Upheal Inc., a Delaware corporation, https://upheal.io, (‘Upheal’) informs you that your personal data will be processed in the ways specified below. This Privacy Policy applies to the collection and processing of personal information of users receiving services from healing professionals or group practices. For how Upheal processes personal information of users who are healing professionals, group practices and/or organizations please see our Healing Professional Privacy Policy.
We care about your privacy and have appointed a DPO (Data Protection Officer) that you can contact at: upheal-dpo@chino.io.
In short: Upheal processes your personal and potentially sensitive data when you use the app.
We will use your:
In short: We would like to use your data to continue to improve our app. It is not mandatory and you can change your mind at any time.
We will use your data for:
Upheal is an app which creates notes based on what’s discussed during healing sessions. Using AI, the app transcribes the conversation and provides summaries and insights. With your consent we will use the data indicated above to train the AI and improve our app so that it can offer better features and results. The data we are going to use for this purpose will always be de-identified following the de-identification standard of the HIPAA Privacy Rule. There is no reasonable basis to believe that de-identified data can be used to directly identify you. You can learn more about this process here.
Upheal keeps all re-identification codes in a separate repository and may only use them for the purpose of deleting the de-identified data on your request. We adopt appropriate safeguards to protect de-identified data in accordance with applicable data protection standards and regulations (e.g. HIPAA, GDPR, CCPA, etc.). For more about the Upheal app visit https://www.upheal.io.
To receive more information about our processing activities contact us at support@upheal.io and we will be more than happy to share more information with you.
In short: we share your personal data to approved service providers following our specific instructions. In some cases we may also be required to disclose your personal data to specific legal authorities.
Your data will be communicated to our hosting providers, suppliers of IT services and application software, who are our data processors. The information shared is for operational purposes unless an exception applies.
Disclosure for Law Enforcement: Upheal will disclose user personal data outside the scope of these provisions only as required to do so by law or compelled by court, government or administrative agency of competent jurisdiction. Personal data from users may be subject to federal and local laws that require Upheal to disclose this data in certain circumstances.
CCPA Disclosure: we do not sell your personal information, including personal information of California consumers.
If you use our services from the EU, Switzerland or the UK, we inform you that your data is transferred to our suppliers outside the European Economic Area and the UK, in particular in the U.S.
In this case, we inform you that the data transfer will take place only in the presence of adequate safeguards provided for by the applicable law. In particular, for transfers from the EU and the UK, where an Adequacy Decision is not applicable, we rely on the Standard Contractual Clauses provided by the European Commission (art. 46 GDPR). For further information about the data transfer you can contact us at the email address indicated below.
Our product has robust technical and organizational security measures in place to protect your data and ensure its confidentiality, integrity, and availability. For more information about our security measures, please refer to our Privacy and Compliance FAQs.
Some States’ privacy laws provide certain rights for data subjects. Consistent with the applicable data protection law you may:
If you wish to exercise one of these rights, you can write to support@upheal.io
To know more about how we comply with HIPAA, click here.