SYNC.MD PRIVACY POLICY

Sync.MD is a company with a technological platform that helps exchange information between individuals and organizations in a more secure, efficient, and electronic manner. Sync.MD uses software, mobile applications, website, and associated services (collectively the “Services”) to collect, store, share, and exchange your personal information with organizations and individuals that you choose.

The team at Sync.MD takes the privacy and protection of your personally identifiable information (or “PII”) as our top priority. We will not sell or rent your data. We will not allow third parties to use it for profit or monetary transactions, and this includes both your PII and any deidentified or anonymized data that may be created based on your PII.

Sync.MD uses encryption and strong security measures to prevent any unauthorized attempts to access your PII. However, to provide you with our Services, Sync.MD must collect and use your PII in different ways. This Privacy Policy describes the ways in which Sync.MD can collect, store, process, use, share, and destroy your PII.

If you do not want your PII to collected and used by Sync.MD, do not consent or agree to this Privacy Policy and stop using our Services. By continuing to use our Services, you are agreeing to the terms of this Privacy Policy and Sync.MD’s continued collection and use of your PII as described below.

Sync.MD and our Services do not provide medical advice, treatment, or diagnosis. Always seek the advice of healthcare providers directly, not through our Services, with any issues, questions, or concerns that you may have regarding a medical or health emergency, treatment, or diagnosis.

Section 1. Collection of Personally Identifiable Information

Information Provided to Sync.MD

When you use Sync.MD, you may submit or Sync.MD may collect a variety of PII to give you access to our Services. Depending on the type of product or service that you are using, this PII may include:

Automatically Collected Information while using our Services

In addition to the PII listed above, Sync.MD may automatically collect, store, and analyze data from your computer, mobile device, or smartphone. Sync.MD automatically collects IP addresses and web site usage information when you access our Services including:

This information helps Sync.MD evaluate how our users, visitors, and customers navigate our platform. We look at such things as the number and frequency of people accessing each web page and how long they stay.

Use of Cookies

Sync.MD may use cookies to collect and store information about your usage of Sync.MD. Cookies are data files stored on your computer’s hard drive or in the device memory of your phone or mobile device. They help Sync.MD improve delivery of Services to you. By measuring our online features and user experiences with them, we can determine areas and features that are most popular or in need of improvement.

Web browsers are often set to accept cookies by default. If you prefer not to share cookies with Sync.MD, you may be able to set your browser to delete or reject all cookies or specific browser cookies. If you choose to delete or reject cookies from Sync.MD, this could impact the functionality of the services provided through Sync.MD.

Information Collected from Third-Party Sources

Sync.MD may collect information about you from other online or offline sources. This includes commercially available third-party sources to verify eligibility and securely offer our services to you. We may combine this information with the PII we have collected about you under this Privacy Policy.

Section 2. Usage of Personally Identifiable Information

Sync.MD may use the PII collected about you only for the following:

We may also use the information in other ways with your express consent. For instance, if we use a service or product that we offer jointly or through another entity. We may also use the information we collect about you in other ways if we provide specific notice and gather your active consent at that time.

Retention of PII

Sync.MD may keep the PII we obtain for as long as you continue to actively use or maintain our services, as needed to fulfill the specific purpose(s) for which it was collected, and/or to provide ongoing services to the organizations or individuals with whom you have already shared or exchanged your PII. We may also need to retain your PII to resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws and regulations.

In the event of unused, or otherwise inactive accounts, Sync.MD will retain your PII and associated user data for a period of seven years. At that point your account, information, and all its associated user data will be permanently deleted from our records. Once deleted, it will no longer be accessible by us or recoverable by you in any way.

You are always free to delete your account and all its information and data, at any time, for any reason. You can initiate this process directly through the Services at your own discretion or by contacting Sync.MD at help@syncmd.com. We will respond to all requests within a reasonable time or thirty business days.

Please make sure that you download or make copies of any information that you wish to keep before deleting your account.

