Our commitment to keeping your privacy and personal information safe is our top priority. We believe your trust in TOCI HEALTH to keep this a priority will determine the success of our service. We have taken significant steps to protect the confidentiality of this information.
INFORMATION WE COLLECT
Personal information refers to any data which may potentially allow your identification with reasonable means. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties. We strive to only collect the personal data that we need. Any information you provide to us that is not required, is voluntary. However, please note that your use of the Service may be limited if you choose not to share certain information with us.
When you create an account, purchase a product or device, download a software update, connect to our services, contact us (including by social media), or otherwise interact with Toci Health, we may collect a variety of information, including:
- Account Information. Data required to create an account with us, such as your email address and password
- Device Information. Data from which your device could be identified, such as device serial number or unique identifier. When your device syncs with our applications or software, data recorded on your device is transferred to our servers
- Personal Health Information. Data relating to the health status of an individual, such as the medications you take, prescribed regimens, dosages, and treatment dates. Personal health data also includes data that can be used to make inferences about or detect the health status of an individual
- Caregiver Information. Data used for sending caregiver notifications on your behalf, such as the caregiver’s name, relationship, email address, phone number, and contact preferences
- Usage Information. Data about your activity on and use of our offerings, such as app launches within our services, including product interaction; crash data, performance and other diagnostic data; and other usage data
- Payment Information. Data about your billing address and method of payment, such as credit, debit, or other payment card information
- Transaction Information. Data about purchases of Toci Health products and services
- Fraud Prevention Information. Data used to help identify and prevent fraud
- Support Information. Data such as the content of your communications with Toci Health, including interactions with customer support and contacts through social media channels
We use third-party web and app analytics services on our websites and mobile apps. The service providers use automated technologies (such as cookies, server logs, and web beacons) to collect and analyze information, including personal information, to understand how you use our websites and mobile apps. These analytics services help us improve features, evaluate the effectiveness of our marketing, and, ultimately, optimize the customer experience. The information we obtain in this manner may include your IP address, geolocation, web browser characteristics, device characteristics, language preferences, referring/exit pages, clickstream data, and dates and times of website or app visits. Toci Health generally treats data we collect using these cookies and similar technologies as nonpersonal data.
HOW WE USE INFORMATION
Our primary purpose in collecting personal information is to provide you with a secure and customized user experience. Toci Health generally uses personal information to power and improve our services, to process your transactions, to communicate with you, for security and fraud prevention, and to comply with law. We will not use or disclose personal information for purposes other than those for which it was collected, without your permission.
We use the information we collect for the following purposes:
- Provide and Maintain the Service. To power our services, including managing your Toci Health account, providing medication reminders, tracking adherence and other trends, and sending caregiver notifications. Note that providing a caregiver’s contact information indicates that they consent to receive automated SMS/text and/or email messages concerning your use of the Service.
- Improve, Personalize, and Develop the Service. To troubleshoot and protect against errors, perform data analytics and reporting, personalize your experience, and develop and test new features.
- Process Your Transactions. To process transactions, Toci Health must collect data such as your name, purchase, and payment information.
- Service Communications. To send you administrative or account-related information, inform you of relevant security issues or updates to our terms and policies, market our products and services, and request information or feedback. You may not opt-out of receiving critical service communications.
- Customer Service. To resolve any questions, claims, requests, disputes, or to troubleshoot problems when you contact us.
- Network and Information Security. To enhance the security of our services, monitor and verify service access, combat spam or other security risks, and to comply with applicable security laws and regulations.
- Safety and Fraud Prevention. To protect individuals, employees, and Toci Health for the benefit of all our users and partners, for loss prevention, and to prevent fraud and abuse.
- Comply with Law. To comply with applicable law, satisfy tax or reporting obligations, or to comply with a lawful governmental request.
- For Any Purpose. With your consent, we may also process your personal data for other purposes—taking into consideration your interests, rights, and expectations.
We may use service providers to perform some of these functions. Those service providers are restricted from sharing your information for any other purpose.
In some cases, when you give us information for a feature of the Service, we delete the data after it is no longer needed. We will retain your personal information for so long as necessary to provide our services, or as required by law. We keep your account information, like your email address and password, for as long as your account is in existence.
