SYNC.MD PRIVACY POLICY

Sync.MD is a company with a technological platform that helps exchange information between individuals and organizations in a more secure, efficient, and electronic manner. Sync.MD uses software, mobile applications, website, and associated services (collectively the “Services”) to collect, store, share, and exchange your personal information with organizations and individuals that you choose.

The team at Sync.MD takes the privacy and protection of your personally identifiable information (or “PII”) as our top priority. We will not sell or rent your data. We will not allow third parties to use it for profit or monetary transactions, and this includes both your PII and any deidentified or anonymized data that may be created based on your PII.

Sync.MD uses encryption and strong security measures to prevent any unauthorized attempts to access your PII. However, to provide you with our Services, Sync.MD must collect and use your PII in different ways. This Privacy Policy describes the ways in which Sync.MD can collect, store, process, use, share, and destroy your PII.

If you do not want your PII to collected and used by Sync.MD, do not consent or agree to this Privacy Policy and stop using our Services. By continuing to use our Services, you are agreeing to the terms of this Privacy Policy and Sync.MD’s continued collection and use of your PII as described below.

Sync.MD and our Services do not provide medical advice, treatment, or diagnosis. Always seek the advice of healthcare providers directly, not through our Services, with any issues, questions, or concerns that you may have regarding a medical or health emergency, treatment, or diagnosis.

Section 1. Collection of Personally Identifiable Information

Information Provided to Sync.MD

When you use Sync.MD, you may submit or Sync.MD may collect a variety of PII to give you access to our Services. Depending on the type of product or service that you are using, this PII may include:

Contact Information (name, email, address, telephone number)
Demographic Information (birthdate, age, gender, marital status)
Financial Information (employment status, employer, salary)
Government-Issued Driver’s License Information (driver’s license number, barcode, copy or image of license)
Automotive Insurance Information (insuring organization, insurance status, account number, copy or image of insurance card)
Payment information (billing address and credit card details, including card number, expiration date, and security code)
Biometric Information (temporary processing of face, facial, eye, iris, retina, and other ‘Selfie’ related image data, scans, or identifiers for identity verification services)
Personal Health Information (information and data related to the provision of health care to you such as your health status, medical records and related information or documents, consent to treatment forms, authorization to disclose medical information forms, Medicare forms, Medicaid forms, living wills, Directives to Physicians and Family or Surrogates, Medical Powers of Attorney, Out of Hospital Do Not Resuscitate Orders, Declarations of Mental Health Treatment, images, reports, labs and test results, medical treatments performed on you, and any other “protected health information” that may otherwise be defined under HIPAA and similar terms as defined by state, national, or international law)
Self-Reported Health Information (information that you voluntarily enter or provide while using our Services, such as information about your health and/or medical condition and behaviors such as medications, exercise, or other activities)
Legal Forms, Contracts, and Agreements (forms, contracts, agreements, authorizations, and other types of legally binding documents provided or collected through our services for your storage, transfer, review, consent, execution, or electronic signature including originals and/or copies)
Electronic Signatures (record and/or image of your electronic signature including name, date, and time of the signature)
Business Contact Information (name of organization, business email, business address, business telephone number)
Other information that you provide directly to us or authorize a third party to provide to us

Automatically Collected Information while using our Services

In addition to the PII listed above, Sync.MD may automatically collect, store, and analyze data from your computer, mobile device, or smartphone. Sync.MD automatically collects IP addresses and web site usage information when you access our Services including:

The type of web browser used
Access times
Webpages viewed
Location
The Webpage viewed before navigating to our Services
Information about the computer, mobile device, or phone used to access our Services, including hardware model, operating system and version, unique device identifiers, and mobile network information.

This information helps Sync.MD evaluate how our users, visitors, and customers navigate our platform. We look at such things as the number and frequency of people accessing each web page and how long they stay.

Use of Cookies

Sync.MD may use cookies to collect and store information about your usage of Sync.MD. Cookies are data files stored on your computer’s hard drive or in the device memory of your phone or mobile device. They help Sync.MD improve delivery of Services to you. By measuring our online features and user experiences with them, we can determine areas and features that are most popular or in need of improvement.

