Privacy Policy

This Privacy Policy describes how Cascala Health, Inc. (“Company”, “we”, “us”, or “our”) handles personal information that we collect through our website, our mobile application and through any other websites that we own or control and which links to this Privacy Policy (collectively, the “Sites”). This Privacy Policy also applies to your access to and use of our services, including the Cascala AI-enabled clinical intelligence platform (collectively, the “Services”)

The Sites and the Services are owned and controlled by Cascala Health, Inc. and its subsidiaries, affiliates, successors, and assigns (collectively, “Cascala Health”, “we,” “us,” or “our”). The terms “you” and “your” mean you or any other person using the Sites or Services on your behalf.

This Privacy Policy should be read in conjunction with and is governed by our Terms and Conditions of Use (“Terms of Use”), which are available at https://www.cascalahealth.com/privacy-policy. Capitalized terms not defined in this Privacy Policy have the meanings given to them in our Terms of Use.

Personal information means any information that identifies, relates to, describes, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, consumer or household.

Personal information we collect

Information you provide when you visit the Sites

• Automatic data collection.  We and our service providers may automatically log and combine information about you, your computer or mobile device, and your interaction over time with the Services, online resources, and our communications, such as device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area.

• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you have opened our marketing emails or clicked links within them.

Information we collect when you communicate with us through the Sites or otherwise:

• Contact information.  Your first and last name, phone number, email address
• Communications that we exchange with you, including when you contact us with questions, feedback or need assistance.

Information you submit to us when you open a user account to access and use the Services

• Identification details. Your full name, employer or affiliated organization, job title or role, and any unique user or account identifiers assigned by us.
• Contact information, Professional email address, telephone number, mailing address, and preferred contact method.
• Professional and licensure information. Your professional credentials, license numbers and issuing jurisdictions, specialty, practice location, and organizational affiliations, as necessary to verify eligibility and comply with applicable laws and professional standards.
• Account and authentication information, Your username, password, security questions and answers, and other information used to establish and maintain secure access to the Services.
• Technical and usage information, Device identifiers, IP address, browser type, operating system, access dates and times, session activity, and log data related to how you access and use the Services, collected to support security, auditing, troubleshooting, and service improvements.

Failure to provide this information to register an account may limit or prevent your access to the Services

Information we may obtain from other sources

• We may maintain pages on social media platforms, such as LinkedIn or Facebook, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use, and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.
• We may obtain your personal information from other third parties, such as publicly-available sources and data brokers.

Cookies and other tracking technologies

Cookies are text files that websites store on a visitor’s device to uniquely identify the visitor’s browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand website user activity and patterns and for our advertising and marketing efforts.

We may use the following cookies on our Sites:

• Strictly Necessary cookies: These cookies are required for providing you with features or services that you have requested. Disabling these cookies may make certain features and services unavailable.
  • Analytics cookies. These cookies allow us to analyze website usage so we can measure and improve performance. For example, Google Analytics collects information about how users use our Services, which we then use to compile reports that disclose trends without identifying individual visitors, and help us improve our Services.
  • Advertising cookies. These cookies are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.

For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit https://www.allaboutcookies.org/. Additional information regarding how to opt out of cookies and other tracking technologies is provided below in the section, “Your Choices”.

How we use your personal information

To operate our Services:

• Provide, operate, maintain and secure our Services.
• Communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages.
• Respond to your requests, questions and feedback.
• Improve, monitor, and personalize the Services, including by understanding your needs and interests, and personalizing your experience with the Services and our communications.
• For research and development. We may use your personal information for research and development purposes, including to analyze and improve our Services and our business. As part of these activities, we may create aggregated, de-identified, or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and disclose it to third parties for our lawful business purposes, including to analyze and improve our Services and promote our business.
• Direct marketing. We may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events via email. You may opt out of our marketing communications as described in the “Your choices” section below.

Compliance and protection.

We may use personal information to:

• Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
• Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims).
• Audit our internal processes for compliance with legal and contractual requirements and internal policies.
• Enforce the terms and conditions that govern our Services.
• Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

How we disclose your personal information.

