Privacy Policy

Last revised: Dec 13th, 2022

1. INTRODUCTION
This privacy policy (“Privacy Policy”) is part of Piction Health’s Terms of Service agreement, which governs the online interfaces and digital properties (e.g., websites) owned and controlled by Piction Health, Inc. (“Piction”, “we,” “our,” or “us”), including the website located at www.pictionhealth.com (the “Site”), (collectively, referred to as the “Digital Services”). 

The purpose of this Privacy Policy is to describe how Piction collects, uses, and shares information about you through its Digital Services. Piction respects your privacy and is committed to protecting it as outlined in this Privacy Policy. If you do not agree with our policies and practices, you may not use our services, including any Digital Services. By accessing or using our services, you agree to this Privacy Policy. This Privacy Policy may change from time to time. Your continued use of our services after we make changes is deemed to be acceptance of those changes. Please read this notice carefully to understand what we do. If you do not understand any aspects of our Privacy Policy, please feel free to Contact Us as described at the end of this Policy. 

Our Privacy Policy explains:
- Information That We Collect
- How We Use and Share Your Information
- Access to Your Information and Choices
- Protected Information
- Security of Your Information
- Important Notice to Non-US Residents
- External WebsitesData Retention
- California Privacy Rights
- Nevada Privacy Rights
- Changes to Our Privacy Policy
- Questions and How Contact Us

Capitalized terms not defined in this Privacy Policy shall have the meanings defined in the Terms of Use.

Scope; Third Party Sites. This Privacy Policy applies only to information we collect at and through the Site or from or through any use of our services, including any Digital Services as defined in our Terms of Service (referenced above). Our Site also contains links to third-party sites that are not owned or controlled by Piction. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Site and to read the privacy statements of each and every website that collects personal information.

2. INFORMATION THAT WE COLLECT
Information You Provide to Us
We collect information that you directly provide to us when you seek to use any of our services, including the Digital Services, request information from us, contact customer support, or otherwise communicate with us or use our Site in a commercial manner. Our services may present preliminary questions to customers, which may include:NameAddressEmail addressTelephone numberPayment information (credit or debit card number, expiration date, and security code)Date of birthUsername and passwordIf Piction connects you with a Provider, any information that you give to such Provider is subject to privacy laws applicable to such Provider, as well as your Provider’s Notice of Privacy Practices. 

Information We Collect Automatically Through Your Use of our Site
Google Analytics
We may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), or similar services such as Amplitude and others, to collect certain information relating to your use of the Site. Google Analytics uses “cookies”, which are text files placed on your computer, to help the Site analyze how users use the site. You can find out more about how Google and Amplitude use data when you visit our Site by visiting: “How Google uses data when you use our partners' sites or apps”, (located at www.google.com/policies/privacy/partners/). 

We may also use Google Analytics Advertising Features or other advertising networks to provide you with interest-based advertising based on your online activity. For more information regarding Google Analytics and Amplitude, please visit their websites, and pages that describe their analytics, such as:
- www.google.com/analytics/learn/privacy.html
- https://amplitude.com/privacy

Information Collected Through Cookies and Similar Technologies
We and our service providers use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Site through your computer or mobile device. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the Site again, the cookie allows the Site to recognize your browser. Cookies may store unique identifiers, user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some Site features or services may not function properly without cookies. We use cookies to improve the quality of our service, including for storing user preferences, tracking user trends, and providing relevant advertising to you. (See, “Advertising” below.)

No Information from Individuals Under the Age of 18
If you are under the age of 18, please do not attempt to register with us at this Site or provide any personal information about yourself to us. If we learn that we have collected personal information from someone under 18, we will promptly delete that information. If you believe we have collected personal information from someone under the age of 18, please Contact Us as described below.

3. HOW WE USE AND SHARE YOUR INFORMATION
To Provide Products, Services, and Information.
We collect information from you and use the information to:
1. provide products and services that you order using the Site;
2. provide information that you request from us;
3. contact you about our services or information you requested;
4. process credit card and debit card transactions;
5. to allow you to participate in interactive features of our services;
6. send you promotional materials or advertisements about our products and services, as well as new features and offerings;
7. enforce our Terms of Service or other legal rights and remedies;
8. administer surveys;
9. provide interest-based targeted advertising to you; and,
10. any other purposes disclosed to you at the time we collect your information or pursuant to your consent.

Sharing with Third Parties.
Healthcare Providers.
We share your personal information with various healthcare affiliates, e.g., pharmacies, doctors, and relevant medical staff in connection with your diagnosis and treatment. 

