This Privacy Policy describes how Medeloop, Inc. (“Medeloop,” “we”, “us” or “our”) processes personal information that we collect through our researcher web application (collectively, the “Service”). Medeloop may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information.
Medeloop serves as the data processor for most information entered into the Medeloop application, website, and supporting systems, acting on behalf of its customers who serve as the data controllers. However, Medeloop also collects certain information directly from users for security, logging, and application performance purposes, where it acts as the data controller and processor. Medeloop may engage third-party sub-processors (as detailed below) to support its operations. If you have any inquiries about the processing of your personal data, please contact us using the contact information provided in this privacy notice.
Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:
Contact data, such as your first and last name, salutation, email address, and professional title and company name.
Profile data, such as the username and password that you may set to establish an online account on the Service.
Communications data based on our exchanges with you, including when you contact us through the Service or otherwise.
Research data, such as the research institution with which you are affiliated, and the nature and type of research being conducted, including any protocols, curriculum vitae, manuscripts, institutional review board (IRB) applications, or similar documents that you might upload to the Service.
Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
Automatic data collection. We, our service providers, and our business partners may automatically log information about you, your computer, and your interaction over time with the Service, our communications and other online services, such as:
Online activity data within the web application, such as pages or screens you viewed, how long you spent on a page or screen, and access times and duration of access.
Cookies and similar technologies. Some of the automatic collection described above is facilitated by the following technologies:
Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
Personal data is processed using computers and technology-enabled tools in accordance with organizational policies and procedures related to the stated purposes. In certain cases, personal data may be accessible to Medeloop employees involved in the operation of the Medeloop-supporting applications. External parties, such as third-party technical service providers, hosting providers, and IT companies, may also have access to personal data as data processors or sub-processors appointed by Medeloop.
Legal Basis of Processing. Medeloop may process personal data when one of the following legal bases applies:
Service delivery and operations. We may use your personal information to:
provide, operate and improve the Service and our business;
establish and maintain your user profile on the Service;
enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages;
provide support for the Service, and respond to your requests, questions and feedback.
Service improvement and analytics. We may use your personal information to analyze your usage of the Service, improve the Service, improve the rest of our business, and help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service.
Compliance and protection. We may use your personal information to:
comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
audit our internal processes for compliance with legal and contractual requirements or our internal policies;
enforce the terms and conditions that govern the Service; and
prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Cookies and similar technologies. In addition to the other uses included in this section, we may use the cookies and similar technologies described above for the following purposes:
Technical operation. To allow the technical operation of the Service, such as by remembering your selections and preferences as you navigate the site, and whether you are logged in when you visit password protected areas of the Service.
Functionality. To enhance the performance and functionality of our services.
Analytics. To help us understand user activity on the Service, including which pages are most and least visited and how visitors move around the Service, as well as user interactions with our emails.
Legitimate Interests: Processing is necessary for the legitimate interests pursued by Medeloop or a third party.
The specific legal basis for processing personal data will be provided upon request, including whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Retention Time. Personal data is retained for as long as necessary to fulfill the purposes for which it was collected unless a longer retention period is required or permitted by law.
The retention periods are as follows:
Personal data collected for the performance of a contract between Medeloop and a customer is retained until the contract is fully executed, or until the customer requests deletion of the data.
Personal data collected for Medeloop’s legitimate interests is retained as long as necessary to fulfill those purposes. For specific information about Medeloop’s legitimate interests, please refer to the relevant sections of this document or contact us using the contact information provided in this privacy notice.
Personal data processed based on user consent may be retained until such consent is withdrawn, provided that it is not otherwise required or permitted by law.
Personal data may be retained for a longer period when necessary to comply with a legal obligation or a lawful order from an authority.
When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing as required or permitted by law.
The Purposes of Processing. Medeloop collects and processes personal data for the following purposes:
Providing Services: Personal data is collected to enable Medeloop to provide its services.
Analytics: Personal data is used for monitoring user behavior and engagement on the Medeloop web application.
User Database Management: Personal data is managed to create user profiles, track user activities, and improve the web application.
Managing Contacts and Sending Messages: Personal data is used to manage contact lists and send communications to users.
Displaying Content from External Platforms: Personal data is used to display external content and enable interaction with it.
Hosting and Back-End Infrastructure: Personal data is processed and stored on hosting and back-end infrastructure to support the operation of the Medeloop application.
Contacting the User: Personal data is processed to respond to user requests and inquiries.
Users have the following rights regarding their personal data processed by Medeloop:
Right to Withdraw Consent: Users have the right to withdraw their consent to the processing of their personal data at any time.
Right to Object: Users can object to the processing of their personal data based on legitimate interests.
Right of Access: Users can request access to their personal data and obtain information about the processing activities.
Right to Rectification: Users can request the correction or update of inaccurate or incomplete personal data.
Right to Remove or Reject Cookies. Users can do so by following the instructions in their browser settings. Many browsers accept cookies by default until users change their settings. If users set their browser to disable cookies, the Service may not work properly. Users can also configure their device to prevent images from loading to prevent web beacons from functioning.
