Data Privacy and Security

TERMS

Disclaimer of Liability in Connection with the Use of TOCI Products, Software, and Systems

TOCI, Inc. (“TOCI,” “we,” or “us”) develops and markets software, artificial intelligence tools, solutions, and systems for the healthcare industry (“systems”). Healthcare practitioners utilize our tools to capture patient and procedure narratives and/or to supplement their engagement.

By viewing, utilizing, and/or gaining access to the system, you recognize and accept that TOCI’s systems are (i) meant for non-commercial, medical training and performance improvement purposes only; (ii) not certified as a medical device; (iii) not intended for clinical or diagnostic use; and (iv) intended for non-commercial, medical training and performance improvement purposes only. Additionally, you acknowledge and agree that you will use and access the system (x) solely for the purpose of narrative medicine tasks and performance improvement; (xi) in accordance with all applicable laws and regulations; and (xii) in accordance with any user documentation, instruction manuals, guides, and/or requirements that may be provided to you. You agree that you will not use any part or entirety of the system to (xii) diagnose, treat, or cure a human being’s condition or in a life-threatening situation; (xiii) support professional medical decisions, diagnoses, or treatments; or (ix) substitute for any diagnosis, recommendation, advice, treatment, or decision made by an appropriately trained and licensed physician. The system’s usage on live subjects may result in severe damage or death.

TOCI makes no claims or guarantees about the competence of any individual who may acquire education and/or medical or non-medical information via or based on the system, or on the exercise of such person’s abilities after such interaction with the system. Supplier makes no assurance that anybody using the system will attain any specific skill level or degree of competence required to qualify for any license, certificate, or rating issued by any regulatory agency or government authority.

TOCI makes no representations or guarantees that the system or the medical or non-medical information accessible through the system: (a) will be available continuously or at all; or (b) will be error-free, complete, truthful, accurate, current, and/or non-misleading. You are using the system fully aware and aware that you are waiving any claim against TOCI based on your reliance on any information or training provided via the system.

LIABILITY LIMITATION

TOCI, ITS AFFILIATES, AND EACH OF THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS, OR LICENSORS (COLLECTIVELY, THE “PARTIES”) MAKE NO WARRANTIES OR REPRESENTATIONS ABOUT THE CONTENT, INCLUDING BUT NOT LIMITED TO ITS ACCURACY, RELIABILITY, COMPLETENESS, TIMELINESS, OR R THE PARTIES SHALL NOT BE LIABLE FOR THE TRUTH, ACCURACY, OR COMPLETENESS OF THE CONTENT OR ANY OTHER INFORMATION CONVEYED TO THE USER, OR FOR ANY ERRORS, MISTAKES, OR OMISSIONS THEREIN, OR FOR ANY DELAYS OR INTERRUPTIONS IN THE DATA OR INFORMATION STREAM DUE TO ANY CAUSE WHATSOEVER. YOU AGREE THAT USE OF THE WEBSITE AND CONTENT IS AT YOUR SOLE RISK.

THE PARTIES DO NOT WARRANT THAT THE WEB SITE WILL OPERATE WITHOUT ERRORS OR THAT THE WEB SITE, ITS SERVER, OR THE CONTENT ARE FREE OF COMPUTER VIRUSES OR OTHER SIMILAR CONTAMINATION OR DESTRUCTIVE FEATURES. NO PARTY SHALL BE RESPONSIBLE FOR THE COSTS OF SERVICING OR REPLACING EQUIPMENT OR DATA AS A RESULT OF YOUR USE OF THE WEB SITE OR THE CONTENT.

THE WEB SITE AND ITS CONTENT ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTIES OF ANY KIND. THE PARTIES DISCLAIM ALL WARRANTIES, INCLUDING, BUT NOT LIMITED TO, MERCHANTABILITY, NON-INFRINGEMENT OF THIRD-PARTY RIGHTS, AND FITNESS FOR A PARTICULAR PURPOSE.

NO PARTY SHALL BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, INCIDENTAL AND CONSEQUENTIAL DAMAGES, LOST PROFITS, OR DAMAGES RESULTING FROM LOST DATA OR BUSINESS INTERRUPTION) ARISING OUT OF THE USE OR INABILITY TO USE THE SYSTEM AND/OR WEB SITE AND THEIR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT

IT IS FURTHER UNDERSTOOD THAT TOCI SHALL HAVE NO LIABILITY WHATSOEVER FOR DAMAGES RESULTING FROM OR RELATED TO UNAUTHORIZED ACCESS, USE, ALTERATION, OR DESTRUCTION OF THE SYSTEM OR ANY DATA CONTAINED THEREIN OR CREATED BY THE SYSTEM OR YOUR COMPUTER SYSTEM BY ANY THIRD PARTY, INCLUDING ANY USERS.

THIS POLICY IS CHANGING CONSTANTLY. UPDATED VERSIONS WILL BE APPROVED AS SOON AS THEY ARE AVAILABLE ON OUR WEBSITE (WWW.TOCI.IO).