Vendors and Services Providers. We may provide information to third-party vendors and service providers that help us operate and manage our Digital Services, process orders, and fulfill and deliver products and services that you request from us. These vendors and service providers will have access to your personal information in order to provide these services, but when this occurs, we implement reasonable contractual and technical protections to limit their use of that information to helping us provide the service.

Corporate Affiliates. We may share de-identified and aggregated information with our other companies and people with whom we do business (namely, our customers or other affiliates). 

Advertising. We may use how you browse and shop in order to show you ads for Piction or our advertising partners that are more relevant to your interests. We may use cookies and other information to provide relevant interest-based advertising to you. Interest-based ads are ads presented to you based on your browsing behavior in order to provide you with ads more tailored to your interests. These interest-based ads may be presented to you while you are browsing our site or third-party sites not owned by Piction.

We belong to ad networks that may use your browsing activity across participating websites to show you interest-based advertisements on those websites. Currently, our Site does not recognize if your browser sends a “do not track” signal or similar mechanism to indicate you do not wish to be tracked or receive interest-based ads. To learn more about interest-based advertisements and opt-out rights and options, visit the following websites:

1. Digital Advertising Alliance (www.aboutads.info)
2. Network Advertising Initiative  (www.networkadvertising.org) 
Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity.

Social Media. If you use third-party services, such as Facebook, Google, or Twitter, to share information about your experience on the Site with others, these third-party services may be able to collect information about you, including information about your activity on the Site, and they may notify your connections on the third-party services about your use of the Site, in accordance with their own privacy policies.

Public Posts and Activities. If you choose to engage in public activities on the Site, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should use caution in disclosing personal information while participating in these areas. We are not responsible for the information you choose to submit in these public areas. Any user posting in these public areas understands and acknowledges that there is no expectation of privacy for the information in these public areas.

Your Consent. In addition to the sharing described elsewhere in this Policy, we will share personal information with companies, organizations, or individuals outside of Piction when we have your consent to do so. 

Legal Proceedings. We will share personal information with third-party companies, organizations, or individuals outside of Piction if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
1. Meet any applicable law, regulation, subpoena, legal process, or enforceable governmental request.
2. Enforce applicable Terms of Use, including investigation of potential violations.
3. Detect, prevent, or otherwise address fraud, security, or technical issues.
4. Protect against harm to the rights, property or safety of Piction, our users, customers, or the public as required or permitted by law.

Transfer in the Event of Sale or Change of Control. If the ownership of all or substantially all of our business changes or we otherwise transfer assets relating to our business or the Site to a third party, such as by merger, acquisition, bankruptcy proceeding or otherwise, we may transfer or sell your personal information to the new owner. In such a case, unless permitted otherwise by applicable law, your information would remain subject to the promises made in the applicable privacy policy unless you agree differently.

4. ACCESS TO YOUR INFORMATION AND CHOICES
You can access and update certain information we have relating to your online account by contacting us at [support@pictionhealth.com]. 

5. PROTECTED INFORMATION 
By setting up an account with Piction Health, you are entering into a direct customer relationship that grants you access to the Digital Services and other services provided by us. As part of that relationship, you provide information to Piction health that it may collect, use, and disclose in the course of providing services requested by you and in accordance with our Privacy Policy, and that we do not consider to be “health” or “medical” information. However, in the course of requesting services you may also provide certain medical information that may be protected under applicable laws. 
Piction Health is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments (collectively, “HIPAA”). One or more of the Providers or pharmacies may or may not be a “covered entity” or “business associate” under HIPAA, and Piction Health may in some cases be a “business associate” of a Provider or pharmacy. You should be aware that information you provide us may or may not be subject to state-specific privacy laws or HIPAA. HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA may not apply to your transactions or communications with Piction Health, the Providers, or the pharmacies. To the extent Piction Health is deemed a “business associate” of a Provider or pharmacy, however, it may be subject to certain provisions of HIPAA with respect to “protected health information”, as defined under HIPAA, that you provide to us or to a Provider. In addition, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with protected health information, “Protected Information”), will be used and disclosed only in accordance with such applicable laws. However, any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under our Privacy Policy. Protected Information does not include information that has been de-identified in accordance with HIPAA.
You should also be aware that the Providers and pharmacies have adopted their own privacy practices to describe how they use and disclose Protected Information and Piction Health has no responsibility for or control over such third parties’ privacy practices. 

6. SECURITY OF YOUR INFORMATION
We use industry standard physical, technical, and administrative security measures and safeguards to protect the confidentiality and security of your personal information. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Please note that emails and other communications you send to us through our Site are not encrypted, and we strongly advise you not to communicate any confidential information through these means.

