Privacy Policy

Introduction

Vitals 360 ("we," "our," or "us") is committed to protecting the privacy and security of personal information and protected health information (PHI) collected through our real-time patient monitoring system and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with our platform.

We operate in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. By using our services, you consent to the practices described in this policy.

Information We Collect

Health Information

Through our monitoring devices and platform, we collect:

• Vital signs (heart rate, blood pressure, temperature, oxygen saturation)
• Activity and movement data
• Sleep patterns and quality metrics
• Location data within healthcare facilities
• Device usage and connectivity information

Personal Information

We may collect the following personal information:

• Name, date of birth, and contact information
• Medical record numbers and patient identifiers
• Healthcare provider information
• Insurance and billing information
• Emergency contact details

Technical Information

We automatically collect:

• Device identifiers and specifications
• IP addresses and browser information
• Usage patterns and interaction data
• Error logs and diagnostic information

How We Use Your Information

We use collected information for the following purposes:

• Healthcare Delivery: Providing real-time patient monitoring and alerting services
• Treatment Support: Enabling healthcare providers to make informed clinical decisions
• Service Improvement: Enhancing our platform's functionality and user experience
• Safety & Compliance: Meeting regulatory requirements and ensuring patient safety
• Communication: Sending alerts, notifications, and service updates
• Analytics: Generating de-identified insights to improve healthcare outcomes

Information Sharing and Disclosure

We may share your information with:

• Healthcare Providers: Your designated care team and authorized medical personnel
• Healthcare Organizations: Hospitals, clinics, and facilities using our platform
• Service Providers: Third parties who assist in operating our services (under strict confidentiality agreements)
• Legal Requirements: When required by law, court order, or government request
• Emergency Situations: To protect the health and safety of individuals

We do not sell your personal information or protected health information to third parties.

Data Security and Protection

We implement comprehensive security measures including:

• End-to-end encryption for all data transmission
• AES-256 encryption for data at rest
• Multi-factor authentication for system access
• Regular security audits and penetration testing
• SOC 2 Type II certified infrastructure
• 24/7 security monitoring and incident response
• Employee training on HIPAA and security best practices

Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal and health information
• Correction: Request corrections to inaccurate information
• Deletion: Request deletion of your information (subject to legal requirements)
• Restriction: Request limitations on how we use your information
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Accounting: Request an accounting of disclosures of your PHI

To exercise these rights, please contact our Privacy Officer using the information provided below.

Data Retention and Disposal

We retain personal and health information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, and support healthcare operations. Medical records are retained in accordance with applicable state and federal regulations, typically for a minimum of 6-10 years.

When data is no longer needed, we securely dispose of it using industry-standard methods including secure deletion and physical destruction of storage media.

International Data Transfers

Our services are primarily operated in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses and compliance with applicable data protection frameworks.

Cookies and Tracking Technologies

Our website and platform use cookies and similar technologies to enhance your experience, analyze usage patterns, and improve our services. You can control cookie preferences through your browser settings, though some features may not function properly without cookies.

Children's Privacy

Our services may be used to monitor pediatric patients under the supervision of healthcare providers and with appropriate parental or guardian consent. We do not knowingly collect personal information directly from children under 13 without parental consent.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes through our platform, email, or other appropriate means. Your continued use of our services after such notification constitutes acceptance of the updated policy.

Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: