Photos, videos and chat done right. HIPAA-compliant
© CAPTUREPROOF Inc 2012-2024 | version 2.0.0
Last Modified: May 3, 2022
Thank you for using CaptureProof®. The Service that CAPTUREPROOF, Inc. provides to you is subject to the following Terms of Service ("Terms").
These Terms constitute a legal agreement between you and CAPTUREPROOF, Inc. and its successors, parents, subsidiaries, affiliates and related companies or other companies under a common control that we may have now or in the future operate ("CaptureProof", "we", "our" or "us"). As used in these Terms, the words "you" and "your" refer to you, the user of the CaptureProof Service. The use of the word "including" in these Terms is used to refer to specific examples and will be construed to mean "including, without limitation" or "including, but not limited to" and will not be construed to mean that the examples given are an exclusive list of the topics covered. These Terms apply to the CaptureProof website and mobile applications (the "Site") and the asynchronous telemedicine communication service we offer on the Site (together with the Site, the "Service"). These Terms govern your access to and use of the Service, so please carefully read them before using the Service.
By using the Service you agree to be bound by these Terms. If you are using the Service on behalf of an organization, you are agreeing to these Terms for that organization and promising that you have the authority to bind that organization to these terms. In that case, "you" and "your" will refer to that organization.
The following is a brief summary of these Terms:
CaptureProof is committed to compliance with all privacy and security laws and regulations that apply to the provision of the Service to you. Such laws and regulations vary from country to country. The Terms apply to both national and international customers except to the extent otherwise noted or as required by applicable law.
For example, CaptureProof complies with applicable U.S. laws and regulations, including the U.S. Health Insurance Portability and Accountability Act ("HIPAA"), governing the privacy and security of patients' protected health information. CaptureProof's Privacy Policy and Security Policy have been adopted in furtherance of these compliance efforts.
CaptureProof also complies with applicable international laws and regulations regarding the collection, use, and retention of personal information. CaptureProof's Privacy Shield and GDPR Policy has been adopted in furtherance of its efforts to comply with the principles set forth in the US-EU and US-Swiss Privacy Shield Framework ("Privacy Shield") and the EU General Data Protection Regulation ("GDPR") requirements.
Except as otherwise provided herein, by either (1) clicking to agree or accept to these Terms where these options are presented to you, or (2) following your initial acceptance of Terms during account creation, actually using or accessing the Site or any part of the Service, you signify your agreement to be bound by these Terms and all other policies or notices posted by us on the Site. Your use of the Service is also governed, as applicable to you, by CaptureProof's Acceptable Use Policy, Security Policy, Privacy Policy, Privacy Shield and GDPR Policy, and Business Associate Agreement Policy - all of which are incorporated herein by reference into these Terms. Any conflict between CaptureProof's general Terms and the specific terms and conditions set forth in the Acceptable Use, Security, Privacy, Privacy Shield and GDPR, or Business Associate Agreement policies shall be resolved in favor of the more specific policy as applicable. Copies of these policies can be found at www.captureproof.com/terms/.
If you don't agree to these Terms, do not use the Service. You agree that your use of the Service will always be subject to the most current version of these Terms at the time of such use. It is your responsibility to review these Terms from time to time for any changes. If you use the Service after we have changed any of the Terms, you are agreeing to all of the changes. Again, if you do not agree, do not use the Service.
You may not accept these Terms if you are not authorized by applicable law to form a binding contract with CaptureProof for the Service.
If you accept these Terms, you represent that you have the legal authority to form a contract with CaptureProof and be bound by these Terms.
Depending on your activities when visiting the Site or using the Service, you may be required to agree to additional terms and conditions as indicated on the Site or via the Service.
The Service may be used as a tool to facilitate the creation of a patient’s personal visual health record and/or facilitate secure visual and text asynchronous communication between a medical patient and his or her existing team of Health Care Providers. By accepting the Terms, the patient and Health Care Provider agree to this.
For purposes of sharing medical information between a patient user of the Service and a Health Care Provider user of the Service, a Health Care Provider-patient relationship is established when one of the following conditions is met:
The Health Care Provider-patient relationship remains in effect until one of the following conditions is met:
Once data is shared with the Health Care Provider, it will remain shared with the Health Care Provider. Terminating the connection will prevent the Health Care Provider from having access to any subsequent data uploaded and/or shared by the patient.
You agree never to use the Service for urgent matters. If you experience any adverse reactions or your medical condition worsens, or for any other urgent matters, you understand that it is your responsibility to seek emergency care immediately.
If at any time you are concerned about your, or your child's, care or the treatment prescribed by a healthcare provider through the Service, or you believe or someone else advises you that you or your child has or suspect that you or your child has a serious or life-threatening condition, call 911 in areas in which that service is available, or go to the nearest emergency room or open clinic.
You authorize CaptureProof to use the information contained in your CaptureProof profile to provide the Service and to share this information, in part or in its entirety, with those entities and individuals you designate. You understand that the designated individuals may share your health information with colleagues for the purpose of your treatment.
