Privacy Policy

Last revised: 26 March 2024

Introduction

The Docus cares about data privacy and security and is committed to fair information practices and to the protection of privacy.

This Privacy Policy explains the manner in which Docus, Inc. (hereinafter – the “Docus”, “we”, “us” or “our”) collects, stores, uses and/or discloses (collectively “process”) information collected from www.docus.ai website (the “Website”), as well as you can control your information.

This Privacy Policy applies to the Website and services available through the Website (the “Services”) and complies with the Health Insurance Portability and Accountability Act of 1996 and related state laws relating to health data security (collectively, “HIPAA”). Although our Services may not include the specific transactions to which HIPAA may apply, we have nonetheless decided to operate in compliance with HIPAA and to ensure that medical specialists or professionals who work with the Docus (the “Medical Expert”) do so as well.

Unless the context otherwise requires or unless otherwise expressly defined herein, the terms defined in Terms of Use shall have the same meanings whenever used in this Privacy Policy. The Users of the Website or the Services (including visitors and registered users (the “Registered User”) of the Website) are collectively referred below as “Users”, “you”, “your” or “yours”. Any reference in this Privacy Policy made to the Users is also a reference to the Main Users unless otherwise noted.

Your use of the Website is governed by this Privacy Policy and the Terms of Use (the “Terms”).

By using the Website, you signify your acceptance of this Privacy Policy and Terms of Use. You also agree, acknowledge and/or represent that you have reviewed this Privacy Policy; you understand your rights and how the Docus may use and disclose personally identifiable health information that identifies you (and the Main User if applicable) under HIPAA, GDPR or other applicable laws and regulations; and give your consent to let the Docus use and disclose personally identifiable health information and other Information about you (and the Main User) as described in this Privacy Policy. You can revoke your consent in writing at any time.

If you do not agree to this Privacy Policy, please do not use the Website and/or the Services.

Collection of Information

We may collect the following kinds of information (collectively – the “Information”) when you access, visit, request, procure, receive, obtain, use, or otherwise utilize (“use”) the Website and/or the Services:

Information automatically collected

We automatically track and collect the following categories of information when you visit and/or anyhow interact with the Website: (1) IP addresses; (2) domain servers; (3) types of computers accessing the Website; (4) types of web browsers used to access the Website; (5) referring source which may have sent you to the Website; and (6) other information associated with the interaction of your browser and the Website (collectively the “Traffic Data”). Some of the tools we use to automatically collect information about you may include:

  1. Cookies. “Cookies” are small computer files that are transferred to your computer's hard drive that contain information such as user ID, user preferences, lists of pages visited and activities conducted while browsing the Website. Generally, we use "cookies" to customize your experience on our Website and to store your password so you do not have to re-enter it each time you visit the Website. At your option, expense and responsibility, you may block cookies or delete cookies from your hard drive. However, by disabling cookies, you may not have access to the entire set of features of the Website.

  2. Google Analytics. The Website sends aggregated, non-Personal Information to Google Analytics for the purpose of providing us with the ability to conduct technical and statistical analysis on the Website’s performance. For more information on ho w Google Analytics supports the Website and uses information sent from the Website, please review Google’s privacy policy available at https://policies.google.com/technologies/partner-sites.

  3. Web Beacons. A Web Beacon is an electronic image. Web Beacons can track certain things from your computer and can report activity back to a web server allowing us to understand some of your behavior. If you choose to receive emails from us, we may use Web Beacons to track your reaction to our emails. We may also use them to track if you click on the links and at what time and date you do so. Some of the third-party marketers we engage with may use Web Beacons to track your interaction with online advertising banners on our Website. This information is only collected in aggregate form and will not be linked to your Personal Information. Please note that any image file on a webpage can act as a Web Beacon.

  4. Embedded Web Links. Links provided in our emails and, in some cases, on third-party websites may include tracking technology embedded in the link. The tracking is accomplished through a redirection system. The redirection system allows us to understand how the link is being used by email recipients. Some of these links will enable us to identify that you have personally clicked on the link and this may be attached to the Personal Information that we hold about you. This data is used to improve our service to you and to help us understand the performance of our marketing campaigns.

  5. Third-party Websites and Services. We work with a number of service providers of marketing communications technology. These service providers may use various data collection methods to improve the performance of the marketing campaigns we are contracting them to provide. The information collected can be gathered on our Website and also on the websites where our marketing communications are appearing. For example, we may collect data where our banner advertisements are displayed on third-party websites.

