Privacy Policy
This Privacy Policy applies to the Punto Health Platform, which includes mobile apps, iPad apps, and web apps (collectively, “we,” “us,” or “our”). This policy outlines how we collect, use, process, and safeguard personal information. By using the platform, you agree to the practices described herein.
1. Information We Collect
We collect, store, and process different types of information when you interact with the Punto Health Platform. In some cases, we may only process information on behalf of the clinic or health study, rather than collect it ourselves.
a. User Data
We may collect and process the following user data:
- Name
- Email address
- Contact details
- Login information (e.g., username, password, or authentication tokens)
- Usage data and preferences
b. Patient Data
Patient data is processed on behalf of clinics using our platform:
- Personal identifiers (e.g., name, date of birth)
- Medical records, health information, and treatment details
Patient data is owned by the clinic that provides it, and we process this data on their behalf in accordance with their instructions.
c. Health Research Study Participants
If you are using the Punto Test Clinic or Punto Test apps, you are participating in a health study. As part of this study:
- You have provided informed consent for data collection and storage.
- The study has been reviewed and approved by an ethics committee.
- The data collection complies with App Store health research disclosure rules.
2. How We Use Your Information
We use your data for the following purposes:
- User Data: To manage accounts, provide access to services, and communicate with you.
- Patient Data: To provide clinics with patient information and medical records for treatment and management purposes.
- Health Research Data: To support health studies, in compliance with ethical standards and the informed consent process.
We also store and process login data for authentication and security purposes across the platform.
3. Data Storage and Services
Your data is stored in our Firestore database as part of the Firebase services. We also use Firebase Cloud Functions for automated processing and service management. Data may be passed across the platform, meaning that data entered on one device (e.g., iPad) may be accessible from other parts of the platform (e.g., web).
4. GDPR Compliance
We comply with the General Data Protection Regulation (GDPR). This means:
- We ensure that any personal data we process is done lawfully, transparently, and for legitimate purposes.
- You have the right to access, correct, or delete your personal data, subject to legal obligations.
- If you are located within the European Economic Area (EEA), your data may be transferred to and processed outside the EEA, but only with adequate safeguards in place, such as Standard Contractual Clauses.
5. Sharing of Information
We may share your information in the following circumstances:
- With clinics: Patient data is shared with the clinic that owns it for medical care and treatment purposes.
- With third-party providers: We may share your data with services such as Firebase and Sanity for operational needs.
- Legal compliance: We may disclose your information if required by law or to protect our rights, privacy, safety, or property.
6. Data Security
We implement strict security measures to safeguard your data, including encryption, secure storage, and regular security audits. Data stored in our Firestore databases is encrypted, and Firebase Cloud Functions help automate secure data processing.
7. Data Retention
We retain personal data as long as necessary for the purposes outlined in this Privacy Policy. For health studies, data is retained for the duration of the study and in accordance with ethical guidelines and legal obligations.
8. Analytics and Usage Data
We use analytics tools to collect and process data about how you use our platform. This helps us understand usage trends, improve our services, and enhance product performance. The types of analytics data we collect may include:
- Device information (e.g., device type, operating system)
- App usage statistics (e.g., features used, time spent in the app)
- Performance metrics (e.g., app crash reports, load times)
- Interaction data (e.g., button clicks, page views)
This data is collected and processed in an aggregated and anonymized form, meaning it cannot be used to identify you personally. We use this information to:
- Analyze and improve the functionality and user experience of our platform
- Identify and fix technical issues
- Develop new features based on user behavior and preferences
- Make data-driven decisions about product development
We may use third-party analytics providers to help us collect and analyze this data. These providers are bound by confidentiality obligations and are not permitted to use the data for any other purpose.
You can opt out of certain analytics tracking through your device or app settings. However, please note that opting out may impact our ability to provide you with the best possible user experience.
9. User Rights
Under GDPR, you have the following rights:
- Access: Request access to your personal data.
- Correction: Request corrections to any inaccurate or incomplete data.
- Deletion: Request the deletion of your personal data, subject to certain legal exceptions.
- Data Portability: Request a copy of your data in a portable format.
For patient data, requests regarding access or deletion should be directed to the clinic that owns the data.
10. International Data Transfers
As we use Firebase and Sanity, which operate on a global scale, your data may be transferred outside of your country of residence. These transfers are safeguarded by appropriate legal mechanisms, including Standard Contractual Clauses for data transfers outside the EEA.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time, and any updates will be reflected with a new “Effective Date.” Please review this policy regularly.
12. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at:
info@puntohealth.com