Conult Health Analytics
Conult Health Analytics

Privacy Policy

Effective Date: September 26, 2025 | Last Updated: September 26, 2025

Conult Health Analytics ("we," "our," "us") values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and safeguard your data when you interact with our website, products, and services. Because we handle sensitive health-related information, we comply with applicable laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the General Data Protection Regulation ("GDPR") for EU users, and other U.S. data privacy regulations.

1. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to our website: people browsing our site, filling out contact forms, or signing up for newsletters.
  • Clients and partners using our services: organizations and professionals who engage Conult Health Analytics for health data analytics.
  • Individuals whose data we process: patients or end-users whose personal or health data we analyze on behalf of our clients.

This policy does not cover third-party websites or services that we do not own or control.

2. Information We Collect

We may collect the following types of information:

a) Personal Identifiable Information (PII)

Examples include your name, email address, phone number, organization name, and job title. We use this to communicate with you, deliver services, and provide support.

b) Health Information (Protected Health Information, "PHI")

This includes data such as medical records, lab results, diagnostic information, demographic details, or patient IDs. We only process PHI under HIPAA-compliant agreements with clients, ensuring strict safeguards.

c) Technical Data

Examples include your IP address, browser type, operating system, cookies, and device identifiers. This helps us secure our systems, understand how users interact with our services, and improve website performance.

d) Usage Data

Information on how you interact with our website and services, such as pages visited, features used, or time spent. This helps us understand user needs and enhance functionality.

e) Sensitive Data

In certain cases, we may collect sensitive categories of data (e.g., race, ethnicity, or biometric data) if it is required for analysis. This is only collected with explicit consent or where legally required.

3. How We Collect Data

  • Directly from you: when you complete forms, create accounts, subscribe to updates, or communicate with us.
  • From clients or partners: when healthcare providers or organizations securely share PHI with us for analytics services.
  • Automatically through technology: via cookies, log files, or analytics tools when you browse our site or use our platforms.

4. Legal Bases for Processing (GDPR)

For EU residents, our legal bases include:

  • Consent: where you actively agree to data collection (e.g., signing up for newsletters).
  • Contractual necessity: where data is required to deliver a service you or your organization has contracted for.
  • Legal obligation: where we must comply with laws such as HIPAA.
  • Legitimate interests: where processing is needed for business operations, such as improving services or ensuring cybersecurity, balanced with your privacy rights.

5. How We Use Information

We use your information in the following ways:

  • To provide services: delivering accurate health data analytics and insights to clients.
  • To improve and innovate: conducting research and development on new features, products, and data solutions.
  • For compliance: ensuring adherence to HIPAA, GDPR, and applicable U.S. privacy laws.
  • To communicate with you: answering questions, sending updates, and responding to support requests.
  • For marketing purposes: sending newsletters, promotional content, and service updates (with clear opt-out options).
  • For security and fraud prevention: monitoring activity to detect unauthorized access, misuse, or malicious behavior.

We will never sell your personal or health information.

6. Sharing and Disclosure of Information

We may share data in limited ways:

  • With your consent: for example, if you agree to share your data with a partner or participate in a study.
  • With service providers: trusted vendors who provide IT infrastructure, cloud hosting, analytics, or communications support, under strict confidentiality agreements.
  • With clients (covered entities): PHI is shared with healthcare organizations that engage us, strictly as outlined in HIPAA Business Associate Agreements.
  • For legal reasons: when required by law, subpoena, or government request.
  • During business transactions: such as mergers, acquisitions, or sales, provided that safeguards remain in place to protect your information.

7. HIPAA Compliance

Because we process PHI, we comply with HIPAA requirements by:

  • Signing Business Associate Agreements (BAAs) with covered entities.
  • Using strict administrative, technical, and physical safeguards.
  • Training our employees in HIPAA privacy and security practices.
  • Limiting access to PHI only to authorized staff who need it.
  • Reporting any breaches as required by HIPAA's Breach Notification Rule.

8. Data Retention

We retain personal and health data only for as long as necessary to:

  • Deliver our contracted services.
  • Fulfill legal, regulatory, and compliance obligations.
  • Prevent fraud, resolve disputes, or enforce agreements.

When retention is no longer necessary, data is securely deleted or anonymized.

9. Data Security

We use a multi-layered security approach, including:

  • Encryption of all data in transit and at rest.
  • Strong access controls and multi-factor authentication.
  • Regular vulnerability assessments, audits, and penetration testing.
  • Defined incident response procedures to quickly address potential threats.

10. International Data Transfers

If you access our services outside the U.S., your information may be transferred and stored in the United States. For EU data, we use safeguards such as Standard Contractual Clauses to ensure lawful transfers.

11. Your Rights

Depending on where you are located, you may have the following rights:

  • Right to Access & Portability: you can request a copy of your personal data and, where applicable, receive it in a portable format.
  • Right to Correction: you can ask us to fix inaccurate or incomplete information.
  • Right to Deletion ("Right to be Forgotten"): you can request deletion of your data, unless we are required by law to keep it.
  • Right to Restriction of Processing: you can request that we limit how your data is used in certain circumstances.
  • Right to Object: you may object to certain processing, such as direct marketing.
  • HIPAA Rights: if we process your PHI, you may request restrictions, receive an accounting of disclosures, or obtain a copy of your records.

Requests can be submitted to [email protected].

12. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Enable core website functions (such as secure login).
  • Analyze website performance and usage trends.
  • Personalize user experience and content.

You can control cookies through your browser settings and opt out of non-essential cookies.

13. Children's Privacy

Our services are not directed to children under the age of 13 (or 16 in the EU). We do not knowingly collect or process children's personal information without verified parental consent.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in technology, law, or our business operations. Updates will always be posted here, and the "Effective Date" will be revised accordingly.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, you can contact us at:

📧 [email protected]