Aayu Well Platform Privacy Policy
Effective Date: 10/15/2024
Aayu Well Patient Privacy Policy and Condition of Use
Aayu Well Inc, (“Aayu Well”) builds software and tools for patients, healthcare professionals, and other users that simplify the healthcare experience.
This Privacy Policy (our “Privacy Policy”) describes the types of information we may collect from you or that you may provide, as well our practices for collecting, using, maintaining, protecting, and disclosing that information. This policy applies when you access the web App at www.Aayu Well.io/login or the “Aayu Well” native Apps from the Apple App Store or Google Play store (collective, the “Platform”).
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Platform. By accessing or using our Platform, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of our Platform after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.
Patients and other users can choose to use the Platform without accessing a healthcare provider and associated medical services.
Terms of Use
Your use of the Platform is governed by Aayu Well Platform Terms of Use available on our Platform {api.aayuwell.com/terms.
Healthcare Client Organizations
Aayu Well’s healthcare client organizations can also configure the Platform to provide healthcare services directly to patients. Under the Health Insurance Portability and Accountability Act (HIPAA), Aayu Well is defined as a “business associate,” which is an individual or entity that is not a member of the “covered entity’s” (i.e., the healthcare provider’s) workforce and performs certain functions involving the use or disclosure of protected health information (PHI) on behalf of the covered entity. As a business associate, Aayu Well is subject to, and committed to, all applicable HIPAA privacy and security requirements.
Aayu Well’s healthcare clients can configure and direct the Aayu Well Platform to collect additional information and provide additional Services and Content. If you are a patient, professional, or other user, of a healthcare provider organization that uses the Aayu Well platform, additional privacy policies may apply. In these cases, additional privacy policies may be posted or may require you to agree with and accept additional terms and conditions. If there is a conflict between this privacy policy and terms posted for a specific area of the Services or Content, the latter terms and conditions will take precedence with respect to privacy to that area of the Services or Content. Please carefully review any Notices of Privacy Practices or other privacy policies that your treating physicians and other health care providers on the platform make available to you.
Your healthcare provider may direct Aayu Well to communicate with you to check you into your appointment or perform other services or activities on behalf of your healthcare provider. You may consent or decline to engage with any Aayu Well communication or otherwise use Aayu Well. Aayu Well will collect, retain, and use your PHI solely as permitted by your healthcare provider and as described in this policy. Aayu Well may also use third parties to help provide and support the products and services for your healthcare provider and for other permissible purposes. These third parties will be subject to privacy and security requirements in order to safeguard confidential information. If you wish to correct any data you submitted to your healthcare provider through Aayu Well, please contact your healthcare provider directly.
Children Under the Age of 18
Minors under the age of 18 may use the Platform to access telehealth services and other medical treatment services, only with the guidance, consent and approval of a parent or legal guardian, unless applicable law provides otherwise (e.g., emergencies and other legal exceptions).
Select features on the Platform do not provide access to medical treatment; do not constitute a doctor-patient relationship or a therapist-client relationship; and, may be accessible to minors under the age of 18 without consent of a parent legal guardian.
In order to access the Platform medical services you represent and warrant that you are older than 18 years old.
Information We Collect About You and How We Collect It
Aayu Well and its healthcare clients (“we”, “us”) collect different types of information about you, including information that may directly identify you, information that is about you but individually does not personally identify you, and information that we combine with our other users. This includes information that we collect directly from you or through automated collection technologies.
We collect several types of information from and about users of our Platform, specifically information:
· by which you may be personally identified, such as name, postal address, billing address, shipping address, e-mail address, home, work, and mobile telephone numbers, driver’s license number (or other government identification number), date of birth, credit or debit card number (through a third-party payment processor solely for payment purposes), Social Security Number, your medical history, personal health information and related health information, and biometric information (including fingerprints) (“Personal Data”);
· Location Data, such as geographic, and geospatial data which can provide your real-time pinpoint location and general area where you are located (“Location Data”);
· that is about you but individually does not identify you, such as traffic data, logs, referring/exit pages, date and time of your visit to Platform, error information, clickstream data, and other communication data and the resources that you access and use on the Platform;
· about your Internet connection, the equipment you use to access our Platform and usage details;
· Personal Health Information or PHI that may form part of your care record, could also be collected in the Platform. This could include information about your current health conditions, treatments, medicines, illnesses or allergies, symptoms, vitals, names of your health or social service providers or other patient reported information and health goals; and,
· Device Data information from your medical devices or fitness trackers. Your device collects data to estimate a variety of metrics like the number of steps you take, your distance traveled, calories burned, weight, heart rate, sleep stages, active minutes, and location. The data collected varies depending on which device you use.
