Privacy Policy

At Nexus, we are committed to protecting your privacy and maintaining the security of your information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website or use our services. This policy is designed to comply with HIPAA, GDPR, CCPA, and other applicable privacy regulations.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, job title, and organization name when you request a demo, contact us, or sign up for our services.
• Account Information: Username, password, and organization details when you create an account.
• Communication Data: Information in emails, messages, or other communications you send to us.

1.2 Health Information (PHI)

As a healthcare technology provider, we may process Protected Health Information (PHI) as defined under HIPAA when you use our radiology quality assurance platform. This may include:

• De-identified medical imaging data and metadata
• Diagnostic reports and clinical findings
• Healthcare provider information
• Patient identifiers (only as necessary for service delivery and in compliance with HIPAA)

HIPAA Compliance: When we process PHI on behalf of a covered entity or business associate, we do so only as permitted by a signed Business Associate Agreement (BAA). We implement appropriate administrative, physical, and technical safeguards to protect PHI as required by HIPAA.

1.3 Automatically Collected Information

When you visit our website, we automatically collect certain information:

• Usage Data: Pages visited, time spent, links clicked, and navigation patterns.
• Device Information: IP address, browser type, operating system, device identifiers.
• Cookies and Tracking Technologies: See Section 3 for details.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

• Provide, maintain, and improve our radiology quality assurance platform
• Process and analyze medical imaging data to provide AI-powered triage and quality assurance
• Generate diagnostic insights and compliance reports
• Provide customer support and respond to inquiries

2.2 Business Operations

• Communicate with you about our services, updates, and security alerts
• Process transactions and send related information
• Monitor and analyze usage patterns to improve our services
• Detect, prevent, and address technical issues and security threats

2.3 Legal and Compliance

• Comply with legal obligations, including HIPAA, FDA regulations, and other healthcare laws
• Respond to legal requests and prevent harm
• Enforce our terms and policies
• Maintain audit logs for regulatory compliance

2.4 Research and Development

• Improve our AI algorithms and machine learning models using de-identified data
• Conduct internal research and product development
• Publish aggregated, anonymized research findings

Note: Any use of PHI for research purposes requires appropriate authorization or de-identification in accordance with HIPAA standards.

3. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect and store information about your interaction with our website and services.

3.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality, including authentication and security.
• Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics).
• Functional Cookies: Remember your preferences and settings.

3.2 Your Cookie Choices

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality. We do not use cookies to track PHI or clinical data.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud infrastructure providers (with signed BAAs for PHI)
• Analytics and performance monitoring services
• Customer support platforms
• Payment processors

All service providers are contractually obligated to maintain the confidentiality and security of your information and may only use it for the purposes we specify.

4.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose information when required by law, regulation, legal process, or governmental request, including:

• Compliance with subpoenas or court orders
• Protection of our rights, property, or safety
• Investigation of fraud or security issues
• Enforcement of our terms and policies

4.4 With Your Consent

We may share information for any other purpose disclosed to you and with your consent.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access control (RBAC) and multi-factor authentication
• Network Security: Firewalls, intrusion detection/prevention systems
• Vulnerability Management: Regular security assessments and penetration testing

5.2 Administrative Safeguards

• Security awareness training for all employees
• Background checks for personnel with access to PHI
• Incident response and breach notification procedures
• Regular security audits and risk assessments

5.3 Physical Safeguards

• SOC 2 Type II certified data centers
• Physical access controls and monitoring
• Secure disposal of hardware and media

Despite our efforts, no security measures are perfect. We cannot guarantee absolute security of your information.

6. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights:

6.1 HIPAA Rights (for PHI)

If we process your PHI under a BAA, you have rights under HIPAA including:

• Right to Access: Request a copy of your PHI
• Right to Amendment: Request corrections to your PHI
• Right to Accounting: Request a list of certain PHI disclosures
• Right to Restriction: Request restrictions on certain uses and disclosures

To exercise these rights, contact the covered entity (your healthcare provider or organization) that we serve. We will cooperate with your provider to fulfill these requests.

6.2 GDPR Rights (for EU/EEA Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate information
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing of your data
• Right to Restrict Processing: Request limitation of processing

6.3 CCPA Rights (for California Residents)

• Right to Know: What personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise

6.4 How to Exercise Your Rights

To exercise any of these rights, contact us at: info@hiveomics.com

We will respond to your request within the timeframe required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

• Account Information: Retained while your account is active, plus 7 years after closure for regulatory compliance
• PHI: Retained in accordance with HIPAA requirements (typically 6 years from creation or last use) and any applicable state laws
• Audit Logs: Retained for 7 years to meet regulatory requirements
• Marketing Data: Retained until you opt-out or as required by law

7.2 Secure Deletion

When we no longer need your information, we securely delete or anonymize it in accordance with industry standards and regulatory requirements.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your country.

When we transfer personal data from the EU/EEA to other countries, we use appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us, and we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notification to registered users
• Displaying a prominent notice on our website

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Supervisory Authority: If you are located in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.