If the patient is under the age of 18, in order to use the Service, you must be authorized by applicable law to agree to use of the Service and sharing of the minor's information. Generally, a parent or legal guardian may create a Profile for a child and grant others access to the data unless prohibited by applicable law. In certain limited circumstances, minors may be legally entitled to act on their own behalf and may be legally authorized to create their own Profile and grant others access to the data. By accepting the Terms, you are representing that you have the legal authority to form a contract with CaptureProof for the use and sharing of information pertaining to a minor patient. Once an account is created by an individual with legal authority to do so, a minor between the age of 13 and 17 may use the Service to access their Profile. U.S. federal law prohibits web site and internet service operators from collecting personal information from minors under age 13 without their parent or guardian's knowledge and consent. A parent or guardian who becomes aware that his or her child under the age of 13 has provided us with personally identifying information without their consent, should contact us at privacy@captureproof.com. If we become aware that a child under the age of 13 has provided us with personally identifying information without consent of a parent or guardian, we will take steps to delete such information from our files.
This site does not provide medical or any other health care advice, diagnosis or treatment. Always seek the advice of your Health Care Provider or other qualified Health Care Provider with any questions you may have regarding a medical condition, diet, fitness or wellness program. Never disregard professional medical advice or delay in seeking it because of information you accessed on or through the service.
It is the responsibility of the patient to follow the advice of their Health Care Provider and arrange any and all follow up in-office or online communication that is requested by the Health Care Provider. If a follow up appointment is requested and the patient does not either schedule or maintain the appointment, or even if the patient does follow up, CaptureProof is not liable for any delay in diagnosis or treatment.
Files and other content in the Service may be protected by intellectual property rights of others. You agree not to copy, upload, download, or share files unless you have the right to do so. You, not CaptureProof, will be fully responsible and liable for what you share, upload or otherwise use while using the Service. You will not upload spyware or any other malicious software to the Service.
We do not claim ownership of the content you submit through the Service. Your content remains your content. We also don't control, verify, or endorse the content that you and others make available through the Service. While we assume no responsibility to monitor content that you and others make available, we retain the right to remove any content at our discretion.
The Service requires you to register by creating a user account. You must complete the registration process by providing us with current, complete and accurate information as prompted by the applicable registration form. This means that you may not set up an account using someone else's name or contact information, unless you are a parent or legal guardian authorized to set up and maintain an account for a child, and in no event may you set up an account using a phony name or phony contact information. You also will be required to choose a password and/or a PIN. You are entirely responsible for safeguarding your password, PIN, and account, and you agree not to disclose your login information to any third party. In connection with the registration process, you may be asked to acknowledge your acceptance to the Terms of the Service by electronic signature which will be authenticated by your use of your unique user name and password and which will be electronically date and time stamped on the date and at the time your electronic signature is made.
Furthermore, you are entirely responsible for any and all activities that occur under your account, whether or not you authorized that activity. You agree to notify CaptureProof immediately of any unauthorized use of your account or any other breach of security, by sending an email to security@captureproof.com.
CaptureProof will not be liable for any loss that you may incur as a result of someone else using your password, PIN or account, either with or without your knowledge. However, you could be held liable for losses incurred by CaptureProof or another party due to someone else using your account, PIN or password. You may not use anyone else's account at any time, without the permission of the account holder. You may not transfer your account to someone else. You will be liable for losses and damages incurred by us (or anyone else) due to the unauthorized use of your account. If your account is terminated, we will permanently delete your data from our servers to the extent feasible. We have no obligation to return data to you after your account is terminated unless otherwise specified or otherwise required by applicable law.
It is your duty to provide true, accurate, current and complete personal information, including your current contact information and medical records as necessary for us to provide the Service to you.
You must not make any misrepresentations in the information you provide to CaptureProof or your team of Health Care Providers. In order for the Service to function effectively, you must also keep your account information up-to-date and accurate.
Your communication is also governed by the Acceptable Use Policy, which governs the acceptable use of the Site and the Service.
You warrant and represent to us that you either own all the information you are submitting or have the right to submit the information. Furthermore, you warrant and represent that you have the right to allow us to make your information available to our employees and agents to view and use in connection with providing the Service without requiring that any such use be subject to additional obligations or terms except as otherwise required by applicable law.
PATIENT:
Patient users are not charged any fees by CaptureProof for the use of the CaptureProof Platform. In certain circumstances, a patient's healthcare provider may bill for a healthcare service provided to a patient using the CaptureProof Platform and a patient may be responsible for payment. This may include payment of applicable insurance co-payments and deductibles to the healthcare provider. By connecting to a healthcare provider on the CaptureProof Platform, the patient consents to allow their healthcare provider to use the Platform to provide and bill for such healthcare services.
HEALTH CARE PROVIDER:
Payment
By accessing or using the services you, the health care provider, medical practice or institution, agree that your credit card will be billed on a monthly basis. If you are agreeing to the terms and conditions of the CAPTUREPROOF, Inc. pricing policy described herein, during registration you will have the opportunity to input a credit card. If your fees are covered by another entity contact CaptureProof directly at payments@captureproof.com to confirm this agreement. If an invoice is needed instead of a credit card this will have to be arranged with the company itself and services fees will apply.
We may revise these Terms from time to time and the most current version will always be posted on our website. We may communicate revisions to these Terms to you via email to the email address associated with your account or via notices displayed on the Site. By continuing to access or use the Service after revisions become effective, you agree to be bound by the revised Terms. If you do not agree to the new terms, please stop using the Service.
