you submit to us while outside of the United States will be transferred to Application that reside in the United States unless Company notifies you that it intends to transfer such information to specific Company systems that reside in one or more location(s) outside of the United States pursuant to such binding legal agreements and other documentation as Company may require from you and third parties. You consent to any such transfer of non-personal and personal information when you use the Company’s Application and provide us with such information.
Please be assured that Company will always employ appropriate measures to protect the privacy and security of your personal information, regardless of where it is processed or stored.
Correcting, updating and deactivating information
Company complies with all laws regarding access to and correction of your information. Company provides you with access to the information you submit and the means to correct and update it. If you have an online account with us, you can log into your account at any time to access and update your information. If you need assistance updating your personal information, please contact us via email addressed to privacy@whiterabbit.ai. If you desire to deactivate your account, please contact us, whereupon Company will deactivate your account and archive your personal information and records. Company may retain archived information for a period of five years or longer as necessary to comply with legal obligations, resolve disputes and enforce our agreements and other authorized uses under this Policy.
Data integrity and correction
Requests to view and correct personal information from the Application may be submitted using the contact information in the "Questions, complaints, and contacts" section below.
If your personal information changes, or to update or request deletion of information collected on our Application, or if you believe a third party has provided us with your personal information and you would like to request that it be edited or removed from our database, please use the contact information in the “Questions, complaints, and contacts” section below. We will respond to all access requests within 30 days.
Contact Information
To ask questions or comment about this privacy policy and our privacy practices, contact us at:
privacy@whiterabbit.ai or by mail by writing to us at:
3930 Freedom Circle, STE 101
Santa Clara, CA 95054
This Privacy Policy was last updated on 11/7/19
