Privacy Policy

1.Introduction

N1 Healthcare is committed to protecting the privacy and confidentiality of both our clinical users and the patient information they manage through our platform. This Privacy Policy outlines how we collect, use, disclose, and safeguard personal information through the N1 Healthcare website, software platform, and related services (collectively, the "Service").

This Policy applies only to information collected through the Service by or on behalf of N1 Healthcare. It does not apply to any third-party websites or services that may be linked from our platform.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with the terms herein, you should not use the platform.

2.Information We Collect

2.1 Information You Provide to Us
When you register for an account, use our platform, or communicate with us, you may provide the following types of personal and professional information:
- Full name, email address, phone number
- Professional licensure information and verification documents
- Organization or clinic affiliation
- Uploaded files such as lab reports, imaging, genetic tests, and clinical notes
- Manual inputs of patient data, summaries, and annotations

2.2 Patient Information (User-Provided)
You may upload or enter identifiable health information about your patients into the platform, including:
- Medical history, test results, diagnoses, and treatments
- Lifestyle factors, symptoms, medications, and procedures
- Genetic data or family medical history

You are solely responsible for ensuring that you have obtained proper consent from each patient before uploading their data. N1 Healthcare acts as a data processor or service provider on your behalf.

2.3 Automatically Collected Information
When you use the platform, we may automatically collect certain technical data to maintain and improve system performance:
- IP address and device type
- Browser type and access timestamps
- Usage patterns and feature interactions

2.4 Cookies and Similar Technologies
We use cookies and local storage to:
- Authenticate user sessions
- Store user preferences
- Analyze platform usage trends

You may adjust your browser settings to decline cookies, but doing so may impair the functionality of the Service.

3.How We Use Information

3.1 To Provide the Service
We use personal and patient data to:
- Authenticate users and manage accounts
- Process uploaded medical records and generate draft outputs
- Enable physicians to edit and finalize health reports
- Facilitate patient record management across clinical users

3.2 To Improve Platform Performance
We analyze aggregated usage trends and technical telemetry to:
- Enhance platform speed, stability, and user experience
- Identify bugs, performance issues, and integration problems
- Develop new features and tools based on user demand

3.3 Communications
We may use your contact information to:
- Send important administrative messages (e.g., service updates, system outages)
- Respond to support requests or inquiries
- Notify you about changes to policies or terms of use

3.4 Legal and Regulatory Compliance
We may use and retain data where required to:
- Comply with applicable laws, court orders, or regulatory requests
- Cooperate with law enforcement or data protection authorities
- Enforce our Terms of Service and investigate potential violations

3.5 De-Identified and Aggregated Data
We may create and use de-identified or aggregated datasets for research, analytics, product improvement, or internal benchmarking. Such datasets do not contain personal or identifiable patient information.

4.How We Share Information

4.1 With Your Consent
We do not share personal or patient data with third parties except where you explicitly authorize it. For example, if you direct us to share a finalized report with a patient or refer data to another healthcare provider, we will facilitate this as instructed.

4.2 Service Providers and Subprocessors
We may share limited personal data with third-party vendors that support our operations (e.g., cloud hosting, analytics, verification services). These subprocessors are contractually bound to handle data securely and only as instructed by N1 Healthcare.

Examples include:
- Cloud infrastructure providers (e.g., AWS, Azure)
- Document parsing and OCR tools
- Email and notification systems
- Identity verification services

4.3 Legal Requirements
We may disclose information if required by law, regulation, subpoena, or court order, or if we reasonably believe such disclosure is necessary to:
- Comply with legal obligations
- Protect the rights, property, or safety of N1 Healthcare, its users, or the public
- Investigate suspected fraud, abuse, or misuse of the platform

4.4 Business Transfers
In the event of a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice if such a transfer affects your data privacy rights.

5.Data Security and Retention

5.1 Security Measures
We implement a variety of technical and organizational measures to protect the security and confidentiality of your data, including:
- Encryption of data in transit and at rest (e.g., TLS, AES-256)
- Role-based access controls and authentication mechanisms
- Internal data access restrictions based on principle of least privilege
- Continuous security monitoring and periodic vulnerability assessments
- Secure coding and infrastructure design best practices

5.2 Your Responsibilities
You are responsible for keeping your account credentials confidential and for ensuring that all collaborators under your account adhere to appropriate privacy and security practices.

5.3 Data Retention Policy
We retain uploaded medical records, clinician inputs, and platform activity logs as long as needed to:
- Deliver services to active users
- Comply with legal and regulatory obligations
- Resolve disputes and enforce agreements

You may delete patient records at any time via your account dashboard, and we will permanently remove them from our active systems within a commercially reasonable timeframe unless prohibited by law.

5.4 Account Termination
If you terminate your account, we will delete all associated data except where retention is required for legal or compliance reasons.

5.5 Data Breach Notification
In the event of a security incident involving unauthorized access to patient data, we will notify you promptly in accordance with applicable laws and your jurisdiction’s breach reporting requirements.

6.Your Rights and Choices

6.1 Access and Review
You have the right to access and review the personal information associated with your user account at any time. This includes account details, uploaded documents, and patient records stored within the platform under your control.

6.2 Correction and Updates
You may correct or update your profile and any editable data fields directly within your dashboard. For assistance with updating account verification details or correcting platform-generated summaries, please contact support.

6.3 Data Deletion
You may delete individual patient records or request full deletion of your account. We will honor such requests within a commercially reasonable timeframe unless data retention is required for legal, regulatory, or compliance reasons.

6.4 Data Portability
Upon request, we will provide you with a machine-readable export of your uploaded data or platform-generated content under your account.

6.5 Right to Withdraw Consent
Where your use of the platform is based on consent, you may withdraw that consent at any time. This will not affect the lawfulness of any processing conducted prior to withdrawal.

7.International Users and Data Transfers

7.1 Global Access
N1 Healthcare is accessible to licensed clinicians across multiple jurisdictions. If you access the platform from outside the country in which N1 Healthcare’s servers are located, your information may be transferred to, stored, and processed in a country that may not offer the same level of data protection as your jurisdiction.

7.2 Legal Basis for Transfers
When required by law, we rely on legal mechanisms for data transfers, such as:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions issued by applicable regulatory bodies
- Your explicit consent for the cross-border processing of specific data

7.3 Your Responsibilities
If you are a healthcare professional operating in a country with its own data sovereignty or localization laws, you are responsible for ensuring that your use of the platform complies with those regulations. This may include obtaining necessary patient consent or verifying acceptable data transfer standards.

8.Changes to This Privacy Policy

8.1 Policy Updates
We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, operational, or technological requirements. When we do, we will revise the "Last Updated" date at the top of the Policy.

8.2 Notification of Changes
For material changes that affect your rights or how your data is processed, we will notify you via email or prominently within the platform. You are encouraged to review this page periodically for any updates.

8.3 Continued Use Constitutes Acceptance
Your continued use of the platform following the posting of an updated Privacy Policy constitutes your acceptance of those changes. If you do not agree to the revised terms, you should discontinue use of the platform and may request account deletion.