Web browsers are often set to accept cookies by default. If you prefer not to share cookies with Sync.MD, you may be able to set your browser to delete or reject all cookies or specific browser cookies. If you choose to delete or reject cookies from Sync.MD, this could impact the functionality of the services provided through Sync.MD.

Information Collected from Third-Party Sources

Sync.MD may collect information about you from other online or offline sources. This includes commercially available third-party sources to verify eligibility and securely offer our services to you. We may combine this information with the PII we have collected about you under this Privacy Policy.

Section 2. Usage of Personally Identifiable Information

Sync.MD may use the PII collected about you only for the following:

For the purpose(s) you specifically provided the information
To register you as a customer, client, or associated user (or as a potential customer, client, or associated user) with organizations, individuals, or entities that you choose and consent to sharing and exchanging information with through Sync.MD
To provide you with our Services or access to our Services
To provide our Services or access to our Services with the organizations, individuals, or entities that you choose and consent to sharing and exchanging information with through Sync.MD
To send you electronic notices or email to provide informational and operational support such as user management, customer service, system maintenance, or legal notifications
To verify your identity and the legitimacy of your submitted PII
To evaluate, enhance, and develop features, products, and services
To detect and prevent fraudulent or illegal usage of our services
To ensure internal quality control
To perform accounting, auditing, and other internal functions
To carry out any other purpose for which the information was collected

We may also use the information in other ways with your express consent. For instance, if we use a service or product that we offer jointly or through another entity. We may also use the information we collect about you in other ways if we provide specific notice and gather your active consent at that time.

Retention of PII

Sync.MD may keep the PII we obtain for as long as you continue to actively use or maintain our services, as needed to fulfill the specific purpose(s) for which it was collected, and/or to provide ongoing services to the organizations or individuals with whom you have already shared or exchanged your PII. We may also need to retain your PII to resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws and regulations.

In the event of unused, or otherwise inactive accounts, Sync.MD will retain your PII and associated user data for a period of seven years. At that point your account, information, and all its associated user data will be permanently deleted from our records. Once deleted, it will no longer be accessible by us or recoverable by you in any way.

You are always free to delete your account and all its information and data, at any time, for any reason. You can initiate this process directly through the Services at your own discretion or by contacting Sync.MD at help@syncmd.com. We will respond to all requests within a reasonable time or thirty business days.

Please make sure that you download or make copies of any information that you wish to keep before deleting your account.

Legal Foundation for Handling Your PII

Some jurisdictions require companies to tell you the legal framework that gives them authority to use, disclose, or process your PII. To the extent that any of those laws apply, our legal foundation is as follows:

To fulfill our contractual commitment we made with you
- Most of our processing of PII is done to provide you with continued access and use of our services to exchange and share your information with the organizations, individuals, or entities that you choose.
Legitimate business interests
- Other processing of PII occurs because it furthers a legitimate or protected business interest in a way that does not override individual interests or fundamental rights and freedoms. This includes activity such as:
  - Providing a safe and enjoyable user experience
  - Customer Service
  - Marketing Communications
  - Protecting our users, employees, property, or trade secrets
  - Analyzing and improving our business operations by collecting information about how you use our services to improve on the design and placement of features
  - Managing legal, regulatory, or compliance-based issues
Legal Compliance
- We may need to use, disclose, and maintain PII in certain ways to comply with legal obligations or for certain activities or features offered within our services that require different standards.
Consent
- Where required by law, and in some other circumstances, we handle PII on the basis of your express or implied consent to use it.
To protect and safeguard vital interests of individuals or other people.

Sync.MD is not in the business of selling, renting, or sharing your PII for profit or monetary transactions. This includes any de-identified or anonymized data created from your PII. Third parties are not allowed to use your PII, including using or creating de-identified or anonymized data based on your PII, without your active consent. Third parties are not allowed to use your PII in any way that contradicts the standards of this Policy or the terms of our Services.

The services we provide to you involve the sharing of sensitive information. The trust you place in Sync.MD to handle that information is why we consider the protection and safeguarding of your privacy our top priority. However, there are certain situations in which we may share your information with specific third parties based on the following conditions.

Consent

We may share information about you with other parties or users of Sync.MD based on your active consent, at your direction, or based on your usage of Sync.MD which implicitly requires such sharing. By accepting this Privacy Policy and continuing to use Sync.MD, you understand and agree that , Sync.MD has permission to provide the organizations and individuals you choose with access, exchange, or sharing of your PII through our Services.

