We do not share this information, except as explained below under “Third-Party Contractors,” “Business Transitions,” and “Compliance with Law and Prevention of Harm.”

​

Third-Party Contractors – We may use contractors (“Service Providers”) to perform limited services on our behalf, such as hosting websites and providing email services. Service Providers are required to obtain only the Personal Information they need to deliver the service they were hired to perform, to maintain the confidentiality of Personal Information, and not to use Personal Information for any purpose other than the service they were hired to perform.

​

Business Transitions – We may share information with businesses that are legally part of the same group as the Company, or that become part of that group. We reserve the right – in the event of a business transition such as a merger – to transfer Personal Information to a new business owner, on the condition that such Personal Information must be treated in accordance with this Policy.

Compliance with Law and Prevention of Harm – We may disclose your Personal Information or any information submitted via the Services if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce any applicable terms of service, including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to the rights, property or safety of the Company, our users, yourself or the public. We may be required to disclose Personal Information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Third Party Content – The Services may include embedded content (e.g., videos, images, articles, etc.) that are linked from other websites. Embedded content is subject to the privacy policies of such websites, rather than this Policy.

​

Location Access – The Services utilize access to your device's location, both in the foreground and background, to enhance the caregiving experience. This access is crucial to enable caregivers to monitor patients effectively, ensuring their safety and well-being. While background access is recommended for best care, you also may grant only foreground access so you can send your location by opening the Services. Your location data is securely encrypted and used solely for caregiving purposes.

​

Use of Location Data. Location data is used for the following purposes:

• To facilitate real-time patient tracking by designated caregivers.

• To provide location-based reminders and alerts, such as appointment notifications or task completion updates.

• To optimize the Services’ functionality, including displaying the patient’s position accurately on a map.

​

Frequency and Scope of Location Data Collection. We collect location data periodically and continuously when the Services are in use to provide caregivers up-to-date information about the patient’s whereabouts. Data collection is limited to the minimum scope necessary to provide the Services. 

​

User Control. You have control over location data permissions, which you can access through the Services.  You can manage these permissions through the Services’ settings, allowing you to grant or revoke access as needed.

 

Data Retention. We store location information temporarily and only for as long as necessary to fulfil the purpose for which the location information was gathered. 

 

No Location Advertising or Analytics. We do not request location permissions from users for the purpose of advertising or analytics.

 

Notifications - The Services utilize notifications to keep you informed and remind you of important events, including:

​

• Updates on a patient’s calendar or task list.

• Appointment reminders.

• Notifications when a patient arrives at an appointment.

• Alerts when a patient completes tasks or activities.

 

System-Level Controls. You can manage notifications at the system level through your device settings, including Android’s notification settings. 

Personal Information for Notifications. The Services utilize the minimum necessary personal information to tailor notifications.

No Sale of Personal Information – We do not sell Personal Information.

Use, Sharing, and/or Sale of Non-personal Information – We may aggregate data on user behavior with respect to the Services. This data does not enable identification of individual users and is not Personal Information as defined by this Policy. As such, our use, sharing, and/or sale of non-personal Information is not restricted by this Policy. User Choices with Respect to Personal Information Users of the Services may request information about our collection, use, and disclosure
of their information (a “Request to Know”), including:

​

• the categories and specific pieces of Personal Information we have collected about the user;

• the categories of sources from which we have collected the user’s Personal Information;

• the business or commercial purpose for collecting or selling the user’s Personal Information;

• the categories of Personal Information we have sold about the user; and 

• the categories of Third Parties with whom we have shared, disclosed for a business purpose, or sold the user’s Personal Information, and which categories of Personal Information we have sold to which categories of Third Parties.

​

Users may also request that we delete their Personal Information (a “Request to Delete”).

 

Requests to Know

 

Users may submit a Request to Know by completing the form provided at www.simon.health or by emailing us at support@simon.health.

 

Users may submit two types of Requests to Know: (1) A request for the specific pieces of Personal Information that we have collected about you in the past twelve months; or (2) a request for the categories of Personal Information that we have collected about you in the past twelve months, and we have used and disclosed that Personal Information. 

 

When you submit a Request to Know, we may ask you to provide certain pieces of information in order to verify your identity, such as your name, email address, and phone number.  If you submit a Request to Know for the specific pieces of information that we have collected about you, we may also require you to submit a signed declaration under the penalty of perjury stating that you are the consumer whose Personal Information is the subject of the Request to Know. 

 

If we are able to verify your identity, we will respond to your Request to Know by: (a) providing the requested information; or (b) explaining why we are not required to provide the requested information.  If we are unable to verify your identity, we will respond by explaining why we cannot verify your identity.  We will confirm receipt of your Request to Know within 10 days and will respond to your Request to Know within 45 days. If a response requires additional time, we will notify you of the basis for the delay and may extend our response period up to an additional 45 days. 

 

If we provide the information requested, we will provide the information free of charge and in a readily useable portable format.  We have no obligation to provide Personal Information to you more than twice in a 12-month period.  If a Request to Know or series of Requests to Know are manifestly unfounded or excessive, we may charge a reasonable fee for processing the Request(s) to Know, or may refuse to process the Request(s) to Know.

