Privacy Policy

Section 1: Introduction

Welcome to Curanostics' Privacy Policy

Curanostics, Inc. ("Curanostics," "we," "us," or "our") values your trust and is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use our services, websites, applications, or related products (collectively, the "Services").

We understand the sensitive nature of health data and adhere to strict privacy and security standards, including compliance with HIPAA, GDPR, and other applicable data protection laws.

Scope of this Privacy Policy

This Privacy Policy applies to all users of the Services and covers the following:

• Information we collect, including personal and health-related data.
• How we use, share, and protect your information.
• Your rights and choices regarding your information.

By accessing or using our Services, you consent to the practices described in this Privacy Policy. If you do not agree to this policy, please do not use the Services.

Commitment to Privacy and Transparency

Curanostics is committed to ensuring that:

• Your data is collected and used transparently.
• You retain control over your data, including the ability to access, modify, or delete it.
• All data processing is conducted securely and in compliance with applicable laws.

Section 2: Information We Collect

Categories of Information Collected

When you use our Services, Curanostics collects the following types of information:

• Personal Identifiable Information (PII):
  • Name
  • Email address
  • Phone number
  • Physical address
• Health Information:
  • Medical records retrieved on your behalf.
  • Self-reported data, including symptoms, health goals, or family medical history.
  • Data shared through connected devices, wearables, or third-party platforms (e.g., fitness trackers).
• Usage Data:
  • Device type and operating system.
  • Browser type.
  • IP address and geolocation (if enabled).
  • Behavioral data, such as pages visited, features used, and time spent on the platform.
• Third-Party Data Sources:

  With your explicit consent, we may collect additional information from third-party sources, such as:

  • Healthcare providers.
  • Diagnostic laboratories.
  • Partnered platforms or applications.

How We Collect Information

We gather information through the following means:

• Direct Input:

  Data you provide directly, such as during registration, profile creation, or survey completion.

• Automated Technologies:

  Data automatically collected via cookies, analytics tools, and similar technologies.

• Third-Party Integrations:

  Information retrieved from external platforms, such as healthcare portals or device APIs, with your authorization.

Section 3: How We Use Your Information

Purposes of Data Use

Curanostics uses your information to provide and improve the Services, as detailed below:

• Service Delivery
  • Enable personalized health insights, tools, and recommendations.
  • Securely retrieve and integrate medical records with user authorization.
  • Facilitate core functionalities of the platform.
• User Support and Communication
  • Respond to inquiries, troubleshoot issues, and provide customer support.
  • Send updates related to the Services, such as changes to terms, policies, or features.
• Research and Development
  • Aggregate and anonymize data to improve platform features and develop new functionalities.
  • Conduct internal analysis to enhance user experience and product effectiveness.
• Legal Compliance
  • Fulfill legal obligations, such as responding to lawful requests or regulatory requirements.
  • Ensure compliance with data protection laws like HIPAA, GDPR, and CCPA.
• Security and Fraud Prevention
  • Monitor usage for suspicious activity, unauthorized access, or breaches.
  • Protect the platform and user accounts from malicious threats.

Data Minimization

We adhere to the principle of data minimization, collecting and using only the information necessary for the purposes outlined in this policy.

Anonymized and Aggregated Data

• Curanostics may use anonymized and aggregated data for purposes such as:
  • Research and analytics.
  • Publication of health trends or insights.
• Anonymized data cannot be traced back to an individual user and is not considered personal data under applicable laws.

Section 4: Data Sharing and Security

Data Sharing Practices

Curanostics values your trust and ensures that your data is shared only when necessary and in compliance with applicable laws. We share your information in the following limited scenarios:

• With Your Explicit Consent

  Data will only be shared with third parties, such as healthcare providers or diagnostic services, when you provide explicit authorization.

• Service Providers and Partners
  • Data storage and hosting providers.
  • Analytics and research partners.

  These partners are contractually obligated to adhere to the same privacy and security standards as Curanostics.

• Legal and Regulatory Requirements

  We may disclose data to comply with applicable laws, regulations, or legal processes, including:

  • Responding to subpoenas, court orders, or other lawful requests.
  • Cooperating with regulatory or law enforcement agencies.
• Anonymized and Aggregated Data

  Non-identifiable data may be shared for research, publication, or statistical purposes.

Data Security Measures

Curanostics employs industry-standard security measures to protect your information, including:

• Encryption

  All sensitive data, including medical records, is encrypted during storage and transmission using robust encryption protocols.

• Access Controls

  Access to your data is restricted to authorized personnel and requires multi-factor authentication.

• Continuous Monitoring

  We actively monitor the platform for potential security threats and vulnerabilities.

• Data Breach Response

  In the unlikely event of a data breach, Curanostics will:

  • Notify affected users promptly.
  • Provide details on the scope of the breach and steps taken to mitigate its impact.

Your Role in Security

You play an essential role in protecting your data. Curanostics encourages users to:

• Keep account credentials confidential.
• Use strong passwords and enable multi-factor authentication.
• Report suspicious activity to our support team immediately.