You may customize, manage, and revoke your consents through our Services and Applications. Be aware that the organizations, or individuals that you shared your PII with may have already acted, made decisions, or used your PII while your consent was active. Do not share your PII unless you are comfortable with recipient being able to view and use it for the purposes or services that you are providing it.

Sharing, Storing, and Processing by Related Service Providers

We may need to share, store, or process information about you with Sync.MD related Service Providers as part of the delivery of our Services . We may also share information about you with these service providers to support, enhance, or troubleshoot the Services we provide to you, to fulfill legal requirements, and for routine business purposes.

The types of activities and service providers to whom we may share, store, or process PII with include the following categories.

Information Technology (IT) services
Business Technology (BT) services
Payment Processing Services
Customer Service Activities
Identity Verification or Identity Authentication Services
Fraud Prevention
The provision of Information and Services which you have specifically requested and consented to
In connection with the provision of other Services or Products that we may offer in the future after updating this Policy accordingly

Legal Requirements

We may need to disclose or be required to disclose, information about you in specific legal situations.

As needed for legal requirements or legal process (such as a court order or subpoena)
In response to requests by government agencies such as law enforcement authorities
To establish, exercise, or defend the rights of Sync.MD
When disclosure is necessary or appropriate to prevent physical, financial, or other harm
In connection with an investigation of suspected or actual illegal activity or content
With your consent or at your discretion

Business Transfers

If all or a part of Sync.MD is sold, merged, or otherwise transferred to another party, the PII you have stored with us may be transferred as part of that transaction. We will give you advance notice and information about the new ownership. We will include details on whether the terms of their Privacy Policy match the standards of our own, so that you may make an informed decision.

Should you choose to stop using our Services and close your account, you will be given a chance to have copies of your PII securely transmitted, shared, or downloaded for your personal use or retention before your account, information, and all your associated data is permanently deleted.

Section 4. Collection and Usage of De-Identified Data

Sync.MD may collect, process, and use your PII to change it into aggregated or non-aggregated data sets of de-identified information. De-identified information means that your PII has been fundamentally changed so that any information, and data points that could be used to identify you (or which could be reasonably used in combination with other information to specifically identify you), has been completely removed or transformed.

Aggregation of de-identified information means that even after your PII is made anonymous, it is combined with large amounts of other anonymous data so that no single source of data is identifiable.

Sync.MD may use de-identified data in aggregated or non-aggregated forms exclusively internally for the following purposes:

To evaluate, enhance, and develop features, products, and services
To directly perform or engage in research, analytics, and testing
For any other legitimate but exclusively internal business purpose authorized by law

Sync.MD does not sell, rent, or otherwise profit or engage in monetary transactions from providing any de-identified or anonymized user data to third parties, in any form.

When you use Sync.MD, we will provide you with Services that allow you to collect, store, share, and exchange PII about yourself with any organizations or individuals that you choose. Your decision to use Sync.MD and share information with other parties in this manner is not without risk however, and you should consider them before or while using our Services.

You are not required to use Sync.MD to receive any form of medical treatment, advice, or services from a healthcare provider. Sync.MD is an optional, third-party service provided directly to individuals for use as their own Personal Health Record. You are always free to request, exchange, and access your medical information directly from your healthcare providers without using Sync.MD.

When you share medical information, you should be aware that it could include data or information that may impact others. Genetic tests, family histories, and similar types of medical information can reveal sensitive health information about others such as your spouse, relatives, children, etc. Carefully consider whether you trust the recipient to keep such information secure and protected before you share it.

Also consider the risks of information disclosure if you make a mistake or error when using Sync.MD. You should always carefully review and verify the details of any organizations, individuals, or entities that you select or choose to share information with. We encourage you to talk directly with those recipients outside of Sync.MD before you share information. You should discuss any concerns that you may have, such as their reason for needing your information, how much information they need, and what actions or decisions they may make based on that information.

Sync.MD is not responsible for any actions or decisions that an organization or individual may take based on the information that you share with them. This includes any decisions regarding healthcare advice, treatment, diagnosis, verification of qualifications or insurance, testing results, offers of employment, terms of loans or product purchases, or any other actions that may come from the sharing of your PII. Carefully consider whether you want or need an organization or individual to have access to your information through Sync.MD.