TOCI was developed to assist patients in documenting critical information from their life and healthcare narratives in order for their clinical teams and themselves to more effectively conduct patient-centered care. TOCI offers services through the TOCI App (“App”), the TOCI Service (“Service”), and the TOCI Portal (collectively referred to as “the Services” or “TOCI”). This Privacy Policy is intended to educate you about how TOCI works via an analysis of the data you give, the data we collect, how we use it to offer the Services, and when it is used or shared.

At TOCI, privacy and governance empower you throughout the patient experience.

You own and manage the collection and sharing of your data. Your permission is required for the collection and sharing of personal health data. We adhere to privacy by design principles to minimize the data we gather and to notify you in the App when you have data sharing options.

You may withdraw your consent at any time. You may easily remove recordings or your account at any moment straight from the app.

We will never sell your information. We do not have, nor do we support, any business model that includes the sale or benefiting from your personally identifiable information.

Our method utilizes anonymized data. Any research and development activities are conducted using de-identified health data or external data sets obtained with the permission of patients. If we have the potential to incorporate personal data about you in our study, we will get your permission first.

Data security is not negotiable. You entrust us with the security of your tales, and that confidence informs everything we create. As a result, we adhere to HIPAA security requirements while collecting health data – even when HIPAA does not apply to our services.

 

Information about your account.

We gather your name, email address, and phone number in order to establish and maintain an account. TOCI Clinician Dashboard accounts may be created only by TOCI Trusted Health Professionals (THPs). When you initially log into your account, we utilize ID.me to validate your provider information and National Provider Identifier (NPI). We gather and preserve the data provided with us by ID.me in order to facilitate the connection of your patients’ narratives to you in TOCI.

 

Information about your health.

When you record a life story or healthcare discussion using the TOCI app, we gather audio, video, and/or text as selected by the user and convert it to a readable transcript that we keep. We use the transcript to create a summary of the recording and a list of extracted features customized for you or your health professional team. The summary includes the recording itself, the most significant elements from your story or conversation, medical-related terms, and other significant events recorded.

 

TOCI offers services to record and distill two distinct kinds of narratives:

• TOCI Biographical stories. You may begin recording a narrative with the TOCI App. It will be accessible after you log in. You may opt to share the discussion with the authorized TOCI Trusted Health Professional care team or to send a copy of the material to another individual.

• TOCI Health stories. Health Story recordings produced using the TOCI App between you and a TOCI Trusted Health Professional. We capture and keep audio, video, and/or text from health stories according on the user’s preferences. You may want to have a copy emailed automatically to the TOCI-affiliated health professional with whom you are conversing. To access that discussion, you must establish an account on TOCI. Once you’ve done so, you can access and interact with that content in the same way you do with narratives recorded in the App; however, you’ll need to contact your Trusted Health Professional or other individuals with whom you’ve designated access directly to delete a conversation that was sent to them at any point.

 

Your activity on the app.

The App allows you to engage with your recordings in a variety of ways to assist you in organizing and recording your life story and health stories. For instance, you may search for and retrieve all recordings by date and time, and the app always displays an aggregated summary. We associate Your Activity with your account.

 

Contacts.

You may share your recording and recording summary with another TOCI user by manually inputting the receiver’s phone number or by granting us access to your phone’s contacts so that you can choose a recipient. Additionally, you may opt to send a recording to a Trusted Health Professional on your Care Team. If the receiver is not already a member of TOCI, we will send them a text message asking them to join. While we do not keep your Contacts, we may need access in order for you to choose recipients. You may always disable our access to your Contacts in your phone’s settings. When you share a recording, we save the recipient’s phone number and any message you send using your account’s phone number. You may revoke access to a recording at any moment in the TOCI App if the Contact is not a Trusted Health Professional.

 

Location.

You may opt to disclose your location for some services, such as tagging daily articles. Before we gather this data, we will inform you and get your permission.

Analytics and Passive Data Collection. We gather information about your use of TOCI, such as your IP address, mobile device ID, click or tap history, operating system or browser type, and other activities on the Services. This information is gathered from your phone or web browser when you engage with online and mobile applications, and it assists us in improving your experience with the Services.

 

Feedback and assistance.

We would be delighted to hear from you! Whether you have a suggestion on how to enhance TOCI or are in need of assistance, we save the emails you give us and utilize them to help us prioritize how to improve our product.

 

Data that has been de-identified.

Non-personal data that has been aggregated or de-identified in such a way that it cannot reasonably be used to identify an individual. We utilize de-identified data to conduct research and development on new products and solutions, to improve our algorithms and machine learning applications, and to enhance the App and the services we offer. We may release such information publicly and to other parties in a variety of ways, including in public health reports, to partners with whom we have an agreement, and in benchmarking information we offer to the medical community.