 

Requests to Delete

 

Users may submit a Request to Delete by completing the form provided at www.simon.health or by emailing us at support@simon.health.  When you submit a Request to Delete, we may ask you to provide certain pieces of information in order to verify your identity, such as your name, email address, and phone number.  If we are able to verify your identity, we will respond to your Request to Delete by (a) deleting your Personal Information and, if applicable, directing any of our Service Providers to delete your Personal Information; or (b) explaining why we are not required to delete your Personal Information.  We may choose to delete Personal Information by de-identifying, aggregating, or completely erasing the Personal Information.  We will specify the manner in which we delete your Personal Information. 

 

If a Request to Delete or series of Requests to Delete are manifestly unfounded or excessive, we may charge a reasonable fee for processing the Request(s) to Delete, or may refuse to process the Request(s) to Delete.

​

Additional Rights and Information for Users Residing in the European Union, the United Kingdom, and Switzerland

​

For users outside of the United States, we transfer data from outside countries – including the European Union, the United Kingdom, and Switzerland – to data centers located in the United States for processing. Our processing of Personal Information is intended to be performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Directive), and the implementations of the Directive in local legislation. From May 25, 2018 onward, the Directive and local legislation based on the Directive will be replaced by the Regulations (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of Personal Information and on the free movement of such data, known as the General Data Protection Regulation (“GDPR”). With respect to direct communications with EU residents, we provide the rights required by the GDPR and rely upon such residents’ consent and our legitimate interests in doing business with such residents. With respect to information we may receive from third-parties regarding an EU resident, we rely upon contractual provisions that are in accordance with the GDPR.

​

Please note that the European Commission has the power, pursuant to Article 45 of the GDPR, to determine whether the laws of a country outside the European Union provide an adequate level of data protection. To date, the European Commission has not determined that the state and federal laws of the United States provide European residents an adequate level of data protection.

​

If you are a resident of the European Union, you have several additional rights under the GDPR regarding Personal Information:

​

• You have the right to request an accounting of all Personal Information that we possess that pertains to you in an electronically portable format (e.g., electronic copies of information attached to an email).

• You have the right to request that we change any Personal Information that pertains to you.

• You have the right to request that we delete any Personal Information that pertains to you.

​

To request an accounting of your Personal Information, a change to your Personal Information, or deletion of your Personal Information, contact support@simon.health.

 

If you have a complaint about our use or processing of your Personal Information, you have the right to lodge a complaint with a national Data Protection Authority. Each European Union member nation has established its own Data Protection Authority; you can find out about the Data Protection Authority in your country here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

​

Protection and Retention of Personal Information

​

We follow generally accepted industry standards, including the use of appropriate administrative, physical and technical safeguards, to protect Personal Information. The appropriate administrative, physical, and technical safeguards employed by us may vary depending on the nature of Personal Information collected, with more stringent measures applied to information of a sensitive nature.

 

However, no method of transmission over the Internet, or method of electronic storage, is entirely secure. Therefore, while we strive to use commercially reasonable means to protect Personal Information, we cannot guarantee its absolute security or confidentiality. Please be aware that certain Personal Information and other information provided by you in connection with your use of the Services may be stored on your device (even if that information is not collected by us). You are solely responsible for maintaining the security of your device from unauthorized access.

 

Personal Information will be retained for as long as is reasonably necessary to achieve the purposes set forth in this Policy, and to comply with all applicable laws.

 

Other Provisions

 

Accessibility and Language – Any person that is unable to access this Policy through the Services may request this Policy in an alternative format or language by contacting us at support@simon.health.

 

International Users – The Company and its servers are located in the United States and are subject to applicable local, state, and federal laws. Users who choose to access the Services do so on their own initiative and at their own risk, and are responsible for complying with all applicable laws, rules and regulations. Users who choose to access the Services consent to the use and disclosure of information in accordance with this Policy and subject to such laws. We may limit the Service’s availability, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time and in our sole discretion. We do not represent or warrant that the Services, or any part thereof, is appropriate or available for use in any other jurisdiction.

Children’s Privacy – The Services are neither directed to nor structured to attract Users under the age of 16. If you are under the age of 16, you are not permitted to use the Services. The Company does not knowingly collect Personal Information from
users under the age of 16. If you are a parent with concerns about children’s privacy issues in conjunction with the use of the Services, please contact the Company at support@simon.health.

Do Not Track Signals and Collection of Information for Third-Party Advertising –
The Company is required to disclose how it responds to “Do Not Track Signals” and whether third parties collect personally identifiable information about users when they use online services. The Company honors "do not track" signals and does not track, use cookies, or use advertising when a “do not track” mechanism is in place. The Company does not authorize the collection of personally identifiable information from our users for third-party use through advertising technologies.

Amendments – We may modify or amend this Privacy Policy from time to time. If we make any material changes, as determined by us, to this Privacy Policy, including in the way in which Personal Information is collected, used or transferred, we will notify you by e-mail to the address specified in your profile or by means of a notice on the Services prior to the change becoming effective.

Contact Information
If you have questions about this Policy, please contact support@simon.health.

 

Effective Date
The effective date of this Policy is September 18, 2023