Legal Foundation for Handling Your PII

Some jurisdictions require companies to tell you the legal framework that gives them authority to use, disclose, or process your PII. To the extent that any of those laws apply, our legal foundation is as follows:

Section 3. Sharing of Personally Identifiable Information

Sync.MD is not in the business of selling, renting, or sharing your PII for profit or monetary transactions. This includes any de-identified or anonymized data created from your PII. Third parties are not allowed to use your PII, including using or creating de-identified or anonymized data based on your PII, without your active consent. Third parties are not allowed to use your PII in any way that contradicts the standards of this Policy or the terms of our Services.

The services we provide to you involve the sharing of sensitive information. The trust you place in Sync.MD to handle that information is why we consider the protection and safeguarding of your privacy our top priority. However, there are certain situations in which we may share your information with specific third parties based on the following conditions.

Consent

We may share information about you with other parties or users of Sync.MD based on your active consent, at your direction, or based on your usage of Sync.MD which implicitly requires such sharing. By accepting this Privacy Policy and continuing to use Sync.MD, you understand and agree that , Sync.MD has permission to provide the organizations and individuals you choose with access, exchange, or sharing of your PII through our Services.

You may customize, manage, and revoke your consents through our Services and Applications. Be aware that the organizations, or individuals that you shared your PII with may have already acted, made decisions, or used your PII while your consent was active. Do not share your PII unless you are comfortable with recipient being able to view and use it for the purposes or services that you are providing it.

Sharing, Storing, and Processing by Related Service Providers

We may need to share, store, or process information about you with Sync.MD related Service Providers as part of the delivery of our Services . We may also share information about you with these service providers to support, enhance, or troubleshoot the Services we provide to you, to fulfill legal requirements, and for routine business purposes.

The types of activities and service providers to whom we may share, store, or process PII with include the following categories.

Legal Requirements

We may need to disclose or be required to disclose, information about you in specific legal situations.

Business Transfers

If all or a part of Sync.MD is sold, merged, or otherwise transferred to another party, the PII you have stored with us may be transferred as part of that transaction. We will give you advance notice and information about the new ownership. We will include details on whether the terms of their Privacy Policy match the standards of our own, so that you may make an informed decision.

Should you choose to stop using our Services and close your account, you will be given a chance to have copies of your PII securely transmitted, shared, or downloaded for your personal use or retention before your account, information, and all your associated data is permanently deleted.

Section 4. Collection and Usage of De-Identified Data

Sync.MD may collect, process, and use your PII to change it into aggregated or non-aggregated data sets of de-identified information. De-identified information means that your PII has been fundamentally changed so that any information, and data points that could be used to identify you (or which could be reasonably used in combination with other information to specifically identify you), has been completely removed or transformed.

Aggregation of de-identified information means that even after your PII is made anonymous, it is combined with large amounts of other anonymous data so that no single source of data is identifiable.

Sync.MD may use de-identified data in aggregated or non-aggregated forms exclusively internally for the following purposes:

Section 5. No Sharing of De-Identified Data

Sync.MD does not sell, rent, or otherwise profit or engage in monetary transactions from providing any de-identified or anonymized user data to third parties, in any form.

Section 6. Risks of Choosing to Share or Exchange Data and Information through Sync.MD

When you use Sync.MD, we will provide you with Services that allow you to collect, store, share, and exchange PII about yourself with any organizations or individuals that you choose. Your decision to use Sync.MD and share information with other parties in this manner is not without risk however, and you should consider them before or while using our Services.

You are not required to use Sync.MD to receive any form of medical treatment, advice, or services from a healthcare provider. Sync.MD is an optional, third-party service provided directly to individuals for use as their own Personal Health Record. You are always free to request, exchange, and access your medical information directly from your healthcare providers without using Sync.MD.

When you share medical information, you should be aware that it could include data or information that may impact others. Genetic tests, family histories, and similar types of medical information can reveal sensitive health information about others such as your spouse, relatives, children, etc. Carefully consider whether you trust the recipient to keep such information secure and protected before you share it.

