Optovance Labs Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 2025

Introduction

Optovance Labs ("Optovance," "we," "our," or "us") is committed to protecting the privacy and security of your personal information and health data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare technology platform, including our AI-powered services, dashboard applications, and related microservices (collectively, the "Services").

We understand the sensitive nature of healthcare information and are dedicated to maintaining the highest standards of privacy and security in compliance with applicable laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and state privacy laws.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

Information We Collect

Personal Information

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked with a particular individual or device ("Personal Information"), including:

Account Information:

Full name and professional title
Email address and phone number
Organization name and address
Username and authentication credentials
Professional license numbers (where applicable)
Role and department information

Technical Information:

IP addresses and device identifiers
Browser type and version
Operating system information
Access times and dates
Pages viewed and actions taken
Referring website addresses

Protected Health Information (PHI)

As a healthcare technology platform, we process Protected Health Information on behalf of covered entities under HIPAA. This may include:

Patient Information:

Patient names and identifiers
Date of birth and demographic data
Medical record numbers
Procedure and imaging study identifiers

Note: We primarily process medical imaging data and associated identifiers necessary for image analysis, segmentation, and report generation. We do not typically collect or process comprehensive medical history, medications, or insurance information unless specifically required for the imaging procedure context.

Clinical Information:

Medical imaging data (ultrasound, photoacoustic computed tomography, and other imaging modalities)
Imaging procedure information and metadata
Clinical notes and documentation related to imaging procedures
Segmentation and tracking data from image-guided procedures
Generated reports and analysis results

AI Interaction Data

When you use our local LLM services, we may collect:

User prompts, responses, and interactions
Session metadata for context and performance tracking

Usage Analytics

We collect information about how you interact with our Services:

Feature usage patterns
Performance metrics
Error logs and diagnostic data
User preferences and settings
Workflow patterns

How We Use Your Information

Provision of Services

We use your information to:

Provide, maintain, and improve our Services
Process transactions and manage accounts
Facilitate healthcare operations and clinical workflows
Enable local LLM-powered assistance and automation
Provide customer support and technical assistance
Send service-related communications

Healthcare Operations

We process PHI to support:

Medical imaging analysis and processing
Real-time tumor segmentation and needle tracking
Clinical decision support for image-guided procedures
Automated report generation for medical imaging
Healthcare analytics and reporting related to imaging procedures
Quality improvement initiatives for interventional procedures

Security and Compliance

We use information to:

Ensure platform security and prevent fraud
Detect and prevent unauthorized access
Maintain audit logs for HIPAA compliance
Investigate security incidents
Comply with legal and regulatory requirements
Enforce our Terms of Service

Service Improvement

We may use aggregated and de-identified information to:

Improve our AI models and algorithms
Develop new features and services
Conduct research and analysis
Generate industry insights and benchmarks
Optimize system performance

Communications

With your consent, we may use your information to:

Send newsletters and updates
Provide educational content
Share product announcements
Invite participation in surveys or research

How We Share Your Information

Healthcare Providers and Covered Entities

We share PHI with healthcare providers and covered entities as necessary to:

Enable medical imaging analysis and processing services
Support real-time segmentation and needle tracking for interventional procedures
Facilitate automated report generation for medical imaging
Provide clinical decision support tools for image-guided procedures
Comply with treatment, payment, and operations under HIPAA

Business Associates

We may share information with carefully selected business associates who:

Provide services essential to our operations
Have signed Business Associate Agreements (BAAs)
Are contractually obligated to protect your information
Meet our security and compliance standards

These may include:

Cloud infrastructure providers
Security and monitoring services
Communication service providers
Analytics and reporting tools
Payment processors

Legal Requirements

We may disclose your information when required by law, including:

In response to court orders or subpoenas
To comply with government investigations
To report suspected abuse, neglect, or domestic violence
For public health activities
To prevent serious threats to health or safety
As required by HIPAA and other healthcare regulations

Consent-Based Sharing

We will share your information with your explicit consent for:

Research purposes (with appropriate de-identification)
Third-party integrations you authorize
Marketing communications you opt into
Other purposes you specifically approve

Corporate Transactions

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections.

Data Security

Technical Safeguards

We implement comprehensive technical security measures:

Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
Access Controls: Multi-factor authentication and role-based access control
Network Security: Web application firewall and intrusion detection systems
Monitoring: Automated security monitoring and threat detection
Audit Logging: Comprehensive audit trails for all PHI access

Administrative Safeguards

Our administrative security measures include:

Security officer designation and oversight
Workforce training and awareness programs
Access authorization procedures
Incident response procedures
Business associate management
Risk assessments and management

Physical Safeguards

We ensure physical security through:

Secure data center facilities
Access controls and monitoring
Environmental controls
Media disposal procedures
Equipment security

Compliance Certifications

We maintain compliance with:

HIPAA Security and Privacy Rules
HITECH Act requirements
SOC 2 Type II certification
ISO 27001 standards
State privacy regulations

Your Rights and Choices

HIPAA Rights

Under HIPAA, you have the right to:

Access: Request access to your PHI
Amendment: Request corrections to your PHI
Accounting: Receive an accounting of disclosures
Restriction: Request restrictions on uses and disclosures
Confidential Communications: Request alternative communication methods
Notice: Receive notice of our privacy practices

Privacy Rights

Depending on your location, you may have additional rights:

Deletion: Request deletion of your personal information
Portability: Receive your data in a portable format
Opt-Out: Opt out of certain uses and disclosures
Non-Discrimination: Not be discriminated against for exercising your rights

Exercising Your Rights

To exercise these rights, please contact us at:

Email: admin@optovancelabs.com

We will respond to your request within the timeframe required by applicable law.