These Terms, including the incorporated policies and together with any additional terms and conditions as indicated on the Site or via the Service, constitute the entire and exclusive agreement between you and CaptureProof with respect to the Service, and supersede and replace any other agreements, terms and conditions applicable to the Service. These Terms create no third party beneficiary rights. CaptureProof’s failure to enforce a provision is not a waiver of its right to do so later. If a provision is found unenforceable, the remaining provisions of the Terms will remain in full effect and an enforceable term will be substituted reflecting our intent as closely as possible. You may not assign any of your rights in these Terms, and any such attempt is void except as otherwise required by applicable law, but CaptureProof may assign its rights without restriction. CaptureProof and you are not legal partners or agents; instead, our relationship is that of independent contractors.
These terms do not grant you any right, title, or interest in the Service, Site, or the content in the Service (other than your personal information and any other content you post to the Service). The Software and other technology we use to provide the Service are protected by applicable intellectual property and other laws.
If you give feedback on the Service, such as recommendations for improvements or features, you hereby assign to CaptureProof all right, title and interest in and to such feedback, and that feedback may be implemented as part of the Service without compensation to you.
All brand, product and service names and other brand features used in the Service that identify CaptureProof or the Service are the trademarks or service marks of CaptureProof or its licensors. Nothing in the Service or these Terms shall be deemed to confer on any person any license or right on the part of CaptureProof or any licensor with respect to any such brand features.
USE OF THE SERVICE IS AT YOUR OWN RISK. THE SERVICE ARE PROVIDED ON AN "AS IS," "WHERE IS" AND "AS AVAILABLE" BASIS. CAPTUREPROOF AND ITS AFFILIATES, SUPPLIERS AND PARTNERS EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
CAPTUREPROOF AND ITS AFFILIATES, SUPPLIERS AND PARTNERS MAKE NO WARRANTY, REPRESENTATION OR PROMISE THAT (A) THE SERVICE WILL MEET YOUR REQUIREMENTS; (B) THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE OR ERROR-FREE; OR (C) THAT THERE WILL BE NO ERRORS IN THE SERVICE. ANYTHING OBTAINED THROUGH USE OF THE SERVICE IS OBTAINED AT YOUR OWN DISCRETION AND RISK AND CAPTUREPROOF SHALL NOT BE RESPONSIBLE FOR ANY DAMAGE CAUSED TO YOUR COMPUTER OR DATA OR FOR ANY BUGS, VIRUSES, TROJAN HORSES OR OTHER DESTRUCTIVE CODE, OR FOR ANY OTHER LOSSES YOU MAY INCUR, RESULTING FROM YOUR USE OF THE SERVICE.
SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. YOU MAY ALSO HAVE OTHER LEGAL RIGHTS, WHICH VARY FROM STATE TO STATE AND COUNTRY TO COUNTRY.
TO THE FULLEST EXTENT PERMITTED BY LAW, (A) IN NO EVENT WILL CAPTUREPROOF, OR ITS AFFILIATES, DIRECTORS, OFFICERS, INVESTORS, EMPLOYEES, AGENTS, ADVERTISERS, LICENSORS, SUPPLIERS, OR SERVICE PROVIDERS, BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOSS OF USE, DATA, BUSINESS, OR PROFITS), REGARDLESS OF LEGAL THEORY, WHETHER OR NOT CAPTUREPROOF HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE; AND (B) CAPTUREPROOF'S TOTAL LIABILITY TO YOU FOR DAMAGES, LOSSES, AND CAUSES OF ACTION UNDER ANY THEORY OF LIABILITY SHALL IN NO EVENT EXCEED $100.
You agree to indemnify, defend, and hold harmless CaptureProof, its affiliates and their respective directors, officers, employees and agents from and against any losses, costs, damages, liabilities and expenses (including reasonable attorneys' fees) arising out of any claims, actions, suits or proceedings related to your use of the Service, your violation of these Terms or of any rights of any third party, or any content or other information you submit to the Service. Your indemnification obligation will survive the termination of these Terms and your use of the Service.
We may terminate or suspend your permission to use the Service immediately and without notice upon any violation of these Terms, your failure to pay any fees when due, upon the request of law enforcement or government agencies, after extended periods of inactivity, for unexpected technical issues or problems, or in the event you engage in fraudulent or illegal activities. We also reserve the right to refuse, restrict, discontinue or terminate the Service (or any portions, components or features of the Service) to you or any other person or entity, for any reason or for no reason whatsoever, at any time, without notice or liability as allowed by applicable law. If we terminate your use of the Service for any of these reasons or otherwise for cause, we will not refund any fees you may have paid.
You acknowledge that temporary interruptions in the availability of the Service may occur from time to time, including the malfunction of equipment, periodic updating, maintenance or repair of the Service or other actions that CaptureProof, in its sole discretion, may elect to take. Under no circumstances will CaptureProof be held liable for any damages due to such interruptions or lack of availability.
Portions of the Service may be accompanied by additional terms that apply to specific features or areas of the Service or are required by applicable law. Those additional terms supplement these terms with respect to your use of those features or areas. (e.g. Authorized Use Policy, Security Policy, Privacy Policy, Privacy Shield and GDPR Policy)
Except as otherwise required by applicable international law, these Terms are governed by laws of the state of California, without respect to its conflict of laws principles. The sole jurisdiction and venue for any claim arising from the Service and these Terms shall be the state and federal courts located in San Francisco, California and each party hereby consents to the exclusive jurisdiction and venue of such courts.