We collect this information:
· directly from you when you provide it to us;
· automatically as you navigate or used the Platform. Information collected automatically may include estimate or precise Location Data, usage details, IP addresses, and information collected through cookies and other tracking technologies; and
· From third parties, for example, our business partners.
Information You Provide to Us
The information we collect on or through our Platform is:
· information that you provide by filling in forms on our Platform. This includes information provided at the time of registering to use our Platform, using our Provider consultation services, medical treatment, purchasing products, or requesting further services. We may also ask you for information when you report a problem with our Platform;
· records and copies of your correspondence (including email addresses), if you contact us; and
· details of transactions you carry out through our Platform and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Platform.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Platform, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:
· Platform Activity. Details of your visits to our Platform such as traffic data, Location Data, logs, referring/exit pages, date and time of your visit to our Platform, error information, session replay and recording data, browsing activity, clickstream data, and other communication data and the resources that you access and use on the Platform;
· Location and Appointment Data. Our Platform uses Location Data to prompt users to check in for scheduled services when they are near their service location. Prior to our use of location data, users need to consent and can opt out at any time. And
· System and Device Data. Information about your computer, mobile device, device measures, and Internet connection, specifically your IP address, operating system, browser type, and App version information.
The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Platform and to deliver a better and more personalized service by enabling us to:
· estimate our audience size and usage patterns;
· store information about your preferences, allowing us to customize our Platform according to your individual interests;
· recognize you and your location to provide you with appointment data when you return to our Platform.
The technologies we use for this automatic data collection may include:
· Cookies (or browser cookies). We and our service providers may use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Platform through your computer or mobile device. A cookie is a small file or piece of data sent from a website and stored on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Platform. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Platform.
· Google Analytics. We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of the Platform. Google Analytics uses “cookies”, which are text files placed on your computer, to help the Platform analyze how users use the site. You can find out more about how Google uses data when you visit our Platform, by visiting “How Google uses data when you use our partners' sites or apps”, (located at www.google.com/policies/privacy/partners/). We may also use Google Analytics Advertising Features or other advertising networks to provide you with interest-based advertising based on your online activity. For more information regarding Google Analytics please visit Google's website, and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html.
· Global Positioning System. Your device may be equipped with Global Positioning System (“GPS”) capabilities. Unless you have turned off this feature, either in our App or on your device, we may use this technology to gather Location Data.
· Cell ID. Many mobile carriers use Cell ID and your device’s connection with local data towers to determine your device’s precise location. Unless you have turned off this feature, either in our App or on your device, we may use this technology to gather Location Data.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any Personal Data to:
· Present our Platform to you
· Provide our products and services to you;
· Provide you with information, products, or services that you request from us or that may be of interest to you;
· Enable your health and social service providers also using the Platform to better provide you with those health or social services;
· Enable your family circle and circle of care to be better informed and engaged on your health and wellbeing to better provide you support;
· Process, fulfill, support, and administer transactions and orders for products and services ordered by you;
· Provide you with notices about your account;
· Contact you in response to a request;
· Fulfill any other purpose for which you provide it;
· Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
· Notify you about changes to our Platform, or any products or services we offer or provide though them;
· In any other way we may describe when you provide the information; and
· For any other purpose with your consent.
We may also use your information to contact you about goods and services that may be of interest to you, including through newsletters. If you wish to opt-out of receiving such communications, you may do so at any time by clicking unsubscribe at the bottom of these communications or by visiting your Account Preferences page. For more information, see Choices About How We Use and Disclose Your Information.
There are several ways you can use the Platform to help accomplish your health goals:
Health Communities: We enable people to join Health Communities, where they can participate with others to share health information, their own personal health experiences and other information online using the Platform. By doing this, the platform provides support, aids self-management, and improves interactions with professionals; all with the aim of improving day-to-day health and well-being.
When a user posts, comments or replies in our Health Communities they are identified only by their chosen username. A user selects a user-name upon registration and can change it in their profile setting at any time using the Platform. If a user wishes to remain anonymous for postings in Health Communities, we suggest that they choose a username that does not identify them.
Secure Messaging: The purpose of the Secure Messaging is to message with other users about a patient’s health and well-being. Users accessing the Secure Messaging can be the patient, but could include the patient’s caregivers, family members or the patient’s associated health and social service professionals. All the information used in the Secure Messaging is restricted and can only be seen and accessed by the patient’s authorized health and social service providers or those caregivers or family members invited to participate in a patient’s “Circle of Care”.