Information You Provide to Us

The information that you provide in each case will vary. In some cases, you may be able to provide Personal Information via email or free text boxes, such as when contacting the Docus to request further information.

We may ask you to create a username and password that should only be known to you. When providing information, please provide only relevant information and do not provide unnecessary sensitive information, such as Social Security numbers, or other sensitive personal, medical or financial data unless required for delivery of the Services. The User is not required to provide, submit or share any personally identifiable information and/or direct identifiers of the User in order to use the Website and/or the Services and/or the Data (including, without limitation, the AI-generated report and/or the Second opinion), except for the information required for creating an account on the Website. Additionally, individually identifiable health information shall not be uploaded, shared and/or provided to the Docus and/or the Medical Expert, any and all direct identifiers of the User, such as name, address, or any other details that could identify an individual, should be removed before such information submitted to the Website and/or sharing with the Medical Expert.

Information you provide to us includes, without limitation the following:

Personal Information

You are not obligated to create an account on the Website in order to access or use the Website and/or the Data. However, some Services are only available to the Users who are eligible to and have created an account on the Website and/or have subscribed to the Services (the “Registered Users”).

The Docus requires the Registered Users and/or Users requesting the Second opinion as defined in theTerms of Use to provide the Docus with certain information that personally identifies you, including but not limited to your email address (the “Personal Information”).

Personal Information includes the following categories of information: (1) Contact Data (such as your e-mail address, the Docus account password); (2) Demographic Data (such as your gender, age, your date of birth); (4) Medical Data (such as any medical information you choose to share with us).

We will collect your Personal Information only if you voluntarily submit such information to us. You can always refuse to supply such personal identification information, except that it may prevent you from engaging in certain Website-related activities, including but not limited to requesting and/or receiving the Services.

Medical records

In order to request, procure, receive, obtain, use, or otherwise utilize the chat with AI Health Assistant and/or AI-generated report and/or the Second opinion as defined in the Terms of Use and/or features and Services directly related to the foregoing you may be required to provide us with past and current health records, medical reports, records, images, diagnostic test results, laboratory results, test results, health-related information, a description of symptoms, a medical history, lifestyle descriptions, information regarding a medical condition, history, symptoms, medications, diagnoses, treatments, and other related relevant medical information and/or documentation, including any and all reports by the physician who has made the medical diagnosis, or has otherwise evaluated and/or treated the User (the Main User where applicable)(collectively, the “Medical Information”).

We will collect your Medical Information only if you voluntarily submit such information to us. You can always refuse to supply such information, except that it may prevent you from engaging in certain Website-related activities, including but not limited to requesting and/or receiving the Services.

Other information

We also collect other information, some of which may be Personal Information and/or Medical Information that you voluntarily provide to us when you choose to use some of the Website's interactive tools and Services, such as searching for the Medical Experts, the information you provide voluntarily in free-form text boxes on the Website and through responses to surveys, questionnaires and the like.

We recommend you remove all information that could directly identify you. This includes your name, address, contact information, social security number, medical record number, and any other personal identifiers. If you need to share a medical report or other documents, ensure that all personal identifiers are redacted. This can be done by blacking out the information or using an online tool to remove it.

Payment data

You are not required to enter your credit card information unless and until you decide to continue with a paid subscription to our Services or for receiving a Second opinion. In order to process your payment Information, we use PCI-compliant third-party processors, which collect payment information on our behalf in order to complete transactions.

This information is processed by our payment service provider and we receive a confirmation of payment, which we then associate with your Account Information and any relevant transactions. While our administrators are able to view and track actual transactions via customer portals, we do not have access to, or process, your credit card information.

In the case of corporate Customers, other payment methods (e.g. wire transfer) may be availed to you. In the case of corporate Customers, if we availed of other payment methods, we may request your bank information to process refunds, if any.

Information Provided on Behalf of Children

The Docus does not collect information from children under the age of 13 in accordance with the Children's Online Privacy Protection Act ("COPPA") as indicated in this Privacy Policy and the Terms.

Children's Online Privacy Protection Act

COPPA severely restricts what information can be collected from children under the age of 13. For this reason, we do not knowingly allow individuals under the age of 21 to create accounts that allow access to the Services and/or the Website, and children under the age of 21 in the United States are prohibited from using the Website. The Website, as well as the Services and/or the data available through the Website (the “Data”) are not intended for the Users under the age of 21. If you are under 21 years of age, please do not use or access the Website at any time or in any manner. By using the Website, you affirm that you are over the age of 21.