Sync.MD is based in the United States and we offer our Services exclusively as part of operations within the United States. The laws of the United States which govern the collection and use of personal data may not be as comprehensive or protective as the laws of many other countries.

If you are a member of a country or region whose laws governing data collection and use may conflict with the laws of the United States, you consent to the processing and transferring of your information, including your PII, into the United States. By accessing and using our Services, you consent that Sync.MD may collect, store, process, use, disclose, and transfer your data and PII as described in this Privacy Policy.

By using our Services or providing your PII to Sync.MD, you agree that Sync.MD may send you emails about important user account, security, privacy, and/or administrative matters relating to your use of the services.

If we learn of a security or data breach for example, we will email you based on the information that you provided at the time of your registration. You may also have a legal right to receive such a notice in writing.

Section 9. Unsolicited Information

You may provide us with ideas for new products, modifications to existing products, or other unsolicited submissions, feedback, or contributions (collectively, “Unsolicited Information”). All Unsolicited Information is non-confidential. Sync.MD is free to reproduce, use, disclose and distribute such Unsolicited Information to others without limitation or attribution.

Section 10. Request to Access or Delete PII

We will give you the chance to access or delete PII that we have in our possession. You can manually access or delete most forms of PII collected through Sync.MD through your account, our applications, or our Services. If you wish to directly request access or deletion of your personal information, please contact us at help@syncmd.com or use the “Delete Account” function available within our Services or Applications.

We may still need to keep certain information as required by law, to provide ongoing services for the organizations, individuals, or entities who already have your PII, or for legitimate business purposes. We will respond to your request for access or deletion within a reasonable period or within thirty business days.

If you request to delete your PII, it will all be permanently deleted. Please make sure that you download or make copies of any information that you wish to keep before deleting your account.

Although Sync.MD makes good faith efforts to provide individuals with access to their PII when requested, there may be times when Sync.MD cannot provide access, including:

The information contains legal privilege
The information would compromise the privacy or rights of other individuals
The burden or expense of providing access outweighs the risks to the individual’s privacy
Where it is commercially proprietary

Section 11. Annotating, Correcting, or Marking PII

Sync.MD makes an effort to provide tools and methods for you to directly update or change your PII, like contact information, as needed… However, some forms of PII collected are unable to have their content changed, such as records, forms, and documents that may be stored or preserved in static electronic formats such as PDFs.

In these situations, Sync.MD will provide you a process to flag or mark these forms of PII based on particular conditions. This way you and any organizations, individuals, or entities that you choose to share this PII with, will have notice of the problem, issue, or error associated with the underlying PII.

You may always reach out to us at help@syncmd.com to request corrections, annotations, or changes to your PII. We will respond to all requests within a reasonable time or thirty business days, although we may not always be able to fulfill every request due to technical or legal barriers.

Section 12. Data Security and Data Breach

Sync.MD takes appropriate technical, security, and organizational measures to protect against unauthorized access, unlawful processing, accidental loss, destruction, or damage to PII and other data. You acknowledge and agree however, that no security measures are perfect or impenetrable, and Sync.MD cannot guarantee that the information submitted to, maintained on, or transmitted from our systems will be completely secure. Sycn.MD is not responsible for the circumvention of any privacy settings or security measures contained on the Sync.MD platform or services by any users or third parties.

If a data breach does occur, Sync.MD will formally notify the impacted parties via email with information about how and when the data breach occurred and the kinds of personal information that was involved or put at risk. The notice will explain and detail the steps that Sync.MD is taking to remedy the breach, protect individuals, and what services we are offering in response. The notice will include individual steps or actions that you may take, and how to contact us for more information.

Section 13. Policy for Minor Users

The services made available on Sync.MD are not intended for or made available to anyone under the age of thirteen (13) years old and we do not knowingly collect data from minors under the age of thirteen (13) years old. Minors between the ages of thirteen (13) and seventeen (17) may use our Services, but a parent, guardian, or personal representative must consent to this Privacy Policy and any other associated Agreements on their behalf. If you believe that we have mistakenly collected data from a minor user, please contact us at help@syncmd.com.