 

We handle personal data in order to provide you with the Service:

• We analyze your audio, video, or text records using artificial intelligence techniques and produce a transcript of pertinent events, narratives, and features that may assist your healthcare team in getting to know you.

• When you share a recording, we include your name so the receiver knows who provided it.

• Your name, email address, and cell phone number are used to administer and protect your account. Additionally, we use your information to communicate with you about your usage of TOCI, to react to your requests, and to keep you informed of new features or products.

• We utilize Analytics and Passively Collected Data to better understand how you use TOCI, to test new features and tools, and to guarantee that TOCI operates correctly, safely, and provides an excellent user experience.

• TOCI is improved via the usage of personal data. For instance, to troubleshoot and prevent problems; to conduct data analysis and testing; to conduct research and surveys; to create new goods or tools; and to improve our artificial intelligence algorithms and apps.

• We retain audio, video, and text that you create and/or communicate with your Trusted Health Professional through the TOCI app in order to ensure their ongoing access.

• We will use your email address to communicate with you about TOCI and our Partners. At any moment, you may unsubscribe from receiving communications by clicking “unsubscribe” in any email you get.

• We utilize personal data to safeguard TOCI, our users, and third parties. For instance, to combat fraud and abuse, to react to legal requests or claims, to perform audits, and to enforce our agreements and other rules.

Only with your permission, agreement, or direction. You may withdraw this authorization at any time. We never sell your personal information. We disclose data only with your permission or as needed or allowed by law, and only in the following circumstances:

To share your recording(s) with a TOCI user who is a designated Trusted Health Professional. That copy then becomes the property of the healthcare professional, and you must contact them directly to request access to or deletion of their copy.

To transmit a recording(a) to a specified family member or acquaintance.

 

To offer an excellent user experience for TOCI Services.

The TOCI Service may include connections, interactions, and natural language processing tools from third-party providers over which TOCI has no control. We collaborate with these organizations because they offer advantages that we believe enhance your TOCI experience. We do not share personal data with partners unless you agree to their privacy policies in the App, which will inform you how that partner will use your data.

Please keep in mind that once your data is shared with a third party, it becomes subject to the third party’s rules, and you will need to contact them directly to request access to or deletion of your personal data.

We transmit data to healthcare service providers and other third-party processors who handle it on our behalf and in accordance with this Privacy Policy and other contractually mandated confidentiality and security measures. Customer assistance, cloud storage, marketing, data analysis, research, and surveys are all examples of processing.

We utilize Google Analytics, a service provided by Google Inc. (“Google”), Amazon Web Services, a service provided by Amazon Inc. (“Amazon”), and OpenAI, a service provided by OpenAI Inc. (“OpenAI”). Several of these services make use of cookies (small text files) placed on your computer to analyze your visits to and interactions with websites in order to customize your experience and enhance the Services. You can prohibit Google, Amazon, and others from using your data by using the opt-out options built into your browser and device.

 

To adhere to the law.

We may share information we collect about you to comply with the law, a judicial action, a court order, or other legal process, such as in response to a court order or subpoena. Please note that, unless we are forbidden by law, we will notify you of legal process requesting access to your information, such as search warrants, court orders, or subpoenas. When a court order stipulates a non-disclosure term, we give delayed notification after the non-disclosure period’s expiry. Exigent or counterproductive situations, such as an emergency involving a risk of death or severe bodily harm to a person, are exceptions to our notice policy.

 

To Safeguard Us and Others.

We may disclose the information we collect about you if we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in TOCI-related litigation.

 

Transfers of Business.

If we are bought or merged with another business, or if a significant portion of our assets are transferred to another firm, or as part of a bankruptcy or reorganization process, we will notify affected users prior to transferring any personal data to the new entity.

We strive to provide products that are safe for everyone to use. Personal information that may be used to improve health outcomes, such as social determinants of health, can help local healthcare professionals and organizations maintain people healthy and happy. However, data collecting from vulnerable groups such as children, the elderly, and the homeless needs extreme caution and openness.

Thus, TOCI is not designed for use by minors or populations lacking the ability to provide informed consent without the express authorization of a parent, guardian, or healthcare professional who may create a TOCI account for their user to manage their narratives and recordings. If we become aware that we are collecting data from such users without their permission, we will delete the data and the account immediately. If you think a vulnerable user has given us with data without the permission of their parent, guardian, or healthcare professional, please contact us at www.toci.io/contactus.

By signing into your account and changing your profile information, you may view and amend the personal data you’ve provided. Please keep in mind that cached and archived pages of the Service may retain copies of information you update, modify, or delete for a period of time. Your personal information is saved and available on both your device and the cloud.

We retain information about your account until it is removed. You may cancel your account at any moment via the App’s settings menu or by emailing us at [email protected]. Please note that deletion of your account information may take up to 24 hours, and we may retain it for legal reasons or to avoid damage, as stated in the “When Is Your Data Shared?” section.