Right to Restrict Processing: Users have the right to restrict the processing of their personal data under certain circumstances.
Right to Erasure: Users can request the erasure of their personal data, subject to legal obligations or overriding legitimate grounds.
Right to Data Portability: Users can request to receive their personal data in a structured, commonly used, and machine-readable format, and transmit it to another data controller.
Right to Lodge a Complaint: Users have the right to lodge a complaint with a data protection authority regarding the processing of their personal data.
To exercise these rights or obtain further information, users can contact Medeloop using the contact details provided in this document.
The Service may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites and online services you use.
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. We follow industry best practices and standards to ensure the confidentiality, integrity, and availability of your data. Our security measures include but are not limited to:
Encryption: We employ encryption techniques to safeguard your data during transmission and storage.
Access Control: We restrict access to personal data to authorized personnel only, ensuring that it is accessible on a need-to-know basis.
Regular Audits: We conduct regular security audits and assessments to identify and address any vulnerabilities or risks.
Employee Training: Our employees undergo comprehensive data protection training to ensure they understand the importance of data security and privacy.
The Service is not intended for use by anyone under 18 years of age.
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business.
Email: privacy@medeloop.ai
Mail: 1300 El Camino Real, Suite 100, Menlo Park, CA 94025, United States
Phone: 1-888-215-9507
This Privacy Policy describes how Medeloop, Inc. (“Medeloop,” “we”, “us” or “our”) processes personal information that we collect through our mobile application that links to this Privacy Policy (collectively, the “Service”). Medeloop may provide additional or supplemental privacy policies to individuals for specific products or services that we offer at the time we collect personal information.
This Privacy Policy governs the patient mobile application, which is offered by Medeloop, and is separate from any other notice, policy, or consent provided to you directly by any other applicable medical facility, research institution, etc. If you have questions or concerns regarding your personal information related to any other applicable medical facility, research institution, etc., please direct your concerns to that relevant entity.
Medeloop serves as the data processor for most information entered into the Medeloop mobile application, acting on behalf of its customers who serve as the data controllers. However, Medeloop also collects certain information directly from users for security, logging, and application performance purposes, where it acts as the data controller and processor. Medeloop may engage third-party sub-processors (as detailed below) to support its operations. If you have any inquiries about the processing of your personal data, please contact us using the contact information provided in this privacy notice.
Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:
Contact data, such as your first and last name, email address, mailing address, and phone number.
Demographic data, such as your city, state, country of residence, postal code, and age.
Profile data, such as the username and password that you may set to establish an online account on the Service.
Communications data based on our exchanges with you, including when you contact us through the Service, social media, or otherwise.
User-generated content data, such as photos, images, music, videos, comments, questions, messages, works of authorship, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece of content was collected and how that content has been formatted or edited. Metadata also includes information that users can add or can have added to their content, such as keywords, geographical or location information, and other similar data.
Relationship data, such as familial or other relationships to third parties whose personal information you may provide to us, such as legal guardian, child, or emergency contact information. Please do not share information about others with us unless you have the legal right or their permission to do so.
Health related data, such as medical conditions, symptoms, dietary information, lifestyle preferences, exercise habits, mental health concerns, genetic testing results, and any other information that you voluntarily provide via the Services or when you choose to share activity data from your device (e.g., your phone’s accelerometer) or link other third-party platforms or activity trackers to the Services, such as Apple Health.
Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
Third-party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:
Research institutions, such as the entity that referred you to the Service (e.g., your contact information, health insurance information, and other similar information).
Electronic Medical Records, such as the relevant electronic medical record database(s) that you choose to connect to the Services.
Automatic data collection. We and our service providers may automatically log information about you, your mobile device, and your interaction over time with the Service, our communications and other online services, such as:
Device data, such as your mobile device’s operating system type and version, manufacturer and model language settings, and general location information such as city, state or geographic area.
Online activity data within the app, such as pages or screens you viewed, how long you spent on a page or screen and access times and duration of access.
Precise geolocation data when you authorize our mobile application to access your device’s location.
Personal data is processed using computers and technology-enabled tools in accordance with organizational policies and procedures related to the stated purposes. In certain cases, personal data may be accessible to Medeloop employees involved in the operation of the Medeloop mobile application and supporting applications. External parties, such as third-party technical service providers, hosting providers, and IT companies, may also have access to personal data as data processors or sub-processors appointed by Medeloop.
Legal Basis of Processing. Medeloop may process personal data when one of the following legal bases applies:
Service delivery and operations. We may use your personal information to:
provide, operate, and improve the Service and our business;
establish and maintain your user profile on the Service;
enable security features of the Service, such as by sending you security codes via email or SMS, and remembering devices from which you have previously logged in;
communicate with you about the Service, including by sending Service-related announcements, updates, security alerts, and support and administrative messages;
provide support for the Service, and respond to your requests, questions and feedback.
Service improvement and analytics. We may use your personal information to analyze your usage of the Service, improve the Service, improve the rest of our business, and help us understand user activity on the Service.
Compliance and protection. We may use your personal information to:
comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas, investigations or requests from government authorities;
protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
audit our internal processes for compliance with legal and contractual requirements or our internal policies;
enforce the terms and conditions that govern the Service; and
prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information, such as when required by law.
To create aggregated, de-identified and/or anonymized data. We may create aggregated, de-identified and/or anonymized data from your personal information and other individuals whose personal information we collect. We make personal information into de-identified and/or anonymized data by removing information that makes the data identifiable to you. We may use this aggregated, de-identified and/or anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Legitimate Interests: Processing is necessary for the legitimate interests pursued by Medeloop or a third party.
The specific legal basis for processing personal data will be provided upon request, including whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
International data transfer. We are headquartered in the United States and may use third-party sub-processors that operate in other countries. Your personal information (e.g., photos of food) may be transferred to countries where privacy laws may not be as protective as those in your state, province, or country.
Retention Time. Personal data is retained for as long as necessary to fulfill the purposes for which it was collected unless a longer retention period is required or permitted by law.
The retention periods are as follows:
Personal data collected for the performance of a contract between Medeloop and a customer is retained until the contract is fully executed, or until the customer requests deletion of the data.
Personal data collected for Medeloop’s legitimate interests is retained as long as necessary to fulfill those purposes. For specific information about Medeloops legitimate interests, please refer to the relevant sections of this document or contact us using the contact information provided in this privacy notice.
Personal data processed based on user consent may be retained until such consent is withdrawn, provided that it is not otherwise required or permitted by law.
Personal data may be retained for a longer period when necessary to comply with a legal obligation or a lawful order from an authority.
When we no longer require the personal information we have collected about you, we may either delete it, anonymize it, or isolate it from further processing as required or permitted by law.
The Purposes of Processing. Medeloop collects and processes personal data for the following purposes:
Providing Services: Personal data is collected to enable Medeloop to provide its services.
Analytics: Personal data is used for monitoring user behavior and engagement on the Medeloop mobile application.
User Database Management: Personal data is managed to create user profiles, track user activities, and improve the mobile application.
Managing Contacts and Sending Messages: Personal data is used to manage contact lists and send communications to users.
Displaying Content from External Platforms: Personal data is used to display external content and enable interaction with it.
Hosting and Back-End Infrastructure: Personal data is processed and stored on hosting and back-end infrastructure to support the operation of the Medeloop application.
Contacting the User: Personal data is processed to respond to user requests and inquiries.
Processing and Sharing of Personal Data. Medeloop engages various services and third-party processors to support its operations. The following provides information on the processing of personal data, the involved services, and the third-party processors:
Content from External Platforms:
21 CFR part 11 e-consent (DocuSign)
Computer vision SDK for food identification (Passio)
EMR access API (1Up Health)
Hosting and Back-End Infrastructure:
Database, application, and API hosting (AWS)
External data services:
Environmental data based on location (Ambee)
For detailed information about each service and third-party processor, please refer to the corresponding sections of this privacy notice.
Users have the following rights regarding their personal data processed by Medeloop:
Right to Withdraw Consent: Users have the right to withdraw their consent to the processing of their personal data at any time.
Right to Object: Users can object to the processing of their personal data based on legitimate interests.
Right of Access: Users can request access to their personal data and obtain information about the processing activities.
Right to Rectification: Users can request the correction or update of inaccurate or incomplete personal data.
Right to Restrict Processing: Users have the right to restrict the processing of their personal data under certain circumstances.
Right to Erasure: Users can request the erasure of their personal data, subject to legal obligations or overriding legitimate grounds.
Right to Data Portability: Users can request to receive their personal data in a structured, commonly used, and machine-readable format, and transmit it to another data controller.
Right to Lodge a Complaint: Users have the right to lodge a complaint with a data protection authority regarding the processing of their personal data.
To exercise these rights or obtain further information, users can contact Medeloop using the contact details provided in this document.
The Service may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the other websites and online services you use.
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. We follow industry best practices and standards to ensure the confidentiality, integrity, and availability of your data. Our security measures include but are not limited to:
Encryption: We employ encryption techniques to safeguard your data during transmission and storage.
Access Control: We restrict access to personal data to authorized personnel only, ensuring that it is accessible on a need-to-know basis.
Regular Audits: We conduct regular security audits and assessments to identify and address any vulnerabilities or risks.
Employee Training: Our employees undergo comprehensive data protection training to ensure they understand the importance of data security and privacy.
We are committed to continuously enhancing our security practices and staying up to date with the latest industry standards to provide a secure environment for your personal data. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
The Service is intended for use by anyone, including those under 18 years of age. If you are a parent or guardian of a child from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If we learn that we have collected personal information through the Service from a child without the consent of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.
We reserve the right to modify this Privacy Policy. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledging that the modified Privacy Policy applies to your interactions with the Service and our business.
Email: privacy@medeloop.ai
Mail: 1300 El Camino Real, Suite 100, Menlo Park, CA 94025, United States
Phone: 1-888-215-9507