Hippocratic AI, Inc. (“Hippocratic AI”, “we”, “us”, or “our”) has prepared this Privacy Policy to explain (1) what personal information we collect, (2) how we use and share that information, and (3) your choices concerning our privacy and information practices.

Applicability of this Privacy Policy

Hippocratic AI provides AI-powered educational chat tool to simulate patients, generate examination results, generate investigation results, and provide feedback on users’ history-taking, communication skills, and clinical reasoning. This Privacy Policy applies to the personal information that we collect from users who have registered an account for us or otherwise interact with our website at https://www.hippocratic.ai/

However, we provide our services for simulation purposes only. We do not permit our users to submit any identifying patient information, including any “protected health information” as such term is defined under the Health Insurance Portability and Accountability Act (collectively, “Health Data”). If you have inadvertently submitted any Health Data through our services, please contact us and we will use commercially reasonable means to delete it.

Personal information we collect

Information you provide to us:

• Contact information, such as your name, email, school affiliation, and other similar information when you create an account with us.
• Payment and transaction information needed to purchase a subscription from us, including name, payment card information, billing information. Your payment information is processed by our payment processor, and we do not have direct access to any credit card information.
• Feedback or correspondence, such as information you provide when you contact us with questions, feedback, product reviews, or otherwise correspond with us online.
• Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications.
• Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Information we obtain from third parties:

• Social media information. We may maintain pages on social media platforms, such as Facebook, LinkedIn, Instagram, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.
• Other Sources. We may obtain your personal information from other third parties, such as marketing partners, data providers, and publicly-available sources.

Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our services, our communications and other online services, such as:

• Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.
• Online activity data, such as the pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

We use the following tools for automatic data collection:

• Cookies, which are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

How we use your personal information

To operate our services:

• Provide, operate, maintain, secure and improve our services.
• Fulfill payments and transactions.
• Provide information about our services.
• Communicate with you about our services, including by sending you announcements, updates, security alerts, and support and administrative messages.
• Understand your needs and interests, and personalize your experience with our services and our communications.
• Respond to your requests, questions and feedback.

For marketing and advertising. We may collect and use your personal information for marketing and advertising purposes. We may from time-to-time send you direct marketing emails as permitted by law, including, but not limited to, notifying you of special promotions, offers and events.

To comply with law. As we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. To: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern our services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

For research and development. We may create and use de-identified information for our business purposes, including to analyze the effectiveness of our services, to improve and add features to our services, and to analyze the general behavior and characteristics of users of our services. We may use this anonymous, aggregated, or de-identified data and share it with third parties for our lawful business purposes.

Cross-border processing of your personal information

Hippocratic AI is headquartered in the United States. To provide and operate our services, it is necessary for us to process your personal information in the United States. If we transfer personal information across borders such that we are required to apply appropriate safeguards to personal information under applicable data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.

How we share your personal information

Service providers. We may share your personal information among our affiliates or with third-party companies that provide services on our behalf or help us operate our services (such as customer support, hosting, analytics, email delivery, marketing, billing).

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

Your choices

In this section, we describe the rights and choices available to all users.

Opt out of marketing communications. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions within the marketing communication we send you.

Cookies. Most browser settings let you delete and reject cookies placed by websites. Many browsers accept cookies by default until you change your settings. If you do not accept cookies, you may not be able to use all functionality of the website and it may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.

Online tracking opt-out. There are a number of ways to opt out of having your online activity and device data collected through our website, which we have summarized below:

• Blocking cookies in your browser. Most browsers let you remove or reject cookies, including cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
  Use the following links to learn more about how to control cookies and online tracking through your browser:
• Firefox; Chrome; Microsoft Edge; Safari
• Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
• Google Analytics. We use Google Analytics to help us better understand how people engage with our services by collecting information and creating reports about how users use our services. For more information on Google Analytics, click here. For more information about Google’s privacy practices, click here. You can opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
• Using privacy plug-ins or browsers. You can block our services from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
• Platform opt-outs. Some third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, allow you to opt-out directly by using their opt-out tools. Some of these providers, and links to their opt-out tools, are:
• Google
• Facebook
• Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
• Digital Advertising Alliance
• Network Advertising Initiative

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Other sites, mobile applications and services

Our services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third-party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Retention

We retain your personal information for as long as appropriate to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for your personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Security practices

We use organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information.

Children

Our services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through our services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy.

How to contact us

Please direct any questions or comments about this Privacy Policy or privacy practices to support@hippocratic.ai.