Marketing Communications

You can opt out of marketing communications by:

Clicking the "unsubscribe" link in emails
Adjusting your account preferences
Contacting us directly

Service-related communications cannot be opted out of while using our Services.

Breach Notification

In the event of a breach of unsecured Protected Health Information, we will notify affected individuals, the covered entity, and, when required, the U.S. Department of Health and Human Services in accordance with HIPAA and HITECH Act requirements. Notifications will be provided without unreasonable delay and no later than 60 days after discovery of the breach.

Data Retention

Retention Periods

We retain your information for as long as necessary to:

Provide our Services
Comply with legal obligations
Resolve disputes
Enforce our agreements

Specific retention periods:

PHI: Minimum of 6 years as required by HIPAA
Audit Logs: 7 years for compliance purposes
Account Information: Duration of account plus 7 years
Technical Data: 90 days for diagnostic purposes

Data Deletion

When retention periods expire, we:

Securely delete or destroy the information
Use cryptographic erasure for encrypted data
Ensure complete removal from all systems
Maintain deletion logs for compliance

International Data Transfers

Data Localization

We primarily process and store data within the United States. For international users:

Data may be transferred to the U.S. for processing
We implement appropriate safeguards for international transfers
We comply with applicable data transfer regulations
We can work with customers on data residency requirements

Cross-Border Safeguards

For international data transfers, we use:

Standard contractual clauses
Appropriate technical and organizational measures
Encryption for all data transfers
Access controls and monitoring

Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a child under 18, we will promptly delete it.

However, we may process health information about minors as part of providing healthcare services to covered entities, always in compliance with HIPAA and applicable laws.

California Privacy Rights

California Consumer Privacy Act (CCPA)

California residents have additional rights under the CCPA:

Right to know what personal information is collected
Right to know if personal information is sold or disclosed
Right to say no to the sale of personal information
Right to access personal information
Right to equal service and non-discrimination

CCPA Disclosures

We do not sell personal information
We may share information with service providers for business purposes
Categories of information collected are described in this Privacy Policy
You may exercise your CCPA rights by contacting us

California Shine the Light

California residents may request information about disclosures to third parties for direct marketing purposes by contacting us at admin@optovancelabs.com.

Third-Party Services and Links

Third-Party Integrations

Our Services may integrate with third-party services you choose to connect. These integrations are governed by:

Your authorization and consent
The third party's privacy policy
Applicable data sharing agreements
Security and compliance requirements

External Links

Our Services may contain links to external websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

Analytics Services

We use analytics services to improve our Services. These services may collect information about your use of our platform. We ensure these services comply with our privacy and security standards.

Cookies and Tracking Technologies

Types of Cookies We Use

Essential Cookies: Required for platform functionality and security

Performance Cookies: Help us understand how you use our Services

Functionality Cookies: Remember your preferences and settings

Analytics Cookies: Provide insights for Service improvement

Cookie Management

You can manage cookies through:

Browser settings
Account preferences
Cookie consent banner
Opt-out tools

Note that disabling certain cookies may limit Service functionality.

Do Not Track

We respect Do Not Track signals for non-essential tracking. Essential security and functionality tracking continues regardless of DNT settings.

Updates to This Privacy Policy

We may update this Privacy Policy to reflect:

Changes in our practices
New features or services
Legal or regulatory requirements
Security enhancements

Notification of Changes

We will notify you of material changes through:

Email notification
In-platform notices
Website announcements
Updated effective date

Review and Acceptance

Continued use of our Services after changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you should discontinue use of our Services.

Contact Information

Privacy Officer

For privacy-related questions or concerns:

Optovance Labs Privacy Officer
Email: admin@optovancelabs.com
Mail: Optovance Labs
Attn: Privacy Officer

Data Protection Officer

For data protection inquiries:

Email: admin@optovancelabs.com

Complaints

If you believe we have not addressed your concerns adequately, you may:

File a complaint with us directly
Contact your local data protection authority
File a complaint with the U.S. Department of Health and Human Services

Accessibility

We are committed to making this Privacy Policy accessible to individuals with disabilities. If you need this policy in an alternative format, please contact us at admin@optovancelabs.com.

Governing Law

This Privacy Policy is governed by the laws of the United States and the State of California, without regard to conflict of law principles. Any disputes will be resolved in accordance with our Terms of Service.

Severability

If any provision of this Privacy Policy is found to be unenforceable, the remaining provisions will continue in full force and effect.

Entire Agreement

This Privacy Policy, together with our Terms of Service and any applicable Business Associate Agreement, constitutes the entire agreement regarding the privacy of your information.