Privacy Policy

Effective Date: March 01, 2024

Welcome

This Privacy Policy explains how Aloom AI, Inc. (“Aloom AI”, “we,” “us,” and/or “our”) use and share personal information that we collect from you when you visit our websites (“Sites”) or use our healthcare technology services (defined below and referred to as “Services”).

Please read this Privacy Policy in its entirety. By using our Services, you agree to the collection, use and disclosure of your personal information in accordance with this Privacy Policy, and you further agree to the accompanying Terms of Service (“Terms”) available at https://aloom.ai/terms. Our Terms govern all use of our Services, and along with our Privacy Policy and other sub-agreements (such as a Business Associate Agreement), constitute your agreement with us.

If you do not agree with or you are not comfortable with any part of our Privacy Policy or the Terms, please immediately discontinue access or use of our Services

We strive to ensure that our Services balance the need to collect and use personal information with the desire to maintain the privacy of individuals. We are committed to transparency around our privacy practices and compliance with both the letter and spirit of privacy laws.

Definitions

For clarity, these are the terms we may use throughout this Privacy Policy:

  • Our “Services” include our public website at https://aloom.ai, our health care applications, and other healthcare technology services.

  • “Personal Data” refers to any data associated with an identified or identifiable individual. This includes things like your name, email address, phone number, etc.

  • “Personal Health Information” refers to a subset of such Personal Data as defined in the United States by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH).

  • Depending on the context of how you use our Services, “you” may refer to one or more of the following categories:

    • “Customers” including healthcare professionals who utilize our Services. This includes providers, administrative staff and other Business Associates.
    • “Visitors” to our public website and individuals who we interact with as part of our marketing, research, and business development activities.

Contact Information

If you have any questions about this Privacy Policy, want to exercise a privacy right with respect to your personal information, or have a privacy-related complaint, please contact us by email at [email protected] or by writing us at:

Aloom AI, Inc.
2850 SW Cedar Hills Blvd #2134
Beaverton, OR 97005
United States

How we collect, use, and share Personal Data

Our collection and use of your information varies depending on your relationship with us. For example, we collect relatively little information from Visitors and mainly use it to market our Services and better understand their needs. In contrast, our healthcare Customers provide us with a greater degree of Personal Data to facilitate the uses of our Services. To highlight those differences, our Privacy Policy describes the collection and use of Personal Data differently for these groups.

Information we collect

When you browse our Sites and use our Services, we receive your Personal Data, either provided directly by you or collected through automated means such as cookies or similar technologies.

Visitors

Visitor information is collected when you visit our Sites, communicate with us over email, or participate in our marketing and research activities. This includes the following Personal Data:

  • Contact Information: Name, email address, and other contact information. We may ask you to provide this information through forms on our Sites in order to sign up for and agree to receive email communications (which you can later unsubscribe to or opt-out of). We may also ask you for this information if you use interactive features of our website or participate in our research.
  • Usage and Log Data: IP address, browser type, operating system, region, and referring URLs. This generally includes information about how you interact with our website or services (pages visited, time on site, search terms).
  • Image and voice: When you participate in a research study, we may ask for your permission to record your voice and/or image during your participation.

Customers

We collect Personal Data from Customers when they sign up for and use our Services. This includes the following:

  • Account Information: When you register for an account, we collect contact information including your name, email address, telephone number, and mailing address. We also collect information about your organization, role at work, and professional identifiers such as your National Provider Identifier (NPI).

  • Usage Data and Logs: In addition to the data we collect as with Visitors, we also automatically collect information about your use of our Services through cookies, beacons, and other tracking technologies. We collect granular system logs that include a randomized user identifier to monitor security related events, service requests, usage, and access to systems.

How we collect this information:

  • Directly from You: When you fill out forms on our website or through our Services, communicate with us, or otherwise directly share Personal Data with us. We also collect information when you participate in our research activities through surveys or interviews. If you apply for a job, we collect your information associated with that job application.

  • Automatically: Our public facing site is hosted on Cloudflare and uses Cloudflare Analytics, a privacy friendly analytics service, to collect usage data and logs. Our Services and other sites are hosted by Google Cloud Platform and we collect automated log information from those Services.