Also consider the risks of information disclosure if you make a mistake or error when using Sync.MD. You should always carefully review and verify the details of any organizations, individuals, or entities that you select or choose to share information with. We encourage you to talk directly with those recipients outside of Sync.MD before you share information. You should discuss any concerns that you may have, such as their reason for needing your information, how much information they need, and what actions or decisions they may make based on that information.

Sync.MD is not responsible for any actions or decisions that an organization or individual may take based on the information that you share with them. This includes any decisions regarding healthcare advice, treatment, diagnosis, verification of qualifications or insurance, testing results, offers of employment, terms of loans or product purchases, or any other actions that may come from the sharing of your PII. Carefully consider whether you want or need an organization or individual to have access to your information through Sync.MD.

Sync.MD is based in the United States and we offer our Services exclusively as part of operations within the United States. The laws of the United States which govern the collection and use of personal data may not be as comprehensive or protective as the laws of many other countries.

If you are a member of a country or region whose laws governing data collection and use may conflict with the laws of the United States, you consent to the processing and transferring of your information, including your PII, into the United States. By accessing and using our Services, you consent that Sync.MD may collect, store, process, use, disclose, and transfer your data and PII as described in this Privacy Policy.

By using our Services or providing your PII to Sync.MD, you agree that Sync.MD may send you emails about important user account, security, privacy, and/or administrative matters relating to your use of the services.

If we learn of a security or data breach for example, we will email you based on the information that you provided at the time of your registration. You may also have a legal right to receive such a notice in writing.

Section 9. Unsolicited Information

You may provide us with ideas for new products, modifications to existing products, or other unsolicited submissions, feedback, or contributions (collectively, “Unsolicited Information”). All Unsolicited Information is non-confidential. Sync.MD is free to reproduce, use, disclose and distribute such Unsolicited Information to others without limitation or attribution.

Section 10. Request to Access or Delete PII

We will give you the chance to access or delete PII that we have in our possession. You can manually access or delete most forms of PII collected through Sync.MD through your account, our applications, or our Services. If you wish to directly request access or deletion of your personal information, please contact us at help@syncmd.com or use the “Delete Account” function available within our Services or Applications.

We may still need to keep certain information as required by law, to provide ongoing services for the organizations, individuals, or entities who already have your PII, or for legitimate business purposes. We will respond to your request for access or deletion within a reasonable period or within thirty business days.

If you request to delete your PII, it will all be permanently deleted. Please make sure that you download or make copies of any information that you wish to keep before deleting your account.

Although Sync.MD makes good faith efforts to provide individuals with access to their PII when requested, there may be times when Sync.MD cannot provide access, including:

Section 11. Annotating, Correcting, or Marking PII

Sync.MD makes an effort to provide tools and methods for you to directly update or change your PII, like contact information, as needed… However, some forms of PII collected are unable to have their content changed, such as records, forms, and documents that may be stored or preserved in static electronic formats such as PDFs.

In these situations, Sync.MD will provide you a process to flag or mark these forms of PII based on particular conditions. This way you and any organizations, individuals, or entities that you choose to share this PII with, will have notice of the problem, issue, or error associated with the underlying PII.

You may always reach out to us at help@syncmd.com to request corrections, annotations, or changes to your PII. We will respond to all requests within a reasonable time or thirty business days, although we may not always be able to fulfill every request due to technical or legal barriers.

Section 12. Data Security and Data Breach

Sync.MD takes appropriate technical, security, and organizational measures to protect against unauthorized access, unlawful processing, accidental loss, destruction, or damage to PII and other data. You acknowledge and agree however, that no security measures are perfect or impenetrable, and Sync.MD cannot guarantee that the information submitted to, maintained on, or transmitted from our systems will be completely secure. Sycn.MD is not responsible for the circumvention of any privacy settings or security measures contained on the Sync.MD platform or services by any users or third parties.

If a data breach does occur, Sync.MD will formally notify the impacted parties via email with information about how and when the data breach occurred and the kinds of personal information that was involved or put at risk. The notice will explain and detail the steps that Sync.MD is taking to remedy the breach, protect individuals, and what services we are offering in response. The notice will include individual steps or actions that you may take, and how to contact us for more information.

Section 13. Policy for Minor Users

The services made available on Sync.MD are not intended for or made available to anyone under the age of thirteen (13) years old and we do not knowingly collect data from minors under the age of thirteen (13) years old. Minors between the ages of thirteen (13) and seventeen (17) may use our Services, but a parent, guardian, or personal representative must consent to this Privacy Policy and any other associated Agreements on their behalf. If you believe that we have mistakenly collected data from a minor user, please contact us at help@syncmd.com.

Section 14. Changes to Policy

Sync.MD may choose to, or need to, change this Privacy Policy from time to time. If we do, we will notify you through appropriate channels to provide you with a plain language summary of the major changes and to obtain your active consent to the new terms.

This may include a combination of direct disclosures or notifications within our Services, Applications, or Website, contacting you through email, and by posting the revised policy on this page with a new “Last Updated” date. Providing your renewed consent to the changes we make, publish, or communicate about this Policy means that you are agreeing with the new terms.

Section 15. Change in Ownership

Sync.MD will notify you if all or a part our company shuts down operations or sells, merges, or otherwise transfers ownership to another party. You will get advance notice and information about the new ownership so that you may make an informed decision on whether to continue using our Services. This will include details on the new entity’s Privacy Policy and whether it matches the standards and terms of this Policy regarding data collection and usage.

Should you choose to stop using our Services and close your account, you will be given the chance to have copies of all your PII securely transmitted, shared, or downloaded for your personal use prior to your account and all its associated data and information being permanently deleted.

Section 16. Governing Law

By choosing to visit or utilize Sync.MD or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the laws of the United States and the State of South Carolina.

Section 17. How to Contact Us or Submit a Complaint

If you would have a question about this policy, are seeking privacy related information, or would like to submit a complaint, please send us an email at help@syncmd.com. We will respond to all complaints within a reasonable time or thirty business days.

Section 18. Notice to California Users

The information provided in this section applies only to California residents.

The California Consumer Privacy Act of 2018 (“CCPA”) requires us to provide an explanation of the rights and choices we offer to California residents regarding our handling of their personal information, along with information regarding the categories of personal information we collect, use, and share.

1. California Residents’ Privacy Rights

The CCPA grants California residents the following rights:

The CCPA places limits on these rights. We may not be able to provide certain sensitive information in response to an access request. We may be limited in the circumstances in which we must comply with a deletion request. If we do deny or limit your request, we will communicate our decision to you. You may exercise the rights listed above free from discrimination.

2. How to Submit a Request

To request access or deletion of personal information from out databases, please send us an email at help@syncmd.com. The CCPA requires us to take certain steps to properly verify the identity of the individual submitting a request before we can process it.

3. Personal Information that Sync.MD Collects, Uses, and Shares

Sync.MD will never sell or rent your personal information without your consent.

Information that Sync.MD directly collects from you:

4. Categories of Personal Information

The CCPA requires that companies disclose their collection and use of specific categories of Personal Information enumerated in CCPA. Below is a table of those categories and a notification as to whether Sync.MD collects each. Please note that while each “CCPA category” may cover many types of personal information, Sync.MD only collects, uses, and shared the personal information described in this Privacy Policy.

CCPA Categories Collected
Identifiers Yes
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code Section 1798.80(e)) Yes
Protected Classification Characteristics under California or federal law Yes (age)
Commercial Information Yes
Biometric Data Yes
Internet or other similar network activity Yes
Geolocation Data No
Sensory Data No
Professional or employment-related information Yes
Non-public education information (per the Family Educational Rights and Privacy Act (20 USC Section 1232g, 34 CFR Part 99)) No
Inferences drawn from other personal information Yes