Privacy Policy

Upheal Inc., a Delaware corporation, https://upheal.io,  (‘Upheal’, “us”) informs you that your personal data will be processed in the ways specified below. This Privacy Policy applies to the collection and processing of personal information when using Upheal (the ‘Platform’) under a healing professional, group practice and/or organization profile. For how Upheal processes personal information of users receiving services from healing professionals or group practices, please see our Client Privacy Policy.

We have appointed a Data Protection Officer (DPO) that you can contact at: Assenteo Ltd
71-75 Shelton Street, Covent Garden,
London, United Kingdom,
WC2H 9JQ‍
legal@upheal.io

What personal data do we process?

We will use your: 

We also collect your usage data on the Platform including your session date and time, log data, clicks, error logging and feature usage including but not limited to your note customization, generation inputs or preferences. However this is aggregated data and does not personally identify you.

Why do we use your data?

Personal data is used on our website for the following purposes:

Who can we communicate your data to?

Your data will be communicated to:

• the hosting providers, suppliers of IT services and application software, who are our data processors; 
• providers for our integrations, including Nylas Inc., who facilitate our connection to Google Calendar;
• public or private bodies to whom we are obliged by the law to disclose the data. 

Disclosure of your data to approved service providers is governed by a data protection agreement including appropriate security safeguards.

To receive more information about our providers please contact us at support@upheal.io‍

Disclosure for Law Enforcement: Upheal will disclose your personal data outside the scope of these provisions only as required to do so by law or compelled by court, government or administrative agency of competent jurisdiction. Your personal data may be subject to federal and local laws that require Upheal to disclose this data in certain circumstances.

We do not sell any collected data to third parties.

Where is your data processed?

If you use our services from the EU, Switzerland or the UK, we inform you that your data is transferred to our suppliers outside the European Economic Area and the UK, in particular in the U.S. 

In this case, we inform you that the data transfer will take place only in the presence of adequate safeguards provided for by the applicable law. In particular, for transfers from the EU and the UK, where an Adequacy Decision is not applicable, we rely on the Standard Contractual Clauses provided by the European Commission (art. 46 GDPR). For further information about the data transfer you can contact us at the email address indicated below.

How is your data secured?

Our goal is to protect your personal information by implementing both technical and organizational security measures. These measures are designed to prevent unauthorized or unlawful handling of your data, as well as any accidental or unauthorized access, use, transfer, processing, copying, transmission, alteration, loss, or damage.

How do we support you in dealing with data subject rights?

We inform you that you have the right to access and request amendment to your data.

You can obtain the erasure of your personal data under certain circumstances. You also have the right to restrict the processing of your personal data.

You can withdraw your consent at any time. 

Moreover, you can receive a copy of your personal data or ask Upheal to transmit that data to another controller, where technically feasible. 

On grounds relating to your particular situation, you can object to the processing of your personal data used for the legitimate interest of the controller.

You can lodge a complaint with the supervisory authority of your State or territory in case you think that your rights have been breached or you have concerns about our privacy practices.

If you wish to exercise one of these rights, you can contact our DPO at legal@upheal.io

HIPAA Compliance

To know more about how we comply with HIPAA, click here.

Additional information for information collected through our Google integration and Google APIs

Upheal enables you to connect your client appointments to your Google Calendar for easy scheduling. To provide this connection, we obtain, process and store a copy of the Google user data contained in your Google account including your Gmail and Google Calendar (Google User Data). Before allowing access to this data, you will be notified what access is granted and to what data types. This data is referred to as data under your Google ID. Restrictions apply to this use of this data include:

• We will use your Google User Data only to provide user-facing features of the services that are prominent in the services’ user interface.

• We will only transfer your Google User Data to unaffiliated third parties (a) if necessary to provide or improve user-facing features that are prominent in the services’ user interface, (b) as necessary to comply with applicable law or (c) as part of a merger, acquisition or sale of assets with notice to you. 
• We will not use or transfer your Google User Data for serving ads, including retargeting, personalized or interest-based advertising.
• We will not allow humans to read your Google User Data unless we have first obtained your affirmative agreement for specific messages; it is necessary for security purposes (such as investigating a bug or abuse); it is necessary to comply with applicable law; or our use is limited to internal operations and the data (including derivations) have been aggregated and de-identified.

Our use and transfer to any other application of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.