HOW WE SHARE INFORMATION
We may share your personal information for external processing by service providers, for legal reasons to prevent harm, and for when you agree or direct us to share your data. We take care to ensure your personal information is only accessed by those who require access to perform their tasks and duties.
We will only share your information in the following limited circumstances:
- Service Providers. To third-party vendors and service providers to help with parts of our business operations including payment processing, order fulfillment, delivery, customer support, development services, cloud storage, information technology, marketing, data analytics, consulting, and security. We do not authorize our service providers to use or disclose your personal information except as necessary to perform services on our behalf or comply with legal requirements.
- At Your Direction. To others at your direction or with your consent. For example, your designated Caregiver or healthcare provider can receive notifications regarding your adherence with your medication regimen. When you give healthcare organizations permission to view your information, they will be able to access that information through our API. When you share your health or medication information with others, any information disclosed by you is solely your responsibility. You should exercise caution when disclosing any information.
- Law Enforcement. To law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, litigation, court order, or similar legal procedure, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our terms and policies.
- Government and Regulatory Authorities. To authorities such as the U.S. Department of Health and Human Services, the Food and Drug Administration, and other federal or state government agencies as required by regulation.
- Research Partners. We may share aggregated data with third parties—such as research institutes, healthcare systems, and healthcare providers—for research purposes, industry analysis, demographic profiling, and for improvement of our services. Aggregated data will not contain any information that could be used to contact or identify you.
- Others. We may also disclose information if we determine that disclosure is reasonably necessary to enforce our terms and policies, or to protect our operations or users.
HOW WE PROTECT INFORMATION
Toci Health uses a combination of administrative, technical, and physical safeguards to keep your information safe. We make commercially reasonable efforts to prevent unauthorized access, misuse, disclosure, or destruction of your data under our control. While we strive to protect your information, we cannot guarantee its absolute security and privacy. We use encryption to keep your personal data private while in transit, but you should be aware that there is always some level of risk involved in transmitting data wirelessly or over the Internet. Communication in this manner is subject to interception, loss, or altercation—and is done so at your own risk.
We are constantly working to improve on these safeguards to help keep your personal data secure. Please notify us immediately if you become aware of any unauthorized access to or use of your account.
YOUR PRIVACY RIGHTS
We believe you should be able to access and control your personal information. Depending on how you use Toci Health, you may have the right to request access to, correct, amend, delete, transfer, restrict, or object to certain uses of your personal information (for example, direct marketing). We will not discriminate or provide you with a different level of service if you exercise any of these rights.
There may be situations where we cannot grant your request—for example, if you ask us to delete your transaction data and Toci Health is legally obligated to keep a record of that transaction to comply with law. We may also decline to grant a request where doing so would undermine our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns. Other reasons your privacy request may be denied are if it jeopardizes the privacy of others, is frivolous or vexatious, or would be extremely impractical.
By logging into your account in the Toci Health mobile app and using the control settings, you can access, change, or delete much of your personal information. You can even delete your account if you wish. Please note that if you decide to delete your personal information, Toci Health may retain any data related to your Service history in aggregate form, and use and share such aggregate data for its business purposes. At any time, you can stop the collection of your information by uninstalling the Toci Health mobile app and refraining from using the Service.
You may opt out of receiving marketing or promotional communications from us by following the unsubscribe instructions in the communications you receive. However, you may still receive messages from us regarding the administration of your account and your use of our services—you will not be able to opt out of these communications.
You also have the right to opt out of the sale of your personal information. Note that Toci Health does not sell your personal information in its ordinary course of business and will never sell your personal information to third parties without your explicit consent.
To exercise your privacy rights, use the controls in the TociHealth mobile app or contact us at firstname.lastname@example.org to submit a request. We may need to verify your identity before processing your request to protect your information and the integrity of our Service.
POLICIES FOR CHILDREN
Our products and services are intended for a general audience and are not directed towards children. We do not knowingly collect or store personal information from anyone under the age of 13. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible.
CHANGES TO THIS POLICY
Last updated: Ago 30, 2022