If you are a parent or guardian and discover that your child under the age of 21, or equivalent minimum age depending on the jurisdiction, has obtained an account on the Website, then you may alert us at the contact information below under “Contact Us”, and request that we delete that child’s personal information from our systems. If we learn that we have collected the personal information of a child under 21, or equivalent minimum age depending on jurisdiction, outside the above circumstances we will use any such information only to respond directly to that child (or a parent or legal guardian) to inform them that they cannot use the Services and subsequently we will take steps to delete the information as soon as possible, except where prohibited by applicable law.

Use of collected Information

We may collect and use your personal information for the following purposes:

  • To provide, analyze and improve the Services. We may request Personal and Medical Information that is necessary for us to provide the AI-generated report, the Second opinion and/or other Services we offer.

  • To improve customer service. Information you provide helps us respond to your customer service requests and support needs more efficiently.

  • Processing and completing transactions, including verifying payments, and sending you related information, including purchase confirmations and invoices and important notices.

  • To improve the Website. We may use feedback you provide to improve the Services and the Website.

  • To conduct research using your Information, which may be subject to your separate written authorization.

  • To prevent potentially prohibited or illegal uses and/or activities on and through the Website and otherwise in accordance with the Terms of Use.

  • To send you information about additional services from us or on behalf of our affiliates.

  • To contact you when necessary, including to remind you of upcoming or follow-up appointments, and in conjunction with your use of certain Interactive Tools and/or Services

  • Increasing the number of users who use Website and Services through marketing and advertising.

  • Sending commercial communications, in line with your communication preferences, about products and services, features, newsletters, offers, promotions, and events.

  • Carrying out our obligations and enforcing our rights arising from any contracts entered into between you and us, including for billing and collection.

  • Providing information to regulatory bodies when legally required, and only as outlined in this Privacy Policy.

  • For any other purposes disclosed to you at the time we collect your information pursuant to your consent, subject to any applicable limitation set forth under HIPAA and the HIPAA NPP.

We may use the Information to customize and tailor your experience on the Website, in emails and in other communications, displaying content that we think you might be interested in and according to your preferences.

Sharing of Information

We share certain categories of Information we collect in the ways described below and in this Privacy Policy:

  • Authorized third-party vendors and service providers. We may share the Information with third-party vendors and service providers that help us with specialized services, including billing, payment processing, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct mail, mobile marketing, optimization and retargeting) advertising, performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use the Information for purposes other than those related to the services they are providing to us.

  • Medical Experts. We may share the Information with the Medical Experts chosen by the Registered Users in relation to the Second opinion requested by the latter.

  • Corporate affiliates. We may share the Information with our affiliates.

  • Legal purposes. We may disclose the Information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries; to protect and defend the rights, interests, health, safety, and security of the Docus, our affiliates, the Users, the Medical Experts, or the public and/or to enforce the Terms of Use.

  • Business Transfers. HIPAA permits organizations to transfer PHI in certain circumstances. We can transfer the Information as part of a transfer of the assets of the Docus, merger, or consolidation or in the unlikely event of bankruptcy if such transfer is permissible under HIPAA and the HIPAA Notice.

  • Protected Health Information. We may transfer your PHI as described in the HIPAA Notice and permitted under HIPAA.

  • With your consent or at your direction. We may share the Information for any other purposes disclosed to you at the time we collect the Information or pursuant to your consent or direction.

We do not sell, trade, or rent your Information to others.

Keeping Information

We will only keep your Personal information for as long as it is necessary for the purposes set out in this Privacy Policy unless a longer retention period is required or permitted by applicable law (such as tax, accounting, or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

User Choice

You may choose not to provide us with any Personal or Medical information. In such an event, you can still access and use parts of the Website; however, you will not be able to access and use those portions of the Website and/or Services that require your Personal or Medical information. We will not intentionally send you email newsletters and marketing emails unless you consent to receive such marketing information. After you request to receive these emails, you may opt out of them at any time by selecting the “unsubscribe” link at the bottom of each email. If you opt out, you may continue to receive text messages for a short period while Docus processes your request, and you may also receive text messages confirming the receipt of your opt-out request. Opting out of receiving operational messages may impact the functionality that the Docus provides to you. You may not be able to opt-out from certain operational communication, which is strictly necessary to provide the Services to you, such as payment confirmation emails or password reset requests and other communications of similar nature.