    • Cookies Cookies are small text files that are place on your computer or mobile device by websites you visit. These cookies are used to store information including visitors’ preferences and session information. Our Services currenlty only use Functional Cookies that are required for operation.

How we use your information

We use your Personal Data for the following purposes:

  • Verify your identity: We use your account information for authentication purposes and to verify your identity for customer support purposes
  • Improve Our Services: We analyze usage data to understand user behavior and optimize our website and offerings.
  • Marketing and Communication: Send promotional materials, newsletters, or updates about our company (with the option to opt-out). We also send you necessary communications about your account and the Services you use
  • Research and Analysis: For aggregated (and anonymized) data analysis to understand broader market trends.
  • Compliance with Law: To fulfill legal obligations or respond to lawful requests from authorities.

Sharing Your Information

We do not sell your Personal Data or information to third parties. We may share your information under the following circumstances. In all cases, we only share information consistent with this Privacy Policy:

Security of Your Information

We implement reasonable technical and organizational measures to protect your information from unauthorized access, use, or disclosure. While we strive to implement robust security measures, please be aware that no data transmission over the internet or method of data storage can be guaranteed to be 100% secure.

We understand the sensitive nature of both the personal information you entrust us including your data outlined in this privacy policy as well as Protected Health Information (PHI) handled within our platform. We implement a range of technical, administrative, and physical safeguards to maintain the confidentiality, integrity, and availability of your data. These measures include:

  • Encryption: We utilize industry-standard encryption methods to protect data both in transit and at rest.
  • Access Controls: Strict role-based access controls are in place to ensure only authorized personnel can access data, and even then, we attempt to minimize access using the principle of least privilege
  • Secure Development Practices: Our software development processes incorporate security principles and testing to minimize vulnerabilities. We have a robust patch process and regularly monitor for new vulnerabilities through automated processes.
  • Network Security: We employ firewalls, and deploy our systems into private networks with limited public access. We routinely segregate sensitive systems and data stores to limit their access between service components.
  • Data Backup and Disaster Recovery: Regular backups ensure data can be recovered in the event of an incident.

Your Choices

  • Opt-Out: You can usually opt-out of marketing communications by following the unsubscribe instructions provided.

  • Access and Correction: You may have the right to request access to or correction of your personal information. Contact us at [email protected] for such requests.

Processing of Medical Data and Private Health Information

When providing our Services to Customers, we may process or store Protected Health Information (PHI) on their behalf. As a Business Associate under HIPAA, our handling of PHI is strictly governed by our Terms of Service and Business Associate Agreement with each Customer. For any other Personal Data provided by our Customers, this Privacy Policy applies.

We implement technical, administrative, and physical safeguards designed to meet or exceed HIPAA security standards. These measures are regularly reviewed and updated to ensure ongoing protection of PHI.

For questions about your individual health information rights, please refer to the Notice of Privacy Practices provided by your healthcare provider. We strongly encourage you to review the privacy policies of your healthcare providers to understand their practices.

Data Retention

We retain Personal Data for different lengths of time depending on the type of data and its purpose of collection. The following factors generally influence our retention periods:

  • Active Use: Data necessary for providing our Services is usually retained as long as your account remains active or as needed to fulfill our contractual obligations.
  • Legal or Regulatory Requirements: Certain data may be retained for a longer period to comply with legal obligations, tax regulations, or accounting standards.
  • Business Justification: We may retain certain information for a limited time after your account becomes inactive for legitimate purposes like dispute resolution, fraud prevention, or to enforce our agreements.
  • Anonymization: Where possible and appropriate, we may anonymize or aggregate data after a certain period, removing direct identifiers and retaining it for broader analytical or research purposes.

Deletion of Data

You may request the deletion of certain Personal Data by contacting us (see Contact Information above). We will review and honor such requests as far as it’s possible while considering any conflicting legal obligations or legitimate business interests. Please note that even after deletion, some data may persist in backups for a limited period before being permanently removed.

International Users

If you are accessing our services from outside the United States, please note that your data may be transferred and processed in the United States.

Children’s Privacy

We do not knowingly collect information from children under the age of 13 and our website/services are not intended for use by children. If you are the parent or guardian and believe your child has provided us with personal information, please contact us identified in the Contact Information section.

Changes to This Privacy Policy

We may update this policy from time to time. If we make material changes, we will notify you on our website or by email.