The Secure Messaging can also send patients or their caregivers surveys to collect information. These surveys are typically used to track symptoms, vital signs, wellbeing questions or patient satisfaction or quality of service information. The messaging and surveys can collect Personal Identifier Information “PII” and Personal Health information “PHI” or both.
The patient, or their caregiver, (if the patient has provided consent to allow the caregiver access), controls who has access to the patient’s Circle of Care. This access can be changed/removed by the Patient or Caregiver at any time by using the Aayu Well Platform. When using the Secure Messaging you understand that you are allowing your Circle of Care to view your PII and PHI as it is included in the messaging or surveys you are part of. If you are not comfortable sharing your PII or PHI with your “Circle of Care” do not use Secure Messaging or restrict your messaging or responses to only information you wish to share.
Health and Fitness Trackers: We enable users to connect compatible health and fitness trackers to the platform to help user manage their own health and wellness tracking data within the Aayu Well Platform. We also process data related to your body's activity. Depending on the Products used, it may include your weight, muscle, fat, water percentage, heart rate, blood pressure, electrocardiogram, heart sound, temperature, sleep cycles, and others. We use your device information to make inferences and show you more relevant content. Here are some examples:
· Information like your height, weight, gender, and age allows us to improve the accuracy of your daily exercise and activity statistics like the number of calories you burned and the distance you traveled.
· We may personalize exercise and activity goals for you based on the goals you previously set and your historical exercise or activity data.
Information from Health devices and fitness trackers is stored on the platforms healthboard and can only be seen and accessed by the user and the user’s authorized health and wellness providers or those caregivers or family members invited to participate in a patient’s “Circle of Care”. This information is not and will not be actively monitored by a professional provider unless you are signed-up for a remote patient monitoring program with your Provider, or health-coaching services with your health coach, under the Platform.
Disclosure of Your Information
We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose Personal Data that we collect or you provide as described in this privacy policy:
· When we have your permission to enable your health and social service providers also using the Platform to better provide you with those health or social services.
· When we have your permission to enable your family circle and circle of care to be better informed and engaged on your health and wellbeing to better provide you support.
· When we have your permission, including when you choose to share information by posting to our Health Communities, messaging in chats or using the Secure Messaging to message with your Circle of Care.
· With trusted partners who work on behalf of or with us to provide certain services. We share encrypted information with our data storage provider, Amazon Web Services. They may use your personal information to perform services and to help Aayu Well communicate with you. For any other provider, Aayu Well will maintain contracts with any company restricting their access, use and disclosure of personal information in compliance with this Privacy Policy and any legal obligations.
· With affiliates, contractors, service providers, and other third parties we use to support our business. The services provided by these organizations include providing IT and infrastructure support services, and ordering, marketing, and payment processing services.
· With a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Aayu Well about our Platform users are among the assets transferred.
· To fulfill the purpose for which you provide it.
· For any other purpose disclosed by us when you provide the information.
· With your consent.
We may also disclose your Personal Data:
· to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
· to affiliates and third parties to market their products or services to you if you have not opted out of these disclosures. For more information, see Choices About How We Use and Disclose Your Information;
· to enforce or apply our Terms of Use and other agreements, including for billing and collection purposes; and
· if we believe disclosure it necessary or appropriate to protect the rights, property, or safety of Aayu Well, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
WE OFFER YOU CHOICES ON HOW YOU CAN OPT OUT OF OUR USE OF TRACKING TECHNOLOGY, DISCLOSURE OF YOUR PERSONAL DATA FOR OUR ADVERTISING TO YOU, AND OTHER TARGETED ADVERTISING.
We do not control the collection and use of your information collected by third parties described above in Disclosure of Your Information. These third parties may aggregate the information they collect with information from their other customers for their own purposes.
In addition, we strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:
· Opt-Out. Our Platform enables you to "opt-out". You may contact us at support@Aayu Well.io, at any time to let us know that you no longer wish to participate in any Platform service, or receive further emails or for transactions. If you opt-out, we may still send you transactional emails. Transactional emails include emails about your account and our business dealings with you, such as renewals and updates, and, as allowed by applicable law.
· Cookies. When you use our web Platform, you can usually choose to set your browser to remove cookies and to reject cookies from our servers, if we collect information from you. If you choose to remove or reject cookies, this could affect certain features or services of our Platform. For information about how to remove or manage cookies please read our Cookie Policy.
· Access to and Correction of Your Information. You may have the right, depending on which country you reside in, to ask us to provide a copy of the personal information we hold about you (provided that we may ask you for a few forms of proof of your identity). You may also have the right to ask us to correct any inaccuracies in your personal information or to ask us to delete it. We will always consider and act upon these requests regardless of where you live.
