Legal

Privacy Policy

Last Updated January 18, 2023

If you found this Privacy Policy, you’ve probably heard of us. We at Redox have developed an API connection and platform that enables healthcare organizations to connect their EHR systems to their software vendors. In other words, we have discovered a way to make data exchange a bit easier.

We mostly work for businesses. We transfer and host (temporarily!) data on their behalf, and we don’t have decision-making authority about how that data is used. We are what some privacy laws refer to as a “data processor” or a “service provider.” If you are looking for information about how we use data in that role, we recommend contacting our customers. We may be able to help you find them if you don’t know who they are.

If we have your data outside of these service provider relationships, then this Privacy Policy is for YOU. You are likely a developer or a business contact at one of our customers, but you could also be someone who is interested in Redox, a technology buff, or a random internet user who stumbled across our website. Whoever you are, please read this Privacy Policy carefully, because it describes how we process personal information in connection with your use of our products and services, including our Website (https://redoxengine.com/) (together our “Services”). It also includes information about your rights with respect to the personal information we collect, including if you are a California resident, a resident of certain other states, or if you are located in the EEA or UK.

If you have questions about how we are processing your personal information, or if you would like to know more about our privacy practices, you can contact our Privacy Team by emailing us at [email protected].

What Personal Information We Collect

We collect information that helps us contact you, provide our Services to you, and carry out certain business purposes described below. If we can use this information to identify you, we consider it Personal Information. This means that data that directly identifies you — such as your name — is Personal Information, and also data that does not directly identify you, but that can reasonably be used to identify you — such as the serial number of your device — is Personal Information.

When you seek to connect to our Services, register for an account, sign up for a mailing list, apply for employment, create content, complete an online form, contact us (including by social media), participate in a survey, or otherwise interact with Redox, we may collect a variety of Personal Information. What we collect depends on your relationship with us and how you interact with our Services, and it generally falls into one or more of the following categories:

  • Identifiers: We collect information that identifies you, like your name, alias, address, phone numbers, or IP address.
  • Customer Records: If you are a customer, we collect and maintain your Personal Information in our customer records, including payment card information and other information that are not direct identifiers but can be associated with or relates to you.
  • Protected Class and Demographic Information: If you apply for employment with us, we may collect information about your age, gender, or other demographics or protected classifications.
  • Commercial Information: If you have a business relationship with us, we may collect information about your purchases or quotes, subscriptions, payment history, and the services that you’ve shown interest in.
  • Internet or other Electronic Network Activity Information: When you use our online Services, we may collect information about your interaction with our Services, such a browsing history, search history, device and browser information.
  • Geolocation Data: When you connect to our Services using a device, we may collect the geolocation of your device. We do not collect your precise geolocation information.
  • Professional or Employment-related Information: If you apply for employment with us or use our Services through your employer, we may collect information about your current employment and your employment history, such as your job title, employer, business contact details, and reference information.
  • Education Information: If you apply for employment with us, we may collect information about your education history, including the schools you attended or certifications you’ve achieved.
  • Inferences: We may draft inferences about you based on the categories of information described above, including about your preferences and qualifications.

In certain circumstances, we also may collect sensitive information, including the following:

  • Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
  • Racial or ethnic origin.

How We Collect Your Personal Information

In addition to collecting information directly from you, we may receive Personal Information about you from other individuals, from businesses or third parties acting at your direction, from our partners who work with us to provide our Services, and from other lawful sources.

  • Other Individuals: We may collect data about you from other individuals — for example, if another user (such as an administrator, security officer, or an authorized person) creates an account on your behalf.
  • At Your Direction: You may direct other individuals or third parties to share data with Redox. For example, you may direct your references to share information with us to supplement your job application.
  • Industry Partners: We may also collect information from industry partners that run conferences that we attend or participate in our podcast.
  • Automated Technologies: We use cookies and data collection technologies developed by third parties to collect information about your use of our Services.

For research and development purposes, we may use datasets that could be associated with an identifiable person. When acquiring such datasets, we do so in accordance with applicable law, including law in the jurisdiction in which the dataset is hosted. When using such datasets for research and development, we do not attempt to reidentify individuals who may appear therein.

How and Why We Process Your Personal Information

We process the Personal Information described above for a variety of business and commercial purposes, including to power our services, to communicate with you, for security and fraud prevention, and to comply with law. We may also use your Personal Information for other purposes with your consent.

  • Power and Improve Our Services: We collect Personal Information necessary to power our Services, which may include Personal Information collected to improve our Services, for internal purposes such as auditing or data analysis, or for troubleshooting.
  • Process Your Transactions and Requests: To process transactions and requests, we collect data necessary to each transaction or request. For example, when you sign up for a developer account, we will collect and use your Personal Information to administer your account and grant you access to our Services.
  • Communicate with You: We collect and use your Personal Information to respond to communications, reach out to you about your transactions or account, market our Services, provide other relevant information, or request information or feedback. From time to time, we may use your Personal Information to send notices, such as communications about purchases and changes to our terms, conditions, and policies.
  • Personalize our Services: If you choose to personalize your Services or communications where such options are available, we will use Personal Information to offer you those personalized Services or communications.
  • Evaluate your Application: We collect information to process applications you submit, such as employment applications and developer applications.
  • Security and Fraud Prevention: To protect individuals, employees, and Redox and for loss prevention and to prevent fraud, including to protect individuals, employees, and Redox for the benefit of all our users.
  • Comply with Law: To comply with applicable law — for example, to satisfy tax or reporting obligations, or to comply with a lawful governmental request.

We do not use algorithms or profiling to make any decision that would significantly affect you without the opportunity for human review.

How We Disclose Your Personal Information

We may disclose Personal Information described above with service providers who act on our behalf, account owners and administrators, our partners, to third parties at your direction, or to others pursuant to legal or internal business purposes. Redox does not disclose your Personal Information with third parties for those third parties’ own marketing purposes, nor do we sell your Personal Information.

  • Service Providers: We share your Personal Information with service providers. These companies may have access to your Personal Information to the extent reasonably necessary to perform their respective functions.
  • Account Owners and Administrators: Your Redox account owner or administrator may be able to: access information in and about your Redox account; disclose, restrict, or access information that you have provided or that is made available to you when using your Redox account, including your content; and control how your Redox account may be accessed or deleted.
  • Sale of Business: We may transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets to a third party as part of a merger, acquisition, bankruptcy proceeding, or other restructuring.
  • Legal Purposes: We may disclose your Personal Information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
  • Enforce Agreements and Protect Rights: We may disclose your Personal Information to enforce or apply our terms of use and other agreements we have with you. We also may disclose your information if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Redox, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
  • With your Consent: We may disclose information to third parties where we have received your consent for doing so.

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

Cookies and Other Tracking Technologies

Our Services may use “cookies” and other technologies such as web beacons. These technologies help us to better understand user behavior (including for security and fraud prevention purposes), tell us which parts of our Website people have visited, and facilitate and measure the effectiveness of advertisements and web searches. For more information about cookies, please visit our Cookie Policy.

Your Rights and Choices

We strive to provide you with choices regarding the Personal Information we maintain about you. Below are some options for exercising your rights and choices.

Correcting your Information. You may contact us to correct any Personal Information you provide to us by accessing the account settings page on our Website or within our platform. You may also send us an email at [email protected] with your request. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be inaccurate.

Setting Your Cookie Preferences. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly. For more information about controlling cookies, please visit our Cookie Policy.

Promotional Offers from Us. If you do not wish to have your contact information used by us to promote our own Services, you can opt-out by sending us an email stating your request to [email protected] or clicking “unsubscribe” on the email you received. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions. This opt-out does not apply to transactional or relationship messages we may send regarding your use of our Services.

Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can submit your preference via any cookie banner or preference center we offer, or otherwise opt-out by contacting us at [email protected]. For this opt-out to function, you must have your browser set to accept all browser cookies.

Certain individuals will have additional rights under their state or country’s privacy laws. Explanations of these rights are included below.

Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) may provide you with additional rights regarding our use of your Personal Information. To learn more about your California privacy rights, please visit our CCPA Disclosures.

Additional Rights for Residents of Certain States

Depending on where you are a resident, you may have the following additional rights:

  • Right to Know: You may have the right to confirm whether or not we process your Personal Information, to learn what Personal Information we collect, use, disclose, and sell, and to access such data.
  • Right to Correct: You may have the right to correct inaccuracies in your Personal Information.
  • Right to Delete: You may have the right to delete your Personal Information that we have obtained.
  • Right to Data Portability: You may have the right to receive a copy of your Personal Information in a portable and readily usable format.
  • Right to Opt Out of Processing: You may have the right to opt out of the processing of your Personal Information for purposes of (i) targeted advertising, (ii), the sale of your information; or (iii) profiling in furtherance of decisions that produce legal or similarly significant effect concerning you.

To exercise these rights, please contact us at [email protected]. We may need to take steps to verify your identity prior to responding to your request.