7. IMPORTANT NOTICE TO NON-US RESIDENTS
The Digital Services and its servers are operated in the United States. Please be aware that your information may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to use the Website and/or the Digital Services, you hereby irrevocably and unconditionally consent to such transfer, processing, and use in the United States and elsewhere.

8. EXTERNAL WEBSITES
The Digital Services may contain links to external sites operated by third parties. Piction has no control over the privacy practices or the content of these external sites. As such, we are not responsible for the content or the privacy policies of those external sites. You should check the applicable third-party privacy policy and terms of use when visiting any other websites.

9. DATA RETENTION
Piction will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, please contact us using the information below. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

10. CALIFORNIA RESIDENTS  
California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.If you are under 18 years of age, reside in California, and have a registered account with a Service, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).

CCPA Privacy Notice
The California Code of Regulations defines a "resident" as:
(1) every individual who is in the State of California for other than a temporary or transitory purpose and
(2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
All other individuals are defined as "non-residents."If this definition of "resident" applies to you, we must adhere to certain rights and obligations regarding your personal information.

What categories of personal information do we collect?We have collected the following categories of personal information in the past twelve (12) months:

Category
A. Identifiers
Examples
Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address and account name
Collected
YES

Category
B. Personal information categories listed in the California Customer Records statute
Examples
Name, contact information, education, employment, employment history and financial information 
Collected
YES

Category
C. Protected classification characteristics under California or federal law
Examples
Gender and date of birth 
Collected
NO

Category
D. Commercial information
Examples
Transaction information, purchase history, financial details and payment information 
Collected
NO

Category
E. Biometric information
Examples
Fingerprints and voiceprints 
Collected
NO

Category
F. Internet or other similar network activity
Examples
Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems and advertisements 
Collected
NO

Category
G. Geolocation data
Examples
Device location 
Collected
YES 

Category
H. Audio, electronic, visual, thermal, olfactory, or similar information
Examples
Images and audio, video or call recordings created in connection with our business activities 
Collected
YES 

Category
I. Professional or employment-related information
Examples
Business contact details in order to provide you our services at a business level, job title as well as work history and professional qualifications if you apply for a job with us 
Collected
NO 

Category
J. Education Information
Examples
Student records and directory information 
Collected
NO 

Category
K. Inferences drawn from other personal information
Examples
Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics 
Collected
NO 

We may also collect other personal information outside of these categories instances where you interact with us in-person, online, or by phone or mail in the context of:
1. Receiving help through our customer support channels;
2. Participation in customer surveys or contests; and
3. Facilitation in the delivery of our Services and to respond to your inquiries.

How do we use and share your personal information?
More information about our data collection and sharing practices can be found in this privacy notice.You may contact us by email at support@pictionhealth.com, or by referring to the contact details at the bottom of this document.If you are using an authorized agent to exercise your right to opt-out we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf.
We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal data.
Piction Health, Inc. has disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:
- Category B. Personal information, as defined in the California Customer Records law, such as your name, contact information, education, employment, employment history and financial information.
The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under "How We Use and Share Your Information".
Piction has not sold any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. Piction will not sell personal information in the future belonging to website visitors, users and other consumers.

Your rights with respect to your personal data
Right to request deletion of the data - Request to delete
You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation or any processing that may be required to protect against illegal activities.

Right to be informed - Request to know

Depending on the circumstances, you have a right to know:
1. whether we collect and use your personal information;
2. the categories of personal information that we collect;
3. the purposes for which the collected personal information is used;
4. whether we sell your personal information to third parties;
5. the categories of personal information that we sold or disclosed for a business purpose;
6. the categories of third parties to whom the personal information was sold or disclosed for a business purpose; and
7. the business or commercial purpose for collecting or selling personal information.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
We will not discriminate against you if you exercise your privacy rights.

Verification process
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.
We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Other privacy rights
1. you may object to the processing of your personal data
2. you may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the data
3. you can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
4. you may request to opt-out from future selling of your personal information to third parties. Upon receiving a request to opt-out, we will act upon the request as soon as feasibly possible, but no later than 15 days from the date of the request submission.

To exercise these rights, you can contact us by email at support@pictionhealth.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.  

11. NEVADA RESIDENTS
Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. To submit such a request, please contact us via email at [support@Pictionhealth.com]  with “Nevada Opt-Out” in the subject line.

12. CHANGES TO OUR PRIVACY POLICY
Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your consent in accordance with applicable law. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.

13. QUESTIONS AND HOW TO CONTACT US
If you have any questions, concerns, complaints, or suggestions regarding our Privacy Policy or otherwise need to contact us, please email us at [support@pictionhealth.com]. Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. ‍