Privacy Policy — Prevena Health

1. Information We Collect

Information You Provide Directly

We may collect information that you voluntarily provide when you interact with the Site, including:

Contact and inquiry information: Name, email address, phone number, organization or company name, role or title, and the content of any message you submit through contact forms, partnership inquiry forms, or waitlist sign-ups.
Account information: If we offer account creation, your email address, password (stored in hashed form), and associated profile information.
Communication records: Records of correspondence if you contact us via email or other channels, including support requests and feedback.

Information Collected Automatically

When you visit the Site, certain information is collected automatically through cookies and similar technologies, including:

Device and browser information: Device type, operating system, browser type and version, screen resolution, and language preferences.
Usage data: Pages viewed, links clicked, time spent on pages, referring URL, and navigation paths through the Site.
Network information: IP address, approximate geographic location derived from IP address, and internet service provider.
Cookie and tracking identifiers: Unique identifiers assigned by cookies, pixels, and similar technologies as described in our Cookie Policy.

Information We Do Not Collect Through This Site

This Site does not collect health data, biomarker data, sensor data, biometric data, medical records, or any data from Prevena Health devices or applications. If Prevena Health products are offered in the future, the collection and use of health-related data through those products and services will be governed by separate, product-specific privacy terms and, where applicable, additional consents.

2. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Categories of Data Used
Operate and maintain the Site	Device info, usage data, network info
Respond to inquiries and partnership requests	Contact info, communication records
Send operational and account-related communications	Contact info, account info
Analyze Site usage and improve performance	Usage data, device info, cookie identifiers
Ensure security and prevent fraud	Network info, device info, usage data
Comply with legal obligations	All categories as required
Send marketing communications (with your consent)	Contact info

We do not sell your personal information. We do not use personal information collected through this Site for automated decision-making or profiling that produces legal or similarly significant effects.

3. How We Share Your Information

We may share your information with the following categories of recipients, and only for the purposes described in this Policy:

Service providers: Cloud hosting providers, analytics vendors, email service providers, and customer support tools that process data on our behalf under contractual obligations to protect your information and use it only as directed.
Professional advisors: Legal counsel, accountants, auditors, and consultants, as necessary for the operation of our business.
Legal and regulatory recipients: Government agencies, law enforcement, regulators, or courts, where required by law, subpoena, court order, or to protect our legal rights, safety, or property.
Business transaction parties: In connection with a merger, acquisition, reorganization, sale of assets, financing, or bankruptcy, your information may be transferred to the relevant parties, subject to applicable law.

We require all third parties who receive personal information from us to maintain appropriate security measures and to use such information only for the specific purposes for which it was shared.

We do not share, sell, rent, or trade your personal information with third parties for their own marketing purposes.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information when you visit the Site. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please see our Cookie Policy.

We do not use health-related browsing data or health-related application data with advertising technology vendors.

5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Specifically:

Contact and inquiry data: Retained for as long as needed to address your inquiry and for up to three (3) years thereafter for follow-up and business development purposes, unless you request earlier deletion.
Account data: Retained for the duration of your account and for a reasonable period after account closure for legal compliance and dispute resolution purposes.
Automatically collected data: Analytics and log data are generally retained in identifiable form for up to twenty-four (24) months, after which they may be aggregated or anonymized.
Legal obligations: We may retain certain information for longer periods as required by applicable law, regulation, litigation hold, or legal proceeding.

When personal information is no longer needed and no legal retention obligation applies, we will securely delete or anonymize it.

6. Data Security

We implement appropriate technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

Encryption of data in transit using TLS/HTTPS;
Access controls and role-based permissions for internal systems;
Regular security assessments and vulnerability management;
Employee training on data protection and security practices.

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information, including:

Access: The right to request access to the personal information we hold about you.
Correction: The right to request correction of inaccurate or incomplete personal information.
Deletion: The right to request deletion of your personal information, subject to certain exceptions.
Portability: The right to receive a copy of your personal information in a structured, commonly used, machine-readable format.
Opt-out of marketing: The right to opt out of receiving marketing communications at any time by using the unsubscribe link in our emails or by contacting us.

Florida Residents

If you are a Florida resident, you may have additional rights under the Florida Digital Bill of Rights (effective July 1, 2024), including the right to access, correct, delete, and obtain a copy of your personal data, and to opt out of the processing of personal data for targeted advertising, the sale of personal data, and certain profiling activities. To exercise these rights, contact us using the information below.

Exercising Your Rights

To exercise any of the rights described above, please contact us at privacy@prevenahealth.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law. We will not discriminate against you for exercising any of your privacy rights.

8. Children's Privacy

This Site is not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information. If you believe we have collected information from a child under 18, please contact us at privacy@prevenahealth.com.

9. Third-Party Links

This Site may contain links to third-party websites or services. We are not responsible for the privacy practices or the content of those third-party sites. We encourage you to read the privacy policy of every website you visit. The inclusion of a link does not imply endorsement of the linked site by Prevena Health.

10. Health-Related Data and HIPAA

This Site does not collect, store, or process protected health information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA"). The Site is a general informational and corporate website.

If Prevena Health products or services are offered in the future in a manner that involves PHI or that involves acting as or on behalf of a HIPAA covered entity or business associate, the collection, use, and protection of such data will be governed by a separate Business Associate Agreement and/or product-specific privacy notice, as applicable. We will not market a consumer-facing health application as "HIPAA compliant" unless we have mapped the applicable roles, implemented required controls, and confirmed that HIPAA applies to the specific workflow.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Effective Date" at the top of this page and, where appropriate, provide additional notice through the Site or by email.

We encourage you to review this Privacy Policy periodically. Your continued use of the Site after any changes indicates your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact:

Prevena Health, Inc.
Attn: Privacy
Email: privacy@prevenahealth.com

For questions about our Terms of Use, please contact legal@prevenahealth.com.