Privacy Policy

This Privacy Policy was last updated on Jul 04, 2024.

This document describes Quip Medical Inc.’s policies and procedures relating to the collection and use of data when using the Service.

We are fully committed to maximizing data privacy and have sought to minimize our information collection, use, and retention practices. By using the Service, You are henceforth in agreement with the collection and use of information detailed in this document.

Interpretation and Definitions

Interpretation

Words for which the initial letter is capitalized have meanings as defined below. The following definitions shall have the same meaning regardless of whether they appear in singular or plural form.

Definitions

• “Company” (referred to as either "the Company", "Us", “We”, or "Our" in this document) refers to Quip Medical Inc.

• “Device” refers to any device that can access the Service such as a computer, a cell phone, or a digital tablet.

• “Participating Party” refers to any individual that is actively engaged in the operation of the Service, and dependent on use cases can also refer to the User. In other words, this refers to any individual that is speaking while the User has chosen to enable the audio recording aspect of the Service.

• "Personal Data" is any information that is associated with an identified or identifiable individual.

• “Service” refers to the Quip application.

• “User” (referred to as a “User”, “You”, or “Your” in this document) refers to the individual that is directly operating the Service, or the legal entity on behalf of which an individual is operating the Service.

Information Collection and Use

Types of Data Collected

Personal Data

A minimal degree of Personal Data is collected from each User for the creation of User accounts. Aside from these User account details, no Personal Data is directly prompted for or otherwise collected during operation of the Service. Personal Data pertaining to any given Participating Parties may be collected in audio form in the case that such data is captured while the User has chosen to record audio through the Service. We do not in any way prescribe or enforce the data that is collected during this recording; the content of any given recording is left entirely to the discretion of the User and/or all other Participating Parties.

Usage Data

Certain data pertaining to usage conditions are automatically collected during use of the Service. This data includes the time and date of the User’s use of the Service and of select types of actions that are performed through the Service.

Cookies

Cookies are small files saved on Your Device which can be sent to websites and web applications to provide information from previous visits or sessions that enhances Your experience. The Service leverages cookies solely to remember Your login information from previous sessions in which You were successfully signed in, increasing Your ease of use of the Service by preventing the need for sign-in attempts in successive usage sessions. The cookies that We use to remember your sign-in information will persist unless otherwise removed by You. These cookies can optionally be cleared or disabled at any point in time through Your browser settings.

Personal Data Use

Account-related Personal Data is only used for the purposes of account administration, application sign-in, and communication between Us and any given User.

Personal Data collected during general use of the Service, which is limited to that which is captured in audio form, will subsequently be converted to a textual form along with all other recorded audio. Select personal identifiers are then removed from these text transcripts, although Personal Information may still be present where necessary for accurate note creation. Finally, each text transcript is used to create summary notes. Additional in-app functionality may subsequently be applied using generated summary notes, as available and by choice of the User. Personal Data contained within audio recordings and transcripts are exposed to third-party services through this process, and the corresponding service providers are discussed in the ‘Service Providers’ section.

Usage data is only used for internal administrative purposes, including general monitoring and screening for security purposes.

Data Retention

All data is retained only as long as necessary for the purposes delineated in this document. Unless otherwise agreed upon or legally obligated, all data collected, aside from account details, will be retained for a maximum period of 48 hours following the point of initial data storage. Any Personal Information that is retained by Us has no guarantees of accuracy or fidelity; Users are individually responsible for upholding data accuracy and fidelity in any data storages external to Us where applicable.

The above does not apply to raw audio recordings, which are not retained beyond initial collection and/or creation.

Data Disclosure

Business Transactions

Personal Data may be transferred in the case of business proceedings such as acquisitions or asset sales. In any such case, Users will be notified of the upcoming change.

Legal Requirements

Disclosure of Personal Data may occur if required by any valid requests from judiciary bodies or public authorities. Personal Data may also be disclosed in the good faith belief that disclosure is necessary for any of the following:

• Compliance with legal obligations

• Protection of the rights or property of the Company

• Prevention or investigation of possible wrongdoings related to the Service or its use

• Protection of the personal safety of any given individual(s)

• Protection of the Company against legal liability

Data Security

A number of measures are taken to enforce the security of all data that We retain. Data is encrypted both at rest and during transmission to prevent the reading or interpretation of such data by any external parties. Data access is limited by the use of role-based access, where only select roles owned by a minimum number of employees are able to access any data that We store in any manner. Regular log reviews are also performed to identify any suspicious or otherwise unusual behaviour surrounding the data that We retain.

Service Providers

Third-party services are leveraged for general use of the Service. The current list of engaged third-party providers is as follows:

• Google Cloud Platform: Text transcripts are sent to this service provider for summary note generation.

• Amazon Web Services: This provider has a number of services that are leveraged for high-level operations in the Service.

• Medplum: Data related to User accounts and generated summary notes are retained with this service provider.

The privacy policy for each third-party service provider is given here:

• Google Cloud Platform: https://cloud.google.com/terms/cloud-privacy-notice

• Amazon Web Services: https://aws.amazon.com/privacy/

• Medplum: https://www.medplum.com/privacy#:~:text=Medplum receives information whenever your note has been sent to you.

PIPEDA

The core principles of PIPEDA are largely reflected in previous sections of this document, chiefly concerning our deliberate minimization of data collection, use, and retention, limited solely to the essentials needed to provide You with an efficient and effective user experience. Data security and confidentiality are paramount to Us, and accordingly ensure that standard practices such as encryption and access limitation, as well as our reliance on only reputable, similarly security-oriented third-party service providers, embody the effective security that You deserve.

We are fully committed to honouring the rights of all Users with respect to Your control over Your Personal Data. To accomplish any of the following, please contact us as stated in the ‘Contact Us’ section:

• Inquire about the Personal Data that we have collected from You and retained.

• Ask about our collection of, use of, policies concerning, and any disclosures of Your Personal Data.

• Request for Personal Data that we have collected from You to be corrected or amended for the sake of accuracy or completeness.

• Request for the deletion of Personal Data that we have collected from You.

PHIPA

Under the PHIPA regulations, Personal Data recorded through expected use of the Service is considered a use (and not collection); this Personal Data is then used solely for the purposes of summarization and summary note creation on behalf of any given User, unless otherwise agreed upon. No disclosures of Personal Data are made through expected use of the Service. The privacy and security measures detailed in this document seek to both protect any Personal Data that we may possess and to further mitigate the risks involved with such Personal Data.

HIPAA

Our commitment to the “minimum necessary” with respect to PHI collection, use, and disclosure are reflected in the policies described in this document. Key procedures include minimal data retention, limited use (restricted solely to the core functionality of the Service), and a lack of recurring or scheduled disclosures. Our security measures, as detailed in the ‘Data Security’ section, further focus on access restriction for and the safeguarding of any electronic PHI that We may collect and store.

Any complaints concerning either this privacy policy or any of Our privacy practices or procedures can be directed to Our internal contact, as specified in the ‘Contact Us’ section. Any Participating Parties under the appropriate jurisdictions are also legally entitled to raise any such complaints to the Secretary of the United States Department of Health and Human Services (HHS).

Changes to this Privacy Policy

This Privacy Policy may be periodically updated, and recent changes can be viewed on this page. For material revisions, We will provide at least 30 days' notice prior to any new terms taking effect. What constitutes a material change will be determined at the sole discretion of the Company.

Contact Us

For questions, inquiries, or complaints concerning this Privacy Policy, you can contact us by sending an email to the following address: contact@quipmedical.org.