You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “Help” section).

You may request that we delete your personal information by sending us an email at info@docus.ai. We will delete such information unless we are required to maintain information in accordance with applicable law.

Your Protected Health Information

You understand that not all Information you share on the Website is subject to legal protection under the Health Insurance Portability and Accountability Act (“HIPAA”).

To the extent that your Personal Information and/or Medical Information constitutes protected health information, as defined in 45 CFR § 160.103 (“Protected Health Information”), we will use and disclose such Protected Health Information only in accordance with HIPAA. Your rights regarding such Protected Health Information include:

  • Right to access your Protected Health Information. You have the right to review or obtain copies of your Protected Health Information records. Your request to review and/or obtain a copy of your Protected Health Information records must be made in writing. We may charge a fee for the costs of producing, copying and mailing your requested information, but we will inform you of the cost in advance.

  • Right to amend your Protected Health Information. If you feel that your Protected Health Information maintained by us is incorrect or incomplete, you may request that we amend the information. Your request must be made in writing and must include the reason you are seeking a change. We may deny your request if, for example, you ask to amend a record that is already accurate and complete. If we deny your request to amend, we will notify you in writing. You then have the right to submit to us a written statement of disagreement and we may rebut that statement.

  • Right to an accounting of disclosures. You have the right to request an accounting of disclosures we have made of your Protected Health Information. The list will not include our disclosures related to your treatment, our payment or health care operations, or disclosures made to you or with your authorization. The list may also exclude certain other disclosures, such as for national security purposes.

  • Right to request restrictions on the use and disclosure of your Protected Health Information. You have the right to request that we restrict or limit how we use or disclose your Protected Health Information for treatment, payment or healthcare operations.

  • Right to receive confidential communications. By using the Website or the Services, you have consented to receive any confidential communications from Us as electronic communications which shall be made and can be accessed through the Website.

  • Right to receive notification of a breach of your Protected Health Information. In the event of a breach of your Protected Health Information, you have the right to receive notification of such breach. You have consented to receive such notification through an electronic communication through the Website.

  • Right to a paper copy of this Privacy Policy. You have a right at any time to request a paper copy of this Privacy Policy, even if you had previously agreed to receive an electronic copy.

By visiting, submitting Information to and/or using the Website or any of the Services and to the extent that your Personal Information and/or Medical Information constitutes Protected Health Information, the User and the Main User (where applicable) each (collectively referred to as the “User”):

  • authorize the Docus to store all Personal Information, Medical Information, Records, recordings of Video call, and any other information and/or data that could constitute the User’s PHI. The User has the right to view all such information online.

  • authorize the Docus to release certain Personal and/or Medical information, including PHI, to a third party when required by applicable law or court order or to respond to civil subpoenas and/or other legal processes.

  • authorize the Docus to use the Personal Information, Medical Information, Records, and any other information and/or data that could constitute the User’s PHI, as needed as determined by the Docus in order to provide the Second opinion.

  • authorize the Second opinion Medical Expert to consult with another physician and disclose the User’s Personal Information, Medical Information, Records, and any other information and/or data that could constitute the User’s PHI, at the discretion of the Second opinion Medical Expert, in order to provide the Second opinion.

  • agree and acknowledge the Docus may review the User’s Personal Information, Medical Information, Records, and Video call recordings from prior to and after the User’s interaction with the Website, for, among other purposes, reviewing the quality of Service the User received, reviewing the quality of Service provided by the Medical Expert, as applicable. The Docus will take care to minimize personally identifying information in this process. The Docus may also use anonymous information gathered, including information from the Patient’s Medical Information and Records, to generate conclusions about the healthcare process, particular conditions, and other matters. The Docus, its Medical Experts and researchers may publish this anonymous information in journals, websites and other locations. However, The Docus will not publish the name or any identifying information about the User; the Docus will use only anonymous data for any public purpose.

Medical Experts

Medical Experts and their agents should be particularly aware of their obligations of the User confidentiality, including without limitation their obligations under the Health Insurance Portability and Accountability Act ("HIPAA"), both in communicating with the Docus and in responding to a review of the Services posted on the Website. The Docus does not have, and will not accept, any obligations of confidentiality with respect to any communications other than those expressly stated in this Privacy Policy and the Terms of Use. The Docus Agreements with the Medical Experts, among other things, impose strict Confidentiality obligations on Medical Experts.

Security

The security of your Personal Information and Information is important to us. We follow generally accepted industry standards and adopt appropriate data collection, storage and processing practices, and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal information, username, password, transaction information, and data stored on the Website.

Sensitive and private data exchange between you and the Website occurs via using Third-party Websites and Services using security measures, encryption technology and data collection methods as indicated in their privacy policies.

Although we make good faith efforts to store Personal Information and Information in a secure operating environment that is not open to the public, you should understand that there is no such thing as complete security, and we do not guarantee that there will be no unintended disclosures of your Personal Information and Information. If we become aware that your Personal Information and Information has been disclosed in a manner not in accordance with this Privacy Policy, we will use reasonable efforts to notify you of the nature and extent of the disclosure (to the extent we know that information) as soon as reasonably possible and as permitted by law.

You have a responsibility, as well, to safeguard your information through the proper use and security of any online credentials used to access your Personal Information, such as a username and password. If you believe your credentials have been compromised, please change your password. Please notify us immediately of any actual or suspected unauthorized use. Please also notify us immediately if your Contact Data is lost, stolen, or used without permission. In such an event, we will remove that Contact Data from your account and update our records accordingly.

Public Information

Any information that you may reveal in a review posting or other online discussion or forum is intentionally open to the public and is not in any way private. You should think carefully before disclosing any personally identifiable information in any public forum. What you have written may be seen and/or collected by third parties and may be used by others in ways we are unable to control or predict.

Third-party Websites and social media

This Privacy Policy is only applicable to the Website, and not to any websites that you may be able to access from the Website or any other website (the “third-party websites”), each of which may have data collection, storage, and use practices and policies that may differ materially from this Privacy Policy. Some websites may have the look and feel of the Website. Please be aware that you may be on a different site and that this Privacy Policy only covers the Website. Should you decide to visit one of these third-party websites, we suggest that you read their privacy policy.

The Docus does not share your personal information with these websites and is not responsible for their privacy practices.

International Users

We maintain and process the Information in the United States of America and in accordance with the laws of the United States, which may not provide the same level of protection as the laws in your jurisdiction. By using the Services and providing us with information, you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than the United States, that you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.

Your GDPR rights

Solely to the extent applicable to us, if you are subject to General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, or “GDPR”) the GDPR, you may have certain rights and protections about the collection, sharing, and use of your Personal Information (or “Personal Data” as defined under the GDPR) including as follows:

  1. Right to Access Your Personal Data: You can ask us for a copy of the Personal Data we have about you.

  2. Right to Rectification/Correction: You can also ask us to change, correct, or update your Personal Data in certain cases, especially if it is inaccurate.

  3. Right to Erasure/Right to be Forgotten: You can ask us to stop using or erase all or some of your Personal Data (if we have no legal right to keep using it).

  4. Right to Data Portability: You can ask us for a copy of the Personal Data you provided to us in a commonly used and machine-readable format.

  5. Right to Object or Restrict Processing: You can object to or ask us to restrict processing under certain circumstances.

For the purposes of this Acknowledgment, the Docus operates as a data processor

Updates and Changes to Privacy Policy

We reserve the right, at any time, to add to, change, update, or modify this Privacy Policy, so please review it frequently. The updated version will be posted on the Website with an indication of an updated “Revised date” and the updated version will be effective upon posting to the Website unless otherwise specified.

We will also notify you of any changes to this Privacy Policy by posting a respective notice on the Website and by e-mailing you, along with a link to the modified policy so that you can review it if we believe that the changes made to it are material. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications.

If you do not agree to this Privacy Policy partially or in full, your sole remedy is to discontinue your use of the Website and the Services and request deletion or delete your account on the Website (if any) immediately. Your continued use of the Website and/or the Services after the effective date of any such changes shall constitute your affirmative acknowledgment of the Privacy Policy, the modification, and agreement to abide and be bound by this Privacy Policy, as amended.

In all cases, use of the information we collect is subject to the Privacy Policy in effect at the time such information is collected.

Contact us

If you have any questions about this Privacy Policy, the practices of the Website, or your dealings with this Website and/or Services available through this Website, or if you wish to exercise any of the rights described above or to submit a complaint regarding this Privacy Policy, contact us at support@docus.ai.

You have the right to submit any complaints regarding this Privacy Policy to the Secretary of the U.S. Department of Health and Human Services. For information on how to submit such a complaint, please visit HIPAA What to Expect.