You agree that if you want to bring a legal claim against us under these Terms, you must file your claim lawsuit within one year after the date on which you discovered or reasonably should have discovered the event that gave rise to your claim.
TO THE EXTENT PERMITTED BY LAW, THE PARTIES AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS, WHETHER IN ARBITRATION OR IN COURT, WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS OR REPRESENTATIVE ACTION OR AS A NAMED OR UNNAMED MEMBER IN A CLASS, CONSOLIDATED, REPRESENTATIVE OR PRIVATE ATTORNEY GENERAL ACTION, UNLESS BOTH YOU AND CAPTUREPROOF SPECIFICALLY AGREE TO DO SO IN WRITING.
If you do not wish to be bound by the foregoing class-action waiver, you must notify CaptureProof in writing within 30 days of the date that you accept these Terms. Your written notification must be mailed to: CaptureProof, Inc., ATTN: legal 611 S. Gateway Blvd, Ste 120, South San Francisco, CA 94080.
Notices to you may be sent via email or provided through links displayed on the Site. You understand and agree that notices and other information ("Communications") may be provided by CaptureProof to you by electronic means (i.e., via email or by posting the information on the Site). The categories of Communications that may be provided by electronic means include:
All Communications will be deemed to have been received by you after it is posted on the site for 5 days, whether or not you have retrieved the Communication from the Site. An electronic Communication by email is considered to be sent at the time that it is directed by CaptureProof’s email server to your email address, whether or not your receive it. You agree that these are reasonable procedures for sending and receiving electronic Communications.
You agree to promptly update your account records with CaptureProof if your email address changes so that CaptureProof may contact you electronically. You understand and agree that if we send you an electronic Communication but you do not receive it because the email address on file is incorrect, out of date, blocked by your service provider or you are otherwise unable to receive electronic Communications, CaptureProof will be deemed to have provided the Communication to you.
Although we reserve the right to provide Communications in paper format at any time, you agree that we are under no obligation to do so. All Communications in either electronic or paper format will be considered to be "in writing." You should print a paper copy of these Terms and any Communication that is important to you and retain the copy for your records. If you do not wish to receive these Terms or the Communications electronically, you may not use the Service.
If you have opened an account with us and you wish to withdraw your consent to have Communications provided electronically, you must close your account and stop using the Service. There are no fees to close your account, but a return data-handling fee may apply as allowed by law.
The terms of this Agreement (“Terms”) apply to your use of the Service, including iOS applications available via the Apple, Inc. (“Apple”) App Store (the “Application”), but the following additional terms also apply to the Application:
To the extent that the additional terms of the End-User License Agreement conflict with the Terms, the EULA shall control with respect to your use of the Service via the Application.
If you would like to contact us to provide feedback, comments or requests for technical support, and/or complaints or claim with respect to the EULA, you should contact us through our customer support department athelp@captureproof.com or call our support line at +1.415.691.7615.
If you have privacy questions or concerns, you should contact us at privacy@captureproof.com.
If you have data security questions or concerns, you should contact us at security@captureproof.com
Last Modified: May 3, 2022
Last Modified: May 3, 2022
Many people use CaptureProof, and we are proud of the trust placed in us. In exchange, we expect you to use the CaptureProof services (the "Service") responsibly.
As a CaptureProof account holder you agree to comply with this Acceptable Use Policy (this "Policy") and will be liable for all activities and content you post and for violation of this Policy.
You agree not to misuse the Service. For example, you must not, and must not attempt to, use the Service to do any of the following:
CaptureProof is not responsible for the content or activities in any CaptureProof profile. The decision to share or create content is yours. We advise you to use your judgment.
CaptureProof reserves the right to amend or change this Acceptable Use Policy at any time. CaptureProof may place a special notice on the CaptureProof website, update the date of this Acceptable Use Policy, or communicate significant changes by email. Your continued use of the Service following such notification constitutes your acceptance of any such changes. We encourage you to periodically review this Acceptable Use Policy to ensure you are in compliance.
Some information you provide or upload to the Service may be stored outside of the country in which you reside.
All activity on the Service is also governed by the CaptureProof Terms of Service.
If you see content that violates this Acceptable Use Policy, we encourage you to report it to CaptureProof for review. Please contact us at security@captureproof.com.
Thank you for using CaptureProof and honoring this Acceptable Use Policy.
Last Modified: May 3, 2022
CaptureProof is HIPAA-compliant. We provide this overview so that you can better understand the security measures we've put in place to protect the information that you store using CaptureProof.
All data stored in our databases is symmetrically encrypted using AES 256 keys. Amazon Web Services stores data over several large-scale data centers. You can find more information about Amazon Web Services' security at the Amazon Web Services' website. Encryption keys are stored using further encryption.
Your files are sent from CaptureProof’s mobile and web apps to our servers over a secure channel using SSL encryption, the standard for secure Internet network connections.
User accounts are password protected. Upon successful entry of a unique username, password and authentication token, the user then gains access to his or her account.
CaptureProof and Amazon Web Services keep redundant backups of all data over multiple locations to prevent the remote possibility of data loss.
We guard your privacy and work hard to protect your information from unauthorized access. Except as stated in the next sentence, CaptureProof employees are prohibited from viewing the content of files you store in your CaptureProof profile(s), and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in the CaptureProof Privacy Policy (e.g., when legally required to do so). We have strict policy and technical access controls that prohibit employee access except in these rare circumstances.
CaptureProof cooperates with law enforcement when it receives valid legal process, which may require CaptureProof to disclose information contained in your CaptureProof profile(s). In the case of being compelled to disclose information as above, CaptureProof will decrypt the data before providing them to law enforcement.
Our auditing process tracks all records that are created, deleted and modified. We also track activity on the site by users, such as, login, page view, viewing images, adding notes and other activity on the site by Patients and Medical Professionals.
You understand that your medical history is entered into the CaptureProof database and that all reasonable measures have been and will be taken to protect the confidentiality of this medical and personal information – in accordance with HIPAA standards. You know that no computer or phone system is completely 100% secure. CaptureProof understands your rights to reasonable privacy in accordance with HIPAA standards and state laws, and in accordance with our Privacy Policy, will not release information to anyone without your written authorization or as required permitted by law, or in accordance with your health insurer's privacy policy if applicable, or as otherwise disclosed via our Privacy Policy.
CaptureProof may revise and update this Security Policy at any time, without notice to you. We encourage you to periodically check the Site to see if there have been any changes to our Security Policy that may affect you.
CaptureProof is committed to resolving complaints about the security measures we use to protect your personal information. Individuals with inquiries or complaints regarding our Security policy should contact the CaptureProof Security Officer at:
CaptureProof's Security Officer can be contacted at:
CAPTUREPROOF, Inc
c/o Security Officer, David Chasteen
611 S. Gateway Blvd, Ste 120
South San Francisco, CA 94080
United States of America
security@captureproof.com
415-691-7615
Last Modified: May 3, 2022
CaptureProof takes your privacy very seriously. We are committed to protecting the privacy of visitors to the CaptureProof.com web site and mobile application (the "Site"). The purpose of this Privacy Policy is to inform you what kinds of information we may collect about you when you visit the Site or use the service offered on the Site (the "Service"), how we may use that information, to whom we may disclose it, and the choices you have regarding our use of, and your ability to manage and edit, your information. This Privacy Policy applies to the Site and the Service. This Privacy Policy does not apply to other websites to which we may link.
If you are from any of the countries in the European Economic Area (EEA) (which includes the Member States of the European Union (EU) plus Iceland, Liechtenstein and Norway) or Switzerland, please refer to the Privacy Shield and GDPR Policy which addresses CaptureProof's practices for collecting, using, maintaining, protecting and disclosing your personal information in accordance with the Privacy Shield Framework Principles and the General Data Protection Regulation.
This Privacy Policy governs information we collect about patients who use the Service ("Patients") and about designated health care professionals who are part of a Patient's health care team ("Medical Professionals").
Patients and Medical Professionals can access the Service through the Sites, via desktop or laptop computer, mobile phone, tablet, or other consumer electronic device. This Privacy Policy governs your use of the Service regardless of how you access the Service, and by using the Service you consent to the collection, transfer, processing, storage, disclosure and other uses of your information described in this Privacy Policy.
The Service is a health records platform that allows Patients to gather, edit, add to, store, and share their protected health information online and to communicate and share that information with designated Medical Professionals. This Service also allows Medical Professionals to gather, edit, add to, store and share protected health information online related to the treatment of Patients and share that information with their Patients and other designated Medical Professionals.
When you use the Service, the Service collects identifying information about you (e.g., name and email address) as well as, if you are a Patient, your protected health information (e.g., photos, videos, notes, doctor communications, and health history), and, if you are a Medical Professional, your patient communications.
We may collect and store the following information when you use the Service:
When you register to create an account with the Service, we collect some information about you, such as your name, phone number and email address. If you are a Patient, we also collect information about your gender and date of birth. If you are a Medical Professional, we also may collect information about your medical credentials, such as your medical license number, degree, office number and specialty. We may also collect information Patients choose to provide us regarding their designated Medical Professionals, such as their names and email addresses. Providing a profile picture is optional for both Patients and Medical Professionals.
If you are a Patient, when you use the Service, we collect health information that relates to (a) your past, present or future physical or mental health or condition, and (b) the provision of health care to you. This health information includes notes describing health conditions, communications with your medical clinician, photos of body parts or video of body movements and/or experiences, and any other information you upload to the Service. You can use the Service to enter a wide range of health information into a record. You can give others permission to view, and/or add information in a record. You cannot currently delete any photos, videos and/or chat from your account.
When you make payment for your use of the Service, we collect additional financial information as required to process those purchase transactions.
We also collect other information required to configure, use, and receive support for the Services, the time you visited, and browser type.
When you use the Service, we automatically record information, from the computer, mobile phone or other consumer electronic device you use to access the Service, that device's software, and your activity using the Service (collectively, "Analytics Information"). This may include the device's Internet Protocol ("IP") address, browser type, the web pages you visit on our website, information you search for on our website, locale preferences, identification numbers associated with your device, your mobile carrier, date and time stamps associated with transactions, system configuration information, captured metadata from photos and video concerning your uploaded health information, and other interactions with the Service.
We may use Analytics Information to monitor and analyze use of the Service, for the Service's technical administration, to increase the Service's functionality and user-friendliness, and to verify users have the authorization needed for the Service to process their requests.
We may disclose information that is not protected health information to data analytics companies such as Google Analytics. To learn more about the privacy policy of Google Analytics, visit: http://www.google.com/intl/en/policies/privacy .
These data analytics companies may use the data collected to contextualize and personalize the ads of its own advertising network. You will have the option to accept or reject the use of your personal data by these data analytics companies for these purposes. You can opt-out of Google Analytics at: https://tools.google.com/dlpage/gaoptout?hl-en .
The Service allows you to manage one health record, such as the ones you create for yourself or for your child(ren). You choose what information to put in your records. Examples of the types of information you can store in a record include:
How we use personally identifying information:
We use personally identifying information collected through the Service, including Patients' protected health information:
We may also ask you to participate in use surveys, questionnaires or polls, to facilitate feedback and input from our users. When you respond to surveys, questionnaires or polls, this information is collected only as anonymous, aggregated information and is used for statistical purposes only.
We may also use, or share with third parties, other non-personally identifying information in the aggregate for the purpose of improving the Service and for business and administrative purposes.
A key purpose of the Service is to facilitate the sharing by Patients of health information with Medical Professionals that are designated members of the Patient's health care team. Patients can choose to share specific information (or all information) with a designated Medical Professional.
Patients can share protected health information with designated Medical Professionals once they have established a Medical Professional - Patient relationship as outlined in our Terms of Service. Once data is shared it will remain shared with the Medical Professional. Terminating the connection will prevent the Medical Professional from having access to any subsequent data uploaded and/or shared by the patient.
No Medical Professional who accepts a sharing invitation has the ability to use the Service to share a Patient's health information with third parties, the exception being that Medical Professionals can use or disclose protected health information, such as X-rays, laboratory and pathology reports, diagnoses, photos, videos, and other medical information for treatment, payment or health care operations purposes only without the patient's authorization. This includes sharing the information to consult with other providers, including providers who are not covered entities, to treat a different patient, or to refer the patient.
We may permit certain trusted third party companies and individuals to access your information in connection with their performance of services to help us maintain, operate, analyze, and improve the Service, including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service’s features. These third parties may have access to your information only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy.
We may disclose your personally identifying information to third parties when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of CaptureProof or its users; or (d) to protect CaptureProof's property rights. If we provide your personally identifying information to a law enforcement agency as set forth above, when legally required, we will remove CaptureProof's encryption from the files before providing them to law enforcement. However, we will not be able to decrypt any files that you encrypted prior to storing them on the Service.
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personally identifying information may be transferred as part of that transaction, but we will notify you of this transfer of your information (for example, via email and/or a prominent notice on the Site). We will also notify you of choices you may have regarding the transfer of your information
We may disclose your non-personally identifying information to third parties as described above under "How we use aggregate non-personally identifying information." We do not sell, trade or rent your personal information to third parties.
You may review, update, correct or delete the personally identifying information provided in your registration or Profile by changing your Profile settings. If your personally identifiable information changes, or if you no longer desire to use the Service, you may update or delete it by making the change in your Profile settings. In some cases we may retain copies of your information if required by law.
We will retain your information for as long as your account is active or as needed to comply with applicable federal and state laws. If you delete your account, we may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information as quickly as possible upon request. Please note, however, that there might be a delay in deleting information from our servers and that backed-up versions might continue to exist after deletion. Any information that remains will continue to be protected by CaptureProof under the terms of this Privacy Policy and under the terms of the Security Policy.
We follow generally accepted industry standards to protect your health information and other personally identifying information that we collect about you. We use firewall barriers, SSL 256-bit high-grade encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect user accounts and systems from unauthorized access. However, no method of transmission over the Internet or method of electronic storage is 100% secure.
CaptureProof may revise and update this Privacy Policy at any time, without notice to you. We encourage you to periodically check the Site to see if there have been any changes to our Privacy Policy that may affect you.
An internet cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. We use cookies to help us identify and track visitors to the Site, their usage of the Site, and their website access preferences. You will, however, have the option to accept the use of cookies or reject the use of cookies. Certain features of the Site may not function properly without the aid of cookies.
You have a right to:
1. View your medical records. You can access your medical records that have been provided to CaptureProof within 30 days of your request to do so. You can view your medical records at any time by accessing your account online.
2. Inspect and copy your PHI. You must submit your request to inspect or copy your PHI online to CaptureProof. CaptureProof may impose a fee for the costs of copying, mailing, labor and supplies associated with your request. CaptureProof may deny your request to inspect and/or copy your PHI in certain limited circumstances. If that occurs, CaptureProof will inform you of the reason for the denial, and you may request a review of the denial.
3. Amend your PHI. If you believe your file is incomplete or incorrect, you can request that CaptureProof amend your PHI. CaptureProof may, under certain circumstances, deny your request. If that occurs, you have the right to submit a statement of disagreement for inclusion in your records.
4. Accounting and disclosures. You always have the decision whether or not to give permission for your PHI to be shared before it is used or shared. Your chosen health professionals that use the Service are prohibited from using or sharing your personally identifiable medical records for any purposes that are not part of normal, routine health care processes. You have the right to receive an accounting of all disclosures CaptureProof has made of your PHI. Accordingly, upon request made in a 12 month period, CaptureProof shall provide the patient, at no charge, with a copy of accounting of disclosures.
CaptureProof will provide you a notice that tells you how your PHI has been used and shared. This accounting will be provided without charge for the first request made in a 12-month period. Reasonable cost-based charges can be imposed to provide an additional accounting(s) if the request for the 2nd (3rd ...) accounting is within the 12 month period, as permitted by law.
5. Complaint. You may complain to CaptureProof and to the Secretary of the Department of Health and Human Services if you believe that your privacy rights have been violated.
If you have any questions about this Privacy Policy, please contact us at privacy@captureproof.com.
CaptureProof is committed to resolving complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy policy should contact the CaptureProof Privacy Officer at:
CAPTUREPROOF, Inc
c/o Privacy Officer, Meghan Conroy
611 S. Gateway Blvd, Ste 120
South San Francisco, CA 94080
United States of America
security@captureproof.com
415-691-7615
The CaptureProof Privacy Officer also serves as the Grievance Officer with respect to individuals governed by the privacy laws of India.
Last Modified: May 3, 2022
This Privacy Shield and GDPR Policy (this “Policy”) applies to all personal information received by CAPTUREPROOF, Inc. in the United States from the European Economic Area (EEA) (which includes the Member States of the European Union (EU) plus Iceland, Liechtenstein and Norway) and Switzerland. This Policy sets out our practices for collecting, using, maintaining, protecting and disclosing that personal information in accordance with the Privacy Shield Framework Principles and the General Data Protection Regulation.
For purposes of this Policy, the following definitions shall apply:
"Anonymous or Anonymized Information" means information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.
"CaptureProof" means CAPTUREPROOF, Inc and any of its subsidiaries, predecessors and successors in the United States.
"Controller" means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Personal information or personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal information or personal data does not include information that is anonymous or anonymized, including for statistical or research purposes.
"Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of a controller.
"Third Party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
CaptureProof complies with the US-EU and US-Swiss Privacy Shield as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from EEA member countries and Switzerland. CaptureProof has certified that it adheres to the Privacy Shield Framework Principles, which are the basis for the principles of this Policy. To learn more about the Privacy Shield program, and to view CaptureProof’s certification, visit .
CaptureProof complies with the GDPR requirements regarding the collection, use, and retention of personal data from EU member countries.
CaptureProof takes your privacy very seriously. We are committed to protecting the privacy of visitors to the CaptureProof.com web site and mobile application (the "Site"). The purpose of this Privacy Shield and GDPR Policy is to inform you what kinds of information we may collect about you when you visit the Site or use the service offered on the Site (the "Service"), how we may use that information, to whom we may disclose it, and the choices you have regarding our use of, and your ability to manage and edit, your information. This Policy applies to the Site and the Service.
This Policy governs information we collect about patients who use the Service ("Patients") and about designated health care professionals who are part of a Patient's health care team ("Medical Professionals").
Patients and Medical Professionals can access the Service through the Sites, via desktop or laptop computer, mobile phone, tablet, or other consumer electronic device. This Policy governs your use of the Service regardless of how you access the Service.
The Service is a health records platform that allows Patients to gather, edit, add to, store, and share their protected health information online and to communicate and share that information with designated Medical Professionals. This Service also allows Medical Professionals to gather, edit, add to, store and share protected health information online related to the treatment of Patients and share that information with their Patients and other designated Medical Professionals.
The Service allows you to manage your health record, such as the ones you create for yourself or for your child(ren). You choose what information to put in your records. Examples of the types of information you can store in a record include:
When you use the Service, CaptureProof collects IP address, email address, phone number, name and other contact information in order to provide the Service.
If you are a Patient, CaptureProof also collects your health information including gender and date of birth. When Patients use the Service, we collect health information that relates to (a) your past, present or future physical or mental health or condition, and (b) the provision of health care to you. This health information includes notes describing health conditions, communications with your medical clinician, photos of body parts or video of body movements and/or experiences, and any other information you upload to the Service. You can use the Service to enter a wide range of health information into a record. You can give others permission to view, and/or add information in a record. You cannot currently delete any photos, videos and/or chat from your account. Requests to delete information must be made to privacy@captureproof.com. Providing a profile picture is optional for Patients.
If you are a Medical Professional, CaptureProof also collects your patient communications. We also may collect information about your medical credentials, such as your medical license number, degree, office number and specialty. Providing a profile picture is optional for Medical Professionals.
We use personally identifying information collected through the Service, including Patients' health information:
We may also ask you to participate in use surveys, questionnaires or polls, to facilitate feedback and input from our users. When you respond to surveys, questionnaires or polls, this information is collected only as anonymous, aggregated information and is used for statistical purposes only.
Where CaptureProof receives personal information from its subsidiaries, affiliates or other entities in the EEA or Switzerland, CaptureProof will use that information in accordance with the notices those entities provided to the individuals to whom that personal information relates and the choices made by those individuals.
For those responsible for payment for use of the Service (health care providers, medical practices or institutions, but not patients), we use a third party provider to collect your payment information as required to process those purchase transactions.
We also collect other information required to configure, use, and receive support for the Services, the time you visited, and browser type.
When you use the Service, we automatically record information, from the computer, mobile phone or other consumer electronic device you use to access the Service, that device's software, and your activity using the Service (collectively, "Analytics Information"). This may include information that constitutes personal information such as: the device's Internet Protocol ("IP") address, browser type, the web pages you visit on our website, information you search for on our website, locale preferences, identification numbers associated with your device, your mobile carrier, date and time stamps associated with transactions, system configuration information, captured metadata from photos and video concerning your uploaded health information, and other interactions with the Service.
We may use Analytics Information to monitor and analyze use of the Service, for the Service's technical administration, to increase the Service's functionality and user-friendliness, and to verify users have the authorization needed for the Service to process their requests.
