User Privacy Policy for Not A Doctor .AI

Effective Date: February 21, 2025

Last Modified: February 21, 2025 (the "Modification Date")

This privacy policy is located at https://notadoctor.ai/policies/privacy.

Not A Doctor .AI ("NADA", "we", "us") is a service of HealthcareAgents ("HealthcareAgents"), which in turn is a business of Encultured AI, PBC, a Public Benefit Corporation. Data privacy is a core value of our business model.

This Privacy Policy and our Terms of Use (https://notadoctor.ai/policies/terms) apply to our handling of "Personal Information" received from users of NADA ("NADA"), via NADA's primary domain https://notadoctor.ai/ and subdomains, and via other correspondence with users in reference to the service. Terms not otherwise defined in this Privacy Policy are defined in our Terms of Use.

Notice At Collection

We collect several types of information from and about NADA users.

Information We Collect About You

The categories of Personal Information we may collect from you are and have collected in the past 12 months from the Modification Date are:

  1. Identifiers, such as your name, postal address, e-mail address, signature, telephone number, insurance policy number, medical information, health insurance information, and other similar identifiers.
  2. Protected Classification Characteristics, such as your age, race, color, ancestry, national origin, citizenship, religion, creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, reproductive health decision-making, military and veteran status, or genetic information.
  3. Commercial Information, such as your consumer history or tendencies.
  4. Biometric Information, such sleep, health, or exercise data which could identify you.
  5. Internet or other electronic network activity, such as browsing or search history or your interaction with a website, application, or advertisement.
  6. Geolocation data, such as your physical location or movements.
  7. Professional or employment related information, such as your current or past job history or performance evaluations.
  8. Inferences drawn from other Personal Information, such as your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitude.
  9. Sensitive Personal Information, such as your genetic data, information about your health, sex life, sexual orientation, information contained in the medical records that you upload or have disclosed to NADA, and the communications between you and NADA’s artificial intelligence tools.

Statement on Selling or Sharing Personal Information

HealthcareAgents does not Sell or Share your Personal Information, as defined in our Terms of Use.

Statement on Sensitive Personal Information

HealthcareAgents does not use or disclose Sensitive Personal Information for purposes other than the following:

  1. To perform the services you expect from NADA. For example, NADA’s artificial intelligence tool uses the medical information that you uploaded and generates questions for you to ask your healthcare provider.
  2. To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, or confidentiality of stored or transmitted Personal Information.
  3. To resist malicious, deceptive, fraudulent, or illegal actions directed at HealthcareAgents and to prosecute those responsible for those actions.
  4. To ensure the physical safety of natural persons.
  5. For short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of your current interaction with NADA, provided that the Personal Information is not disclosed to another third party and is not used to build a profile about you or otherwise alter your experience outside your current interaction with NADA.
  6. To perform services on behalf of NADA.
  7. To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us. 
  8. To collect or process Sensitive Personal Information where the collection or processing is not for the purpose of inferring characteristics about you.

Sources of Collection

We collect your Personal Information from:

  1. You. As a NADA user, you may choose to provide us with information related to your health or your experience with using our services. We may also automatically collect information from you, such as through the use of cookies (as detailed below).
  2. Healthcare Provider. You can request that your healthcare providers send NADA copies of your health information.
  3. Third Parties. We also connect with and use third-party services such as subprocessors, like Google, large language models, and patient portals, like MyChart, to collect information pertinent to your health and our services to you.

Purpose

Our purposes for collecting or disclosing your Personal Information are:

  1. To assist you in collating your health records and other information pertinent to your health,
  2. To assist you in preparing questions for your doctor or other professionals addressing your health,
  3. To inform you of updates about our services, and
  4. To send you marketing emails, as described below.

This includes learning generalizable insights from your Personal Information that enable us to better serve these purposes.

Disclosure

We disclose your Personal Information to:

  1. To our vendors and service providers: We disclose Personal Information to companies that provide services to us, such as providers that host or operate our websites or apps, analyze data, or provide customer service, data storage, marketing, analytics, security, or fraud prevention. As an example, if we make a Google spreadsheet with your Personal Information in it, we are thereby providing your Personal Information to Google.
  2. To affiliates: We may disclose your Personal Information to current or future parents, subsidiaries, affiliates, and other companies under common control or ownership with HealthcareAgents.
  3. In connection with legal matters: We may disclose your Personal Information when we believe disclosure is appropriate due to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency; or as otherwise required by law.
  4. For the protection of HealthcareAgents and others: We may disclose your Personal Information when we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our employees, our users, our organizers, or others; and to enforce our contracts.
  5. In connection with corporate transactions: We may disclose your Personal Information as part of, or to take steps in anticipation of, a sale of all or a portion of our business, a divestiture, merger, consolidation, asset sale, bankruptcy, or other significant corporate event. We may use and disclose De-Identified Information, including information aggregated across individuals in a manner achieving de-identification, for any purpose.

Data Retention

We keep your information until after we determine it is no longer necessary for the purposes described in this Privacy Policy and we are not legally required to retain it for longer.

De-Identification

We make many efforts to de-identify your Personal Information while we use it, including in some of our communications with you and in our app. For more information about our de-identification procedures and philosophy, see: our de-identification statement.

International Data Transfer

Our headquarters, cloud servers, and on-premises hardware are all located in the United States. When we disclose your Personal Information as described above, the recipients could be in the United States or another country. They might be in a location where privacy laws don’t require as much protection as the laws of the country where you live.

We or entities to whom we disclose your Personal Information may become legally required to provide it to the governments, courts or law enforcement or regulatory agencies of any of the countries where we or they operate. However, this Privacy Policy applies to NADA's operations worldwide. We will take appropriate measures to comply with rules relating to transfers of personal data to countries outside the source country. Where appropriate, these measures include signing Standard Contractual Clauses in accordance with EEA and UK data protection laws to govern the transfers of certain data. For more information about these transfer mechanisms, please contact us at contact@notadoctor.ai with questions.

Children Under 18

NADA websites and services are not intended for use by persons under the age of 18, because we do not wish to collect information from children and are not seeking children as customers. If you are under 18 years of age, you are not authorized to use our websites or services. If you are a parent or legal guardian and think your child under 18 (or a different age threshold where applicable) has given us Personal Information, please contact us at contact@notadoctor.ai to notify us so that we can delete it.

As NADA platform users are intended to be eighteen (18) years or older and NADA does not Sell or Share Personal Information, NADA does not have actual knowledge that it Sells or Shares the Personal Information of consumers under sixteen (16) years of age.

Rights Regarding Your Information

You have the following rights with respect to your Personal Information:

Right to Know

You may request that NADA discloses to you

(i) the categories of Personal Information which we have used or collected about you in past twelve (12) months,
(ii) why we collected or used your Personal Information, and
(iii) if we sold or shared your Personal Information. Your request may also specifically include:

  1. the categories of sources that NADA used to collect the Personal Information;
  2. NADA’s business or commercial purpose for disclosing, collecting, Selling, or Sharing your Personal Information;
  3. the categories of third parties to whom the Personal Information was sold, shared, or disclosed; and
  4. the specific pieces of Personal Information that NADA has collected about you.

Right to Delete

You may request that NADA delete any Personal Information that NADA has collected about you. If your request is accepted, NADA will also notify any service providers, contractors, or other parties that we have shared or sold the information with to delete the Personal Information.

We may retain confidential record of your deletion request to prevent the Personal Information from being sold or to comply with any applicable laws.

Right to Correct

You may request that NADA correct inaccurate Personal Information. We will use commercially reasonable methods to comply with your request.

Right to Non-Discrimination

NADA cannot retaliate against you for exercising any of your rights under this Privacy Policy.

Right to Access

You may request access to your Personal Information.

If your Personal Information is available in a digital format, you may obtain a copy of your Personal Information that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Personal Information to others without hindrance.

Right to Opt-Out

You may request to opt-out of NADA’s use, collection, disclosure, or other processing of your Personal Information if the purpose of the use, collection, disclosure, or processing was for the purpose of profiling in furtherance of a decision that produces a legal or similarly significant effect.

How to Exercise Your Rights and What to Expect

You may exercise the rights described in this Privacy Policy by either:

  1. Emailing your request to us at contact@notadoctor.ai with a subject line starting with "Privacy Request:", or

  2. Mailing your request to us at:

Privacy Requests for HealthcareAgents
PO Box 9128
Berkeley, CA 94709

After we receive your request, we will take steps to verify that the request is coming from and authorized by you. We may request e-mail verification or request information from you to verify your identity. In general, we will try to comply with your request, and we will notify you of our decision within forty-five (45) days of receiving your request. In certain circumstances, we can extend that deadline by another forty-five (45) days. We will notify you through your NADA account, or if you do not have one, by mail or e-mail.

An authorized agent can make a request on your behalf, if the agent includes a statement or documentation demonstrating the agent’s ability to act on your behalf.

If you wish to appeal your decision, please email us at contact@notadoctor.ai. We will notify you of our decision within sixty (60) days of receiving your appeal with a written explanation of our decision.

Marketing Communications

You can unsubscribe from NADA marketing emails by clicking the unsubscribe link in a marketing email or contacting us at contact@notadoctor.ai.

Cookies and Other Similar Technologies

You may be able to set your browser to refuse certain types of cookies, or to alert you when certain types of cookies are being used. Some browsers offer similar settings for HTML5 local storage and other technologies too. However, if you block or otherwise reject all cookies, local storage, JavaScript or other technologies, certain websites may not function as expected.

We may use Google Analytics on our websites. You can limit Google’s collection of data through Google Analytics by visiting websites only with a browser on which you have installed the Google Analytics opt-out plugin available at https://tools.google.com/dlpage/gaoptout.

We may also use other third-party advertising and marketing services, such as Facebook, X.com (formerly Twitter), or Instagram.

Updates and Changes to our Non-Client User Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Policy.

Contacting Us

If you have any questions or comments regarding our privacy policy and practices, or to submit a request or complaint, please email us at contact@notadoctor.ai.