We may disclosure your information as follows:

• Affiliates. We may disclose your personal information to our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
• Service providers. We may disclose your personal information to third party companies and individuals that provide services on our behalf or help us operate our Services (such as lawyers, bankers, auditors, insurers, customer support, hosting, analytics, email delivery, marketing, and database management).
• Governmental authorities. We may disclose your personal information to law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
• Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

Your choices

Cookies and tracking technologies

There are a number of ways to limit online tracking through cookies and other technologies (e.g., pixels, tags, web beacons). Please note that some of these opt-out tools are not associated with the Company and we cannot guarantee that these tools work as these third-party providers describe:

Blocking cookies on your device. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit https://www.allaboutcookies.org/.

Using privacy plug-ins or browsers. You can block our websites from setting cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies and other trackers.

Blocking advertising ID use in your mobile settings. Your mobile device settings can provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.

Online advertising industry opt out tools. You can use the following industry opt out options to limit use of your personal information for interest-based advertising by participating companies:

• Digital Advertising Alliance for Websites: optout.aboutads.info
• Network Advertising Initiative: optout.networkadvertising.org

Platform opt-outs. Some of our advertising partners (such as Google and Facebook) offer opt-out features that let you opt out of use of your information for interest-based advertising.

Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.

You can also set your cookies preferences by accessing our cookies management platform.

Analytics

We use Google Analytics to help us understand how visitors engage with the Sites, such as which pages are visited, how long users stay, and where they come from, helping owners improve the user experience. By default, Google Analytics (specifically version GA4) is designed to be privacy-conscious and focuses on aggregate, anonymized data rather than identifying individuals. However, it does collect some data that can be considered personal under stricter privacy laws like GDPR.

You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.

Marketing emails

We may send you email marketing or promotional messages about our products and services that may be of interest to you. You may opt out of receiving marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email. You also can opt outby contacting us at privacy@cascalahealth.com. If you opt out, you may continue to receive service-related and other non-marketing emails.

Do Not Track

Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Other sites, mobile applications and services

Our Services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and disclosure of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Job Applicants

When you apply for one of our open positions, we collect the information that you provide in connection with your job application. This includes but is not limited to business and personal contact information, professional credentials and skills, educational and work history, and other information that may be included in a resume or that you may provide during the interview process. This may also include demographic or diversity information that you voluntarily provide. We may also conduct background checks and receive related information. We also collect personal information from other sources where relevant for your application, such as employment research firms, recruiters, identity verification services, and information that you make publicly available on websites or social media platforms (for example, LinkedIn). Throughout the recruitment process, we may supplement your personal information in connection with the assessment of your application. For example, we may record the views of those considering your application about your suitability for the role for which you have applied and retain interview notes. If you accept an offer from us, your personal information will be incorporated into and used as part of your employee record.

Located in the United States

The Sites and Services are owned and operated by Cascala Health, Inc. in the United States and are governed by US law. If you are outside the United States when you visit the Sites or Services or otherwise engage in communications with us, be aware that your personal information may be transferred to, stored, and processed by us and/or our third-party cloud providers in the United States. By visiting the Sites or using our Services, or providing us with any personal information, you fully understand and unambiguously consent to this transfer, processing and storage of your personal information in the United States, which privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen. Note also that your personal information may be available to the US Government or US law enforcement under appropriate legal processes in the United States.

Security and Retention

We employ a number of technical, organizational, and physical safeguards designed to protect the personal information we collect but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

If you establish an account with us, do not provide your login information, including your password, to another person. We cannot be responsible for a data breach or other incident if a password is used by unauthorized persons. You remain responsible for all activity conducted using your account credentials.

We will maintain your personal information for as long as needed in order to perform the purposes for which such personal information was collected. As described in this Privacy Policy, you may request at any time to access or update your personal information, or that we delete any of your personal information stored by us, by contacting us at privacy@cascalahealth.com. Following any such request, we will take all reasonable steps to provide, modify or delete your personal information as soon as is practicable, but some information may remain in archived/backup copies for our records or as otherwise required by law.

Children

The Sites and Services are not designed nor intended for use by children under 18 years of age. If we learn that we have collected personal information through the Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.