Section 14. Changes to Policy

Sync.MD may choose to, or need to, change this Privacy Policy from time to time. If we do, we will notify you through appropriate channels to provide you with a plain language summary of the major changes and to obtain your active consent to the new terms.

This may include a combination of direct disclosures or notifications within our Services, Applications, or Website, contacting you through email, and by posting the revised policy on this page with a new “Last Updated” date. Providing your renewed consent to the changes we make, publish, or communicate about this Policy means that you are agreeing with the new terms.

Section 15. Change in Ownership

Sync.MD will notify you if all or a part our company shuts down operations or sells, merges, or otherwise transfers ownership to another party. You will get advance notice and information about the new ownership so that you may make an informed decision on whether to continue using our Services. This will include details on the new entity’s Privacy Policy and whether it matches the standards and terms of this Policy regarding data collection and usage.

Should you choose to stop using our Services and close your account, you will be given the chance to have copies of all your PII securely transmitted, shared, or downloaded for your personal use prior to your account and all its associated data and information being permanently deleted.

Section 16. Governing Law

By choosing to visit or utilize Sync.MD or otherwise provide information to us, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the laws of the United States and the State of South Carolina.

Section 17. How to Contact Us or Submit a Complaint

If you would have a question about this policy, are seeking privacy related information, or would like to submit a complaint, please send us an email at help@syncmd.com. We will respond to all complaints within a reasonable time or thirty business days.

Section 18. Notice to California Users

The information provided in this section applies only to California residents.

The California Consumer Privacy Act of 2018 (“CCPA”) requires us to provide an explanation of the rights and choices we offer to California residents regarding our handling of their personal information, along with information regarding the categories of personal information we collect, use, and share.

1. California Residents’ Privacy Rights

The CCPA grants California residents the following rights:

Information: You can request information about how we have collected, used, and shared your personal information during the past 12 months.
- Access: You can request a copy of the personal information that we maintain about you.
- Deletion: You can ask us to delete the personal information that we collected or maintain about you.

The CCPA places limits on these rights. We may not be able to provide certain sensitive information in response to an access request. We may be limited in the circumstances in which we must comply with a deletion request. If we do deny or limit your request, we will communicate our decision to you. You may exercise the rights listed above free from discrimination.

2. How to Submit a Request

To request access or deletion of personal information from out databases, please send us an email at help@syncmd.com. The CCPA requires us to take certain steps to properly verify the identity of the individual submitting a request before we can process it.

We will contact you independently using the email address associated with your PII to confirm the validity of the request and your ownership of the data. We may also ask that you provide certain details and information about yourself to assure us that you are in fact the individual to whom the information you have requested belongs to.
Once we have confirmed your identity to a satisfactory level in keeping with the principles of the CCPA, we will begin processing your request and notify you of any limitations or denials.
California residents may empower an “authorized agent” to submit requests on their behalf. As part of our security and privacy measures, we require that any authorized agents have a written authorization with your signature confirming their authority to act on your behalf.

3. Personal Information that Sync.MD Collects, Uses, and Shares

Sync.MD will never sell or rent your personal information without your consent.

Information that Sync.MD directly collects from you:

Our services may collect information directly from you, which identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or device (“Personal Information”).
We may collect this Personal Information directly from you on our web portal or through our services, or indirectly from you, such as by observing your actions when using our web portal, our services, or our website.
As described in our Privacy Policy, we use cookies and other tracking tools on our web portal and website to analyze traffic and usage patterns.

4. Categories of Personal Information

The CCPA requires that companies disclose their collection and use of specific categories of Personal Information enumerated in CCPA. Below is a table of those categories and a notification as to whether Sync.MD collects each. Please note that while each “CCPA category” may cover many types of personal information, Sync.MD only collects, uses, and shared the personal information described in this Privacy Policy.

CCPA Categories	Collected
Identifiers	Yes
Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code Section 1798.80(e))	Yes
Protected Classification Characteristics under California or federal law	Yes (age)
Commercial Information	Yes
Biometric Data	Yes
Internet or other similar network activity	Yes
Geolocation Data	No
Sensory Data	No
Professional or employment-related information	Yes
Non-public education information (per the Family Educational Rights and Privacy Act (20 USC Section 1232g, 34 CFR Part 99))	No
Inferences drawn from other personal information	Yes