Privacy Policy

Introduction

Cardio AI Global Institute ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, participate in our programs, or interact with us in any way.

Please read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

HIPAA Compliance Notice: For participants in our clinical programs and research studies, we maintain strict compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable healthcare privacy regulations.

1. Information We Collect

1.1 Personal Information

We may collect the following types of personal information:

Contact Information: Name, email address, phone number, mailing address
Professional Information: Job title, organization, professional credentials, medical license numbers (for healthcare professionals)
Account Information: Username, password, and account preferences
Program Application Information: Educational background, work experience, research interests, letters of recommendation
Payment Information: Billing address, payment method details (processed securely through third-party payment processors)

1.2 Protected Health Information (PHI)

For participants in our research studies and clinical programs, we may collect:

Medical history and clinical data
Cardiovascular risk factors and assessment results
Laboratory and diagnostic test results
Treatment and medication information
Data from medical imaging and wearable devices

Note: All PHI is collected, stored, and processed in compliance with HIPAA regulations and other applicable healthcare privacy laws.

1.3 Technical Information

We automatically collect certain information when you visit our website:

IP address and device identifiers
Browser type and version
Operating system
Referring URLs and pages visited
Time and date of visits
Clickstream data

1.4 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience and collect information about usage patterns. You can control cookie settings through your browser preferences.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Service Delivery

Providing access to our programs, courses, and educational materials
Processing applications for CAILP and other programs
Conducting research studies and clinical validation
Delivering customer support and responding to inquiries
Administering accounts and processing payments

2.2 Research and Development

Advancing cardiovascular AI research and innovation
Developing and validating AI algorithms and models
Publishing research findings (with appropriate anonymization)
Contributing to scientific knowledge in cardiovascular medicine

2.3 Communications

Sending program updates and educational content
Providing notifications about research opportunities
Distributing newsletters and announcements
Responding to feedback and questions

2.4 Analytics and Improvement

Analyzing website usage and user behavior
Improving our services and user experience
Conducting quality assurance and performance monitoring
Developing new programs and features

3. How We Share Your Information

We may share your information in the following circumstances:

3.1 With Your Consent

We may share your information when you provide explicit consent or direct us to do so.

3.2 Research Partners and Collaborators

We may share de-identified or anonymized data with academic institutions, healthcare systems, and research partners for collaborative studies. All data sharing agreements comply with HIPAA and include appropriate data use agreements.

3.3 Service Providers

We work with third-party service providers who assist with:

Website hosting and cloud infrastructure
Payment processing
Email delivery and communications
Data analytics and business intelligence
Customer relationship management

These providers are contractually obligated to protect your information and use it only for specified purposes.

3.4 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or when we believe disclosure is necessary to:

Comply with legal obligations
Protect our rights and property
Prevent fraud or abuse
Protect the safety of users or the public

3.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

4. Data Security

We implement comprehensive security measures to protect your information:

4.1 Technical Safeguards

Encryption of data in transit and at rest (TLS 1.3, AES-256)
Secure access controls and authentication
Regular security audits and vulnerability assessments
Intrusion detection and prevention systems
Automated backup and disaster recovery procedures

4.2 Administrative Safeguards

HIPAA-compliant policies and procedures
Employee training on data privacy and security
Strict access controls based on role and need-to-know
Regular security awareness programs
Incident response and breach notification procedures

4.3 Physical Safeguards

Secure data centers with 24/7 monitoring
Restricted physical access to facilities
Environmental controls and redundancy

Important: While we implement robust security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

5. Your Rights and Choices

You have the following rights regarding your personal information:

5.1 Access and Portability

You have the right to request access to your personal information and receive a copy in a structured, commonly used format.

5.2 Correction

You may request correction of inaccurate or incomplete personal information.

5.3 Deletion

You may request deletion of your personal information, subject to legal retention requirements and legitimate business needs.

5.4 Opt-Out

You can opt out of:

Marketing communications (via unsubscribe links in emails)
Non-essential cookies (through browser settings)
Data sharing for research (where applicable)

5.5 HIPAA Rights

For research participants, you have additional rights under HIPAA:

Right to receive a Notice of Privacy Practices
Right to request restrictions on uses and disclosures
Right to request confidential communications
Right to an accounting of disclosures

To exercise your rights, contact us at: privacy@cardioailive.com

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

Account Information: Duration of account plus 7 years
Research Data: As required by research protocols and regulatory requirements (typically 7-25 years)
Clinical Data: As required by HIPAA and state medical record laws
Marketing Data: Until you opt out or 3 years of inactivity
Website Analytics: 2 years

7. International Data Transfers

Our operations are primarily based in the United States. If you access our services from outside the U.S., your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

We implement appropriate safeguards for international data transfers, including:

Standard Contractual Clauses approved by regulatory authorities
Privacy Shield frameworks (where applicable)
Adequacy decisions by relevant authorities

8. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

9. Third-Party Websites and Services

Our website may contain links to third-party websites, applications, and services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

10. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected, used, and shared
Right to delete personal information
Right to opt out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising CCPA rights

To exercise these rights, contact us at: privacy@cardioailive.com or call +1 (614) 967-8728

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

Posting the updated policy on our website with a new "Last Updated" date
Sending email notifications to registered users
Providing prominent notice on our website

Your continued use of our services after the effective date of any changes constitutes acceptance of the updated Privacy Policy.