Notice to Users in the EEA and UK

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we collect and process your Personal Information on the following legal bases:

  • With your Consent: We may rely on your consent when, for example, we need to collect it for marketing purposes. If our processing based on your consent, you may withdraw your consent for such processing at any time.
  • Pursuant to a Contract: We may be required to process your Personal Information pursuant to a contract we have with you. For example, if you register as a developer on our Services, we may collect and use your Personal Information pursuant to the End User License Agreement or other contract you agree to as a condition of accessing the Services.
  • On the Basis of our Legitimate Interests: Our legitimate interests may include: improving our services and technology; detecting, investigating, and preventing fraud and other illegal activities; protecting the integrity and safety of our technology and services; protecting our legal rights and those of others; enforcing our Terms of Use and other terms and policies that apply to the use of our services; and pursuant or defending legal claims or for other use in legal proceedings.
  • On the Basis of a Legal Obligation: We may process your Personal Information because we have a legal obligation to do so, such as to retain records and respond to lawful governmental requests.

Further, we may process your Personal Information in our role as a data processor, meaning that we receive and follow instructions from our customers (the data controller) for how we are to process data.

When we, Redox, Inc., are the data controller of your Personal Information and your Personal Information is regulated by the EU General Data Protection Regulation or the UK Data Protection Regulation, you may email us at [email protected] to request that we:

  • Provide you with access to your Personal Information.
  • Correct inaccurate Personal Information we maintain about you.
  • Delete your personal information.
  • Transfer information to a third party.
  • Restrict the processing of your Personal Information.
  • Stop processing your Personal Information, including when you withdraw your consent (if we have used your Personal Information based on your consent).

You also have the right to lodge a complaint with your national data protection authority. Contact information for EEA data protection authorities can be found on the European Data Protection Board website. Contact information for the UK data protection authority can be found on the Information Commissioner’s Office website.

How We Secure Your Personal Information

We implement security safeguards to protect your Personal Information. We take steps to secure Personal Information through administrative, technical, and physical safeguards designed to protect against the risk of accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. These measures vary based on the sensitivity of the Personal Information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process Personal Information on our behalf also have appropriate security controls in place. Unfortunately, we cannot guarantee the security of information transmitted through the Internet, and where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential. Similarly, if you provision an API Key, you are responsible for keeping this API Key confidential. You should store your API Key Account SID in a secure location.

How Long We Retain your Personal Information

We will retain each category of your Personal Information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless required to do otherwise by applicable laws. Criteria we will use to determine how long we will retain your information include whether: we need your information to provide you with products or services you have requested; we continue to have a relationship with you; you have requested information, products, or services from us; we have a legal right or obligation to continue to retain your information; we have an obligation to a third party that involves your information; our retention or recordkeeping policies and obligations dictate that we retain your information; we have an interest in providing you with information about our products or services; and we have another business purpose for retaining your information.

Information from Children

Our Services are not directed to individuals under the age of 18. We do not knowingly collect Personal Information from children under the age of 18. If we discover a person who is underaged has provided us with Personal Information, we will take reasonable steps to promptly remove that person’s information from our records. If you discover that a person who is underage has provided us with Personal Information, please contact us at [email protected].

International Users

If you use our Services from outside the United States, your Personal Information will be transferred to, stored and processed in the United States. If you are located outside of the United States and we receive your Personal Information in the context of our role as a service provider or data processor, we follow the instructions of our business customer (aka the controller of your data) with respect to the safeguards we put in place to protect your Personal Information.

Do-Not-Track Signals

Web browsers and other technologies you may use to access our Website may include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

Third Party Websites and Content

Our Services may contain links or references to other websites outside of our control. Please be aware that this Privacy Policy does not apply to these websites. We encourage you to read the privacy policies and terms and conditions of linked or referenced websites you enter. WE DO NOT CONTROL AND ARE NOT RESPONSIBLE FOR WHAT THIRD PARTIES DO IN CONNECTION WITH THEIR WEBSITES, OR HOW THEY HANDLE YOUR PERSONAL INFORMATION. PLEASE EXERCISE CAUTION AND CONSULT THE PRIVACY POLICIES POSTED ON EACH THIRD-PARTY WEBSITE FOR FURTHER INFORMATION.

Changes to Our Privacy Policy

We may change our Privacy Policy from time to time. If we make changes, we will revise the “Last Updated” date at the top of this Policy. If we make material changes to how we treat your Personal Information, we may provide additional notice, such as by posting a notice on our Website homepage, account portal sign-in page, or via the email address we have on file for you. You are responsible for periodically visiting our Website and this Privacy Policy to check for any changes.

Contact Information

To ask questions or comment about this Privacy Policy and our privacy practices, please contact us at: [email protected].