Section 5: User Rights and Controls

Your Rights

Curanostics is committed to empowering users with control over their personal data. Depending on your jurisdiction, you may have the following rights:

• Right to Access

  You have the right to request a copy of the personal data Curanostics holds about you.

• Right to Rectification

  You can request corrections or updates to inaccurate or incomplete information.

• Right to Deletion

  You may request the deletion of your personal data, subject to limitations such as legal obligations to retain certain information.

• Right to Restrict Processing

  You can request that we limit the use of your data in certain situations, such as during dispute resolution.

• Right to Data Portability

  You have the right to request a copy of your data in a structured, commonly used, and machine-readable format for transfer to another provider.

• Right to Object

  You may object to the processing of your data for specific purposes, such as direct marketing or automated decision-making.

How to Exercise Your Rights

To exercise your rights, contact us at yash@curanostics.health. Please include sufficient detail to verify your identity and specify the nature of your request.

Managing Your Information

You can manage or update your personal information through your account settings. This includes modifying your preferences for communication, sharing, and data usage.

Withdrawing Consent

If you previously consented to data collection or sharing, you may withdraw that consent at any time. Note that withdrawing consent may limit your ability to use certain features of the Services.

Non-Discrimination

Curanostics will not discriminate against users who exercise their data rights. This means no denial of services, changes to service quality, or imposition of additional fees.

Section 6: International Users

Global Data Protection Compliance

Curanostics is committed to protecting the privacy of all users, including those residing outside the United States. We comply with international data protection laws and regulations, including but not limited to:

• General Data Protection Regulation (GDPR)

  For users located in the European Economic Area (EEA), we process personal data in accordance with GDPR. This includes:

  • Providing clear and transparent information on data processing.
  • Offering rights such as data access, correction, deletion, and portability.
• Other Regional Laws

  We also adhere to other regional regulations, such as the California Consumer Privacy Act (CCPA) for users in California and other equivalent frameworks.

Data Transfers

If you are accessing the Services from outside the United States, please note:

• Storage in the U.S.

  Your personal data may be transferred to, stored, or processed in the United States, where data protection laws may differ from your jurisdiction.

• Safeguards for Transfers
  • Standard contractual clauses (SCCs).
  • Ensuring compliance with applicable legal requirements.

Your Choices as an International User

• Language and Localization

  Where applicable, we will provide localized versions of our Privacy Policy and Terms of Service to meet specific jurisdictional requirements.

• Exercise of Rights

  Users outside the U.S. may exercise their data rights by contacting yash@curanostics.health, and we will ensure compliance with relevant local laws.

Legal Basis for Processing International User Data

For international users, we rely on the following legal bases for processing your data:

• Consent: When you explicitly agree to the collection and use of your data.
• Contractual Necessity: When processing is necessary to provide the Services you requested.
• Legal Obligations: To comply with legal requirements in your jurisdiction.

Section 7: State-Specific Privacy Rights (Including CCPA Compliance)

Curanostics complies with state-specific privacy laws to ensure the highest level of protection for your personal data. This section outlines your rights under these laws, including the California Consumer Privacy Act (CCPA) and equivalent regulations in other states.

California Consumer Privacy Act (CCPA)

If you are a California resident, you are entitled to specific rights regarding your personal information under the CCPA.

• Your Rights Under the CCPA
  • Right to Know:

    You have the right to request that we disclose the following information about our data practices over the past 12 months:

    • Categories of personal information we collected.
    • Sources of personal information.
    • Business or commercial purposes for collecting or selling the information.
    • Categories of third parties with whom we shared the information.
    • Specific pieces of personal information we collected about you.
  • Right to Delete:

    You may request the deletion of your personal information, subject to certain exceptions (e.g., compliance with legal obligations or security purposes).

  • Right to Opt-Out of Sale:

    Curanostics does not sell personal information to third parties. However, if this practice changes, you will be provided with a mechanism to opt out.

  • Right to Non-Discrimination:

    You have the right to receive equal service and pricing, even if you exercise your privacy rights.

• How to Exercise Your CCPA Rights

  To exercise any of these rights, contact us using one of the following methods:

  • Email: yash@curanostics.health
  • Phone: +1 512-785-1814
  • Online Form: https://www.quickbridge.com/ccpa/personal-information-request-form.pdf
• We will verify your identity before processing your request. You may also designate an authorized agent to act on your behalf by providing written permission or a power of attorney.
• Categories of Personal Information We Collect Under CCPA

  Curanostics collects the following categories of personal information as defined by the CCPA:

  • Identifiers: Name, email, phone number, account credentials.
  • Personal Information Categories: Medical records, health history, and related data.
  • Internet Activity: Browsing history, device information, and interactions with our website.
  • Geolocation Data: Only when explicitly enabled by you.
  • Professional or Employment Information: If relevant to your use of the Services.

Other State-Specific Rights

Residents of other states with robust privacy laws (e.g., Colorado, Virginia, Connecticut, and Utah) may also have rights similar to those outlined above. Where applicable, you are entitled to the following:

• Access and Portability

  The right to access personal information collected about you and request its transfer in a portable format.

• Correction of Inaccurate Data

  The right to request corrections to your personal data if it is incorrect or incomplete.

• Opt-Out of Targeted Advertising or Profiling

  The ability to opt out of data processing for targeted advertising or automated profiling.

• Sensitive Information

  The right to restrict the processing of sensitive data, such as health or biometric information, to only necessary purposes.

Compliance Across Jurisdictions

Curanostics ensures compliance with all state-specific regulations by:

• Data Mapping and Transparency:

  Maintaining an up-to-date record of the data we collect, its sources, and how it is processed.

• Universal Access to Rights:

  Extending comparable rights, such as those under the CCPA, to users in other states to simplify compliance and ensure consistency.

• Notice of Financial Incentives:

  If any financial incentives are offered (e.g., discounts in exchange for data), we will provide clear terms and obtain your explicit consent.

Changes to State-Specific Provisions

We update this section as new state laws come into effect. You are encouraged to review this Privacy Policy periodically to stay informed about your rights.

Section 8: GDPR Compliance

Curanostics is committed to ensuring the protection of personal data for users in the European Economic Area (EEA) and other jurisdictions subject to the General Data Protection Regulation (GDPR). This section outlines your rights under the GDPR and how we comply with its requirements.

Your Rights Under GDPR

If you are located in the EEA or a region subject to GDPR, you have the following rights regarding your personal data:

• Right to Access

  You have the right to request access to the personal data we hold about you and obtain information about how it is processed.

• Right to Rectification

  You can request corrections to inaccurate or incomplete personal data.

• Right to Erasure (Right to Be Forgotten)

  You may request the deletion of your personal data, provided it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.

• Right to Restrict Processing

  You can request that we limit the processing of your personal data under certain circumstances, such as when you contest its accuracy or object to its processing.

• Right to Data Portability

  You have the right to receive your personal data in a structured, commonly used, and machine-readable format and request its transfer to another data controller.

• Right to Object

  You can object to the processing of your data for direct marketing purposes or where processing is based on legitimate interests.

• Right to Withdraw Consent

  If you have provided consent for data processing, you can withdraw it at any time without affecting the lawfulness of prior processing.

• Right to Lodge a Complaint

  If you believe your rights have been violated, you have the right to file a complaint with your local data protection authority.

How We Comply with GDPR

• Legal Basis for Data Processing

  We process personal data under the following legal bases:

  • Consent: When you explicitly provide consent for specific data processing activities.
  • Contractual Necessity: To deliver services you have requested, such as personalized health insights.
  • Legitimate Interests: For purposes like improving our platform and ensuring security, provided they do not override your rights and freedoms.
  • Legal Obligations: To comply with applicable laws and regulatory requirements.
• Data Protection Principles

  We adhere to the following principles in processing personal data:

  • Lawfulness, Fairness, and Transparency: Data processing is conducted transparently and in compliance with the law.
  • Purpose Limitation: Data is collected only for specific, explicit, and legitimate purposes.
  • Data Minimization: Only data necessary for the stated purposes is collected.
  • Accuracy: We strive to ensure all personal data is accurate and up to date.
  • Storage Limitation: Data is retained only as long as necessary for its intended purposes or as required by law.
  • Integrity and Confidentiality: Robust security measures are implemented to protect your data.
• Cross-Border Data Transfers
  • Your data may be transferred outside the EEA, including to the United States, where data protection laws may differ.
  • Curanostics ensures that all cross-border transfers are safeguarded using mechanisms such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).
• Data Protection Officer (DPO)
  • Curanostics has appointed a Data Protection Officer to oversee compliance with GDPR and handle data-related inquiries.
  • Contact the DPO at yash@curanostics.health.

Exercising Your Rights Under GDPR

To exercise your GDPR rights, contact us at yash@curanostics.health. Please provide sufficient information to verify your identity and specify the nature of your request.

Section 9: Policy Updates and Notifications

Changes to This Privacy Policy

• Periodic Updates

  Curanostics may update this Privacy Policy periodically to reflect changes in legal requirements, our data practices, or the functionality of our Services. Any changes will be effective upon posting, with the “Last Updated” date revised accordingly.

• User Notification

  For significant changes, we will notify users via:

  • Email to the address associated with your account.
  • Prominent notices within the Services.

  Continued use of the Services after updates constitutes acceptance of the revised policy.

Your Responsibility to Review

You are responsible for reviewing this Privacy Policy periodically to stay informed about how we are protecting your information.

How We Notify Users of Data Breaches

In the event of a data breach, Curanostics will:

• Notify affected users promptly, including details of the breach, what data was compromised, and recommended steps to protect yourself.
• Report the breach to regulatory authorities as required by law.

Contact Information

For questions about this Privacy Policy or to exercise your rights, contact us at:

• Email: yash@curanostics.health

Section 10: How to Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, you can contact us using the information below:

Contact Information

• Email: yash@curanostics.health

Additional Support

If you are located outside the United States and have concerns about how we handle your data, you may also reach out to your local data protection authority for guidance.