· Tracking Technologies and Advertising. You can set your browser to refuse all or some cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our Platform may then be inaccessible or not function properly
· Promotional email Offers. If you do not wish to have your email address used by us[MB1] to promote our own products and services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from us or logging onto your Account Preferences page. This opt out does not apply to information provided by us as a result of a product purchase, or your use of our services.
· Disclosure of Your Information to Affiliates and Third Parties. By using our Platform, you consent to our sharing of your Personal Data with our affiliates and third parties for their promotional purposes. If you wish to unsubscribe from such affiliate and third parties’ promotions, you can do so by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from them.
· Targeted Advertising. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.
Your Rights Regarding Your Information and Accessing and Correcting Your Information
You may review and change your personal information by logging into the Platform and visiting your Account Preferences page.
You can review and change your Personal Data by logging into our Platform and visiting either the Settings or Account Preferences sections of our Platform. You may also notify us through support@Aayu Well.io below of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible or to close your account. In certain circumstances we may retain your personal information after you have closed your account or are no longer actively engaged with the Platform. For example:
· We may retain your personal information in order to protect our legal rights, or those of third parties, or to comply with the law; or
· We may retain personal information about how you have used our products and services in order to improve and develop our business; or
· Some of your Personal Information may become part of your health or medical record and will need to be retained by Aayu Well to support legal requirements of your health or social service providers that are also using the Platform; or
· If you purchase products or services from us, we may retain your personal information for as long as we need to in order to provide you with customer service, or for compliance purposes, for example, in order to comply with our local record keeping requirements.
Do Not Track Signals
We currently do not use automated data collection technologies to track you across websites. We currently do not honor do-not-track signals that may be sent by some browsers.
Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals, but we currently do not use automated data collection technologies to collect information about your online activities over time and across third party websites or other online services (behavioral advertising).
Storage and Security of Your Personal Information
We have comprehensive, reasonable and appropriate physical, electronic, and managerial procedures in place to help safeguard your personal information. However, you should know that no company, including Aayu Well Inc., can fully eliminate all security risks associated with personal information.
To help protect yourself, use a strong password, do not use the same passwords to access the Platform accounts that you use with other accounts or services, and protect your user-names and passwords to help prevent others from accessing your accounts and services.
We offer you the ability to post information. Because your posts and information shared through the Platform are or may become public and seen by others, we caution all users to consider what they post and not to disclose any non-essential personal information as part of the Secure Messaging or other interactive experiences with third parties in the Platform. We will not be responsible in the event that you disclose personal information in your posts, through our services or during any other communication with other Platform users.
The Platform uses the Amazon Web Services (AWS) cloud service computing environment to process, store and transmit the protected health information (PHI) of our customers. AWS services and data centers have multiple layers of operational and physical security to ensure the integrity and safety of data. The Platform stores all data in AWS zones in the USA.
All data is encrypted in transit and at rest. Our application data and PHI are kept within the Amazon Relational Database Service (RDS) environment. On a database instance running with Amazon RDS encryption, data stored “at rest” in the underlying storage is encrypted, as are automated backups, read replicas and snapshots. Data “in transit” is protected by SSL/TSL, an industry standard cryptographic protocols that provide communications security between web browsers and servers.
Our application access is protected by authentication and authorization rules, in order to provide appropriate access control. Password policies, temporary account lock out due to failed attempts, and auto-logout are enforced in the application. Passwords are further encrypted in the database to prevent snooping. The terms of use for the application are explained and participants’ consent is required for the use of the application. PHI is never sent via email or SMS messages, and no PHI is stored on client computers or mobile devices as it is stored in the AWS cloud.
California Privacy Rights
California Civil Code Section 1798.83 (California’s “Shine the Light” law) permits users of our Platform that are California residents and who provide Personal Data in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of Personal Data to third parties for their own direct marketing purposes. If applicable, this information would include the categories of Personal Data and the names and addresses of those businesses with which we shared your Personal Data with for the immediately prior calendar year (e.g. requests made in 2012 will receive information regarding such activities in 2019). You may request this information once per calendar year. To make such a request, please contact us using the Contact Information below
Updates
From time to time, we may update this Privacy Policy. In the event there are material changes to our information practices, we will note those changes on Aayu Well Inc.’s Privacy Policy
How to contact us.
support@aayuwell.com
Attn: Chief Privacy and Compliance Officer
Aayu Well Inc.
230 E Ohio St Suite 410-2291 Chicago, IL 60611
USA
[MB1]Made generic to apply to healthfully and client healthcare organization