Privacy Policy Effective Date: July 20, 2025
Your privacy is critically important to us. This Privacy Policy outlines how we collect, use, protect, and handle your information, particularly Protected Health Information (PHI), in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws.
Our Commitment to Privacy and HIPAA Compliance We are committed to maintaining the confidentiality and security of your data. Our platform is designed and operated with strict adherence to HIPAA regulations to ensure the privacy and protection of Protected Health Information (PHI). We implement robust administrative, physical, and technical safeguards to protect electronic PHI (ePHI).
Information We Collect We collect information necessary to provide and improve our services. This may include:
Protected Health Information (PHI): Genomic data (e.g., mutation profiles, sequencing data), clinical data (e.g., diagnosis, treatment history, demographics) provided by authorized users (healthcare providers, researchers) for analysis and use within the platform's intended purpose.
User Account Information: Information provided when creating an account, such as name, professional credentials, institution, email address, and contact information.
Usage Data: Information about how you interact with the platform, such as features used, time spent, and technical data (IP address, browser type, device information). This data is primarily used for platform improvement and analytics and is de-identified or aggregated where possible.
How We Use Your Information We use your information for the following purposes:
To provide and operate the Oncology Copilot platform and its features.
To perform genomic analysis and provide insights based on patient data.
To facilitate the design and evaluation of potential therapies.
To enable communication and collaboration among authorized users.
To improve and optimize the performance and functionality of the platform.
To ensure the security and integrity of our systems.
For research and development purposes, using de-identified or aggregated data where permissible and appropriate.
To comply with legal and regulatory requirements, including HIPAA.
How We Protect Your Information We implement industry-standard security measures to protect your data, including:
Encryption: Encrypting data both in transit and at rest.
Access Controls: Implementing strict access controls based on user roles and responsibilities.
Audit Trails: Maintaining detailed audit logs of access and activity within the platform.
Regular Security Assessments: Conducting regular security risk assessments and vulnerability testing.
Secure Infrastructure: Utilizing secure cloud infrastructure providers with appropriate certifications.
Sharing Your Information We do not sell or rent your personal information or PHI to third parties. We may share information only under the following circumstances:
With Your Consent: When you provide explicit consent.
With Authorized Users: Sharing patient-specific PHI within the platform is limited to authorized users affiliated with the patient's care or research study, as governed by Business Associate Agreements (BAAs) where applicable.
With Business Associates: Sharing information with trusted third-party service providers (Business Associates) who perform functions on our behalf (e.g., cloud hosting, data storage), strictly under the terms of a BAA that requires them to protect PHI in accordance with HIPAA.
For Legal Requirements: When required by law, regulation, or legal process.
For Research (De-identified): Sharing de-identified or aggregated data for research or public health purposes, in compliance with HIPAA de-identification standards.
Your Rights Subject to applicable laws, including HIPAA, you may have certain rights regarding your PHI and personal information, such as the right to access, amend, or request restrictions on the use and disclosure of your PHI. Please contact us using the information below to exercise your rights.
Changes to This Privacy Policy We may update this Privacy Policy periodically. We will notify you of any significant changes by posting the new policy on our website and updating the effective date.
Contact Us If you have any questions about this Privacy Policy or our data practices, please contact us at: