Last revised: 01 June 2023
The Docus cares about data privacy and security and is committed to fair information practices and to the protection of privacy.
Collection of Information
We may collect the following kinds of information (collectively – the “Information”) when you access, visit, request, procure, receive, obtain, use, or otherwise utilize (“use”) the Website and/or the Services:
Information automatically collected
We automatically track and collect the following categories of information when you visit and/or anyhow interact with the Website: (1) IP addresses; (2) domain servers; (3) types of computers accessing the Website; (4) types of web browsers used to access the Website; (5) referring source which may have sent you to the Website; and (6) other information associated with the interaction of your browser and the Website (collectively the “Traffic Data”). Some of the tools we use to automatically collect information about you may include:
Cookies. “Cookies” are small computer files that are transferred to your computer's hard drive that contain information such as user ID, user preferences, lists of pages visited and activities conducted while browsing the Website. Generally, we use "cookies" to customize your experience on our Website and to store your password so you do not have to re-enter it each time you visit the Website. At your option, expense and responsibility, you may block cookies or delete cookies from your hard drive. However, by disabling cookies, you may not have access to the entire set of features of the Website.
Web Beacons. A Web Beacon is an electronic image. Web Beacons can track certain things from your computer and can report activity back to a web server allowing us to understand some of your behavior. If you choose to receive emails from us, we may use Web Beacons to track your reaction to our emails. We may also use them to track if you click on the links and at what time and date you do so. Some of the third-party marketers we engage with may use Web Beacons to track your interaction with online advertising banners on our Website. This information is only collected in aggregate form and will not be linked to your Personal Information. Please note that any image file on a webpage can act as a Web Beacon.
Embedded Web Links. Links provided in our emails and, in some cases, on third-party websites may include tracking technology embedded in the link. The tracking is accomplished through a redirection system. The redirection system allows us to understand how the link is being used by email recipients. Some of these links will enable us to identify that you have personally clicked on the link and this may be attached to the Personal Information that we hold about you. This data is used to improve our service to you and to help us understand the performance of our marketing campaigns.
Third-party Websites and Services. We work with a number of service providers of marketing communications technology. These service providers may use various data collection methods to improve the performance of the marketing campaigns we are contracting them to provide. The information collected can be gathered on our Website and also on the websites where our marketing communications are appearing. For example, we may collect data where our banner advertisements are displayed on third-party websites.
Information You Provide to Us
The information that you provide in each case will vary. In some cases, you may be able to provide Personal Information via email or free text boxes, such as when contacting the Docus to request further information.
We may ask you to create a username and password that should only be known to you. When providing information, please provide only relevant information and do not provide unnecessary sensitive information, such as Social Security numbers, or other sensitive personal, medical or financial data unless required for delivery of the Services. The User is not required to provide, submit or share any personally identifiable information and/or direct identifiers of the User in order to use the Website and/or the Services and/or the Data (including, without limitation, the AI-generated report and/or the Second opinion), except for the information required for creating an account on the Website. Additionally, individually identifiable health information shall not be uploaded, shared and/or provided to the Docus and/or the Medical Expert, any and all direct identifiers of the User, such as name, address, or any other details that could identify an individual, should be removed before such information submitted to the Website and/or sharing with the Medical Expert.
Information you provide to us includes, without limitation the following:
You are not obligated to create an account on the Website in order to access or use the Website and/or the Data. However, some Services are only available to the Users who are eligible to and have created an account on the Website and/or have subscribed to the Services (the “Registered Users”).
Personal Information includes the following categories of information: (1) Contact Data (such as your e-mail address, the Docus account password); (2) Demographic Data (such as your gender, age, your date of birth); (4) Medical Data (such as any medical information you choose to share with us).
We will collect your Personal Information only if you voluntarily submit such information to us. You can always refuse to supply such personal identification information, except that it may prevent you from engaging in certain Website-related activities, including but not limited to requesting and/or receiving the Services.
We will collect your Medical Information only if you voluntarily submit such information to us. You can always refuse to supply such information, except that it may prevent you from engaging in certain Website-related activities, including but not limited to requesting and/or receiving the Services.
We also collect other information, some of which may be Personal Information and/or Medical Information that you voluntarily provide to us when you choose to use some of the Website's interactive tools and Services, such as searching for the Medical Experts, the information you provide voluntarily in free-form text boxes on the Website and through responses to surveys, questionnaires and the like.
We recommend you remove all information that could directly identify you. This includes your name, address, contact information, social security number, medical record number, and any other personal identifiers. If you need to share a medical report or other documents, ensure that all personal identifiers are redacted. This can be done by blacking out the information or using an online tool to remove it.
You are not required to enter your credit card information unless and until you decide to continue with a paid subscription to our Services or for receiving a Second opinion. In order to process your payment Information, we use PCI-compliant third-party processors, which collect payment information on our behalf in order to complete transactions.
This information is processed by our payment service provider and we receive a confirmation of payment, which we then associate with your Account Information and any relevant transactions. While our administrators are able to view and track actual transactions via customer portals, we do not have access to, or process, your credit card information.
In the case of corporate Customers, other payment methods (e.g. wire transfer) may be availed to you. In the case of corporate Customers, if we availed of other payment methods, we may request your bank information to process refunds, if any.
Information Provided on Behalf of Children
Children's Online Privacy Protection Act
COPPA severely restricts what information can be collected from children under the age of 13. For this reason, we do not knowingly allow individuals under the age of 21 to create accounts that allow access to the Services and/or the Website, and children under the age of 21 in the United States are prohibited from using the Website. The Website, as well as the Services and/or the data available through the Website (the “Data”) are not intended for the Users under the age of 21. If you are under 21 years of age, please do not use or access the Website at any time or in any manner. By using the Website, you affirm that you are over the age of 21.
If you are a parent or guardian and discover that your child under the age of 21, or equivalent minimum age depending on the jurisdiction, has obtained an account on the Website, then you may alert us at the contact information below under “Contact Us”, and request that we delete that child’s personal information from our systems. If we learn that we have collected the personal information of a child under 21, or equivalent minimum age depending on jurisdiction, outside the above circumstances we will use any such information only to respond directly to that child (or a parent or legal guardian) to inform them that they cannot use the Services and subsequently we will take steps to delete the information as soon as possible, except where prohibited by applicable law.
Use of collected Information
We may collect and use your personal information for the following purposes:
To provide, analyze and improve the Services. We may request Personal and Medical Information that is necessary for us to provide the AI-generated report, the Second opinion and/or other Services we offer.
To improve customer service. Information you provide helps us respond to your customer service requests and support needs more efficiently.
Processing and completing transactions, including verifying payments, and sending you related information, including purchase confirmations and invoices and important notices.
To improve the Website. We may use feedback you provide to improve the Services and the Website.
To conduct research using your Information, which may be subject to your separate written authorization.
To send you information about additional services from us or on behalf of our affiliates.
To contact you when necessary, including to remind you of upcoming or follow-up appointments, and in conjunction with your use of certain Interactive Tools and/or Services
Increasing the number of users who use Website and Services through marketing and advertising.
Sending commercial communications, in line with your communication preferences, about products and services, features, newsletters, offers, promotions, and events.
Carrying out our obligations and enforcing our rights arising from any contracts entered into between you and us, including for billing and collection.
For any other purposes disclosed to you at the time we collect your information pursuant to your consent, subject to any applicable limitation set forth under HIPAA and the HIPAA NPP.
We may use the Information to customize and tailor your experience on the Website, in emails and in other communications, displaying content that we think you might be interested in and according to your preferences.
Sharing of Information
Authorized third-party vendors and service providers. We may share the Information with third-party vendors and service providers that help us with specialized services, including billing, payment processing, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct mail, mobile marketing, optimization and retargeting) advertising, performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use the Information for purposes other than those related to the services they are providing to us.
Medical Experts. We may share the Information with the Medical Experts chosen by the Registered Users in relation to the Second opinion requested by the latter.
Corporate affiliates. We may share the Information with our affiliates.
Business Transfers. HIPAA permits organizations to transfer PHI in certain circumstances. We can transfer the Information as part of a transfer of the assets of the Docus, merger, or consolidation or in the unlikely event of bankruptcy if such transfer is permissible under HIPAA and the HIPAA Notice.
Protected Health Information. We may transfer your PHI as described in the HIPAA Notice and permitted under HIPAA.
With your consent or at your direction. We may share the Information for any other purposes disclosed to you at the time we collect the Information or pursuant to your consent or direction.
We do not sell, trade, or rent your Information to others.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
You may choose not to provide us with any Personal or Medical information. In such an event, you can still access and use parts of the Website; however, you will not be able to access and use those portions of the Website and/or Services that require your Personal or Medical information. We will not intentionally send you email newsletters and marketing emails unless you consent to receive such marketing information. After you request to receive these emails, you may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email. If you opt out, you may continue to receive text messages for a short period while Docus processes your request, and you may also receive text messages confirming the receipt of your opt-out request. Opting out of receiving operational messages may impact the functionality that the Docus provides to you. You may not be able to opt-out from certain operational communication, which is strictly necessary to provide the Services to you, such as payment confirmation emails or password reset requests and other communications of similar nature.
You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “Help” section).
You may request that we delete your personal information by sending us an email at [email protected]. We will delete such information unless we are required to maintain information in accordance with applicable law.
Your Protected Health Information
You understand that not all Information you share on the Website is subject to legal protection under the Health Insurance Portability and Accountability Act (“HIPAA”).
To the extent that your Personal Information and/or Medical Information constitutes protected health information, as defined in 45 CFR § 160.103 (“Protected Health Information”), we will use and disclose such Protected Health Information only in accordance with HIPAA. Your rights regarding such Protected Health Information include:
Right to access your Protected Health Information. You have the right to review or obtain copies of your Protected Health Information records. Your request to review and/or obtain a copy of your Protected Health Information records must be made in writing. We may charge a fee for the costs of producing, copying and mailing your requested information, but we will inform you of the cost in advance.
Right to amend your Protected Health Information. If you feel that your Protected Health Information maintained by us is incorrect or incomplete, you may request that we amend the information. Your request must be made in writing and must include the reason you are seeking a change. We may deny your request if, for example, you ask to amend a record that is already accurate and complete. If we deny your request to amend, we will notify you in writing. You then have the right to submit to us a written statement of disagreement and we may rebut that statement.
Right to an accounting of disclosures. You have the right to request an accounting of disclosures we have made of your Protected Health Information. The list will not include our disclosures related to your treatment, our payment or health care operations, or disclosures made to you or with your authorization. The list may also exclude certain other disclosures, such as for national security purposes.
Right to request restrictions on the use and disclosure of your Protected Health Information. You have the right to request that we restrict or limit how we use or disclose your Protected Health Information for treatment, payment or healthcare operations.
Right to receive confidential communications. By using the Website or the Services, you have consented to receive any confidential communications from Us as electronic communications which shall be made and can be accessed through the Website.
Right to receive notification of a breach of your Protected Health Information. In the event of a breach of your Protected Health Information, you have the right to receive notification of such breach. You have consented to receive such notification through an electronic communication through the Website.
By visiting, submitting Information to and/or using the Website or any of the Services and to the extent that your Personal Information and/or Medical Information constitutes Protected Health Information, the User and the Main User (where applicable) each (collectively referred to as the “User”):
authorize the Docus to store all Personal Information, Medical Information, Records, recordings of Video call, and any other information and/or data that could constitute the User’s PHI. The User has the right to view all such information online.
authorize the Docus to release certain Personal and/or Medical information, including PHI, to a third party when required by applicable law or court order or to respond to civil subpoenas and/or other legal processes.
authorize the Docus to use the Personal Information, Medical Information, Records, and any other information and/or data that could constitute the User’s PHI, as needed as determined by the Docus in order to provide the Second opinion.
authorize the Second opinion Medical Expert to consult with another physician and disclose the User’s Personal Information, Medical Information, Records, and any other information and/or data that could constitute the User’s PHI, at the discretion of the Second opinion Medical Expert, in order to provide the Second opinion.
agree and acknowledge the Docus may review the User’s Personal Information, Medical Information, Records, and Video call recordings from prior to and after the User’s interaction with the Website, for, among other purposes, reviewing the quality of Service the User received, reviewing the quality of Service provided by the Medical Expert, as applicable. The Docus will take care to minimize personally identifying information in this process. The Docus may also use anonymous information gathered, including information from the Patient’s Medical Information and Records, to generate conclusions about the healthcare process, particular conditions, and other matters. The Docus, its Medical Experts and researchers may publish this anonymous information in journals, websites and other locations. However, The Docus will not publish the name or any identifying information about the User; the Docus will use only anonymous data for any public purpose.
The security of your Personal Information and Information is important to us. We follow generally accepted industry standards and adopt appropriate data collection, storage and processing practices, and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal information, username, password, transaction information, and data stored on the Website.
Sensitive and private data exchange between you and the Website occurs via using Third-party Websites and Services using security measures, encryption technology and data collection methods as indicated in their privacy policies.
You have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password. If you believe your credentials have been compromised, please change your password. Please notify us immediately of any actual or suspected unauthorized use. Please also notify us immediately if your Contact Data is lost, stolen, or used without permission. In such an event, we will remove that Contact Data from your account and update our records accordingly.
Any information that you may reveal in a review posting or other online discussion or forum is intentionally open to the public and is not in any way private. You should think carefully before disclosing any personally identifiable information in any public forum. What you have written may be seen and/or collected by third parties and may be used by others in ways we are unable to control or predict.
Third-party Websites and social media
The Docus does not share your personal information with these websites and is not responsible for their privacy practices.
Your GDPR rights
Solely to the extent applicable to us, if you are subject to General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, or “GDPR”) the GDPR, you may have certain rights and protections about the collection, sharing, and use of your Personal Information (or “Personal Data” as defined under the GDPR) including as follows:
Right to Access Your Personal Data: You can ask us for a copy of the Personal Data we have about you.
Right to Rectification/Correction: You can also ask us to change, correct, or update your Personal Data in certain cases, especially if it is inaccurate.
Right to Erasure/Right to be Forgotten: You can ask us to stop using or erase all or some of your Personal Data (if we have no legal right to keep using it).
Right to Data Portability: You can ask us for a copy of the Personal Data you provided to us in a commonly used and machine-readable format.
Right to Object or Restrict Processing: You can object to or ask us to restrict processing under certain circumstances.
For the purposes of this Acknowledgment, the Docus operates as a data processor