US State Privacy Notice (including California)

Certain US state privacy laws, including the California Consumer Privacy Act (as amended by the California Privacy Rights Act) (collectively, the “CCPA”), as well as similar consumer privacy laws in other US states, provide residents of those states with specific rights regarding their personal information. This section describes those rights and how to exercise them, to the extent these laws apply

Categories of Personal Information We Collect (CCPA/Similar Laws)

In the preceding 12 months, we may have collected the following categories of personal information (as defined by the CCPA and similar laws) in connection with the Sites and Services:

• Identifiers (e.g., name, email address, postal address, phone number, IP address, device identifiers);
• Customer records and account information (e.g., account credentials, billing information);
• Commercial information (e.g., order history, loyalty and gift card transactions);
• Internet or other electronic network activity information (e.g., browsing history, usage data);
• Geolocation data (e.g., IP-based location, precise location where enabled);
• Audio, electronic, visual, or similar information (e.g., customer support call recordings, user-generated content);
• Inferences drawn from other personal information (e.g., preferences and characteristics); and
• Professional or employment-related information of (e.g., business contact details, role).

Purposes for Collection and Disclosure

We collect and disclose the categories of personal information listed above for the business and commercial purposes described in the “How we use your personal information” and “How we disclose your personal information” sections of this Policy.

Disclosures for Business Purposes

In the preceding 12 months, we may have disclosed the categories of personal information listed above for “business purposes” (as such term is defined under the CCPA and similar laws) to the categories of third parties identified in the section, “How we disclose your personal information”.

Do Not Sell/Share My Personal Information

If you’re a California resident (and a resident of some other states) you have a right to opt-out from the “sale” or “sharing” of your personal information with third parties who are not our service providers (as those terms are defined CCPA). Although we do not sell your personal information to third parties, for example to data brokers., our use of personal information to serve you interest-based advertising may constitute “sharing” of personal Information for cross-context behavioral advertising under the CCPA. These state residents can opt out of this sharing of their personal information for this purpose. To exercise this right, click on our Online Form – Do Not Sell or Share My Personal Information. You can also submit a request to opt-out by emailing the completed form to us at privacy@cascalahealth.com with the subject line “Do Not Sell or Share My Personal Information”.

Please note that if you have implemented a browser-based opt out preference signals, such as Global Privacy Control (see: https://globalprivacycontrol.org/), we will recognize such preference in accordance with applicable law.

Other California Notices

Pursuant to California’s “Shine The Light law (California Statute § 1798.983), California residents are entitled to request, once a year and free of charge, certain information regarding what types of their personal information may be shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business is to either provide California customers certain information upon request or permit California customers to opt out of this type of sharing. Note, however, that we do not sell, rent, lease or otherwise make available personal information to third parties for their marketing purposes, unless giving you a choice before disclosing your personal information to third parties for this purpose. For questions, please contact us via email at: privacy@cascalahealth.com.

Your Privacy Rights

Subject to applicable law, residents of certain US states (including California) may have the following rights regarding their personal information:

• Right to Know/Access. The right to request that we disclose the personal information we have collected about you, including specific pieces of information and additional details about our data practices.
• Right to Delete. The right to request that we delete personal information that we have collected from you, subject to certain exceptions.
• Right to Correct. The right to request that we correct inaccurate personal information that we maintain about you.
• Right of Portability. Where technically feasible and required by law, you may request a copy of your personal information in a structured, commonly used, machine-readable format.
• Right to Opt Out of Sales or Sharing. The right to direct us not to sell or share your personal information, as those terms are defined in the CCPA or other US state consumer privacy law.
• Right to Non-Discrimination. We will not discriminate against you for exercising your privacy rights.

To submit a request, you can complete and submit our Online Form – Privacy Rights Request  or contact us at: support@cascalahealth.com. (If submitted via email, please include “Privacy Rights Request” in the subject line.) We may ask to verify your identity and your state of residence before processing your request. You may also designate an authorized agent to make a request on your behalf.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. We encourage you to periodically review this page for the latest information on our privacy practices. If we make a material change to the way in which we collect, use, and/or share your personal information, we will send an email to users who have provided an email address and/or change the “Last Updated” date at the top of this Privacy Policy.

How to contact us

Please direct any questions or comments about this Policy or our privacy practices to privacy@cascalahealth.com.

Name: Cascala Health

Address: 867 Boylston Street, FL 5 #2008

Boston, MA 02116 USA