We may disclose personal information to data analytics companies such as Google Analytics which is Privacy Shield certified. To learn more about the privacy policy of Google Analytics, visit: http://www.google.com/intl/en/policies/privacy .
These data analytics companies may use the data collected to contextualize and personalize the ads of its own advertising network. You will have the option to accept or reject the use of your personal data by these data analytics companies for these purposes. You can opt-out of Google Analytics at https://tools.google.com/dlpage/gaoptout?hl-en .
An internet cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. We use cookies to help us identify and track visitors to the Site, their usage of the Site, and their website access preferences. You will have the option to accept the use of cookies or reject the use of cookies. Certain features of the Site may not function properly without the aid of cookies.
A key purpose of the Service is to facilitate the sharing by Patients of health information with Medical Professionals that are designated members of the Patient's health care team. Patients can choose to share specific information (or all information) with a designated Medical Professional.
Patients can share health information with designated Medical Professionals once they have established a Medical Professional - Patient relationship as outlined in our Terms of Service. Once data is shared it will remain shared with the Medical Professional. Terminating the connection will prevent the Medical Professional from having access to any subsequent data uploaded and/or shared by the patient.
No Medical Professional who accepts a sharing invitation has the ability to use the Service to share a Patient's health information with third parties, the exception being that Medical Professionals can use or disclose health information, such as X-rays, laboratory and pathology reports, diagnoses, photos, videos, and other medical information for treatment, payment or health care operations purposes only without the patient's authorization. This includes sharing the information to consult with other providers, including providers who are not covered entities, to treat a different patient, or to refer the patient.
We may disclose your personally identifying information to third parties when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect national security; (c) protect the safety of any person from death or serious bodily injury; (d) prevent fraud or abuse of CaptureProof or its users; or (d) to protect CaptureProof's property rights. If we provide your personally identifying information to a law enforcement agency as set forth above, when legally required, we will remove CaptureProof's encryption from the files before providing them to law enforcement. However, we will not be able to decrypt any files that you encrypted prior to storing them on the Service.
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personally identifying information may be transferred as part of that transaction, but we will notify you of this transfer of your information (for example, via email and/or a prominent notice on the Site). We will also notify you of choices you may have regarding the transfer of your information.
We may disclose your non-personally identifying information to third parties. We may share with third parties, anonymized information in the aggregate for the purpose of improving the Service and for business and administrative purposes. We do not sell, trade or rent your personal information to third parties.
We may permit certain trusted third party companies and individuals to access your information in connection with their performance of services to help us maintain, operate, analyze, and improve the Service, including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service’s features. These third parties may have access to your personal information only for purposes of performing these tasks on our behalf. CaptureProof obtains assurances from these third parties that they will safeguard personal information consistently with this Policy. Appropriate assurances are obtained under contract obligating the third party to provide at least the same level of protection as is required by the relevant Privacy Shield Framework Principles and the GDPR. CaptureProof remains liable for the acts and omission of its third party agents.
You may review, update, correct or delete the personally identifying information provided in your registration or Profile by changing your Profile settings. If your personally identifiable information changes, or if you no longer desire to use the Service, you may update or delete it by making the change in your Profile settings. In some cases we may retain copies of your information if required by law.
We will retain your information for as long as your account is active or as needed to comply with applicable federal and state laws. If you delete your account, we may retain and use your information only as allowed by law to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information as quickly as possible upon request. Please note, however, that there might be a delay in deleting information from our servers. Any information that remains will continue to be protected by CaptureProof under the terms of this Privacy Shield and GDPR Policy.
We follow generally accepted industry standards to protect your health information and other personally identifying information that we collect about you. We use firewall barriers, SSL 256-bit high-grade encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect user accounts and systems from unauthorized access. However, no method of transmission over the Internet or method of electronic storage is 100% secure.
CaptureProof maintains records of processing activities including: (a) name and contact details of the processor(s) and controller(s) and their representatives and data protection officers where applicable; (b) categories of processing carried out; (c) transfers of personal data to third countries or international organizations (including names of third countries or international organizations) and documentation of suitable safeguards where applicable. Where possible, CaptureProof maintains a general description of the applicable technical and organizational security measures.
CaptureProof offers individuals the opportunity to choose whether their personal information is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual - unless the use or disclosure is otherwise permitted or required by the Privacy Shield Principles or GDPR.
You will have the option to accept or reject the use of cookies. This includes cookies utilized by CaptureProof and data analytics companies used by CaptureProof. If you choose to reject the use of cookies by the data analytics companies, you will be linked to their opt-out page. Opting-out of these services may limit your ability to use the Services.
CaptureProof uses personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. CaptureProof takes reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete and current.
The Privacy Shield Framework Principles and the GDPR give data subjects' certain rights with respect to their personal information. These rights include the right to access, correct, delete, restrict, and move personal information subject to certain requirements, restrictions, and exceptions. Data subjects may also object to the processing of personal data under certain circumstances. Data subjects also have certain rights with respect to automated decision-making including profiling. As set forth in this Policy, CaptureProof will provide data subjects their rights as required by law and subject to the requirements, restrictions and exceptions set forth in the Privacy Shield Framework and GDPR.
In order to request access, correction, deletion, restriction, or movement; or in order to object to processing or automated decision making, please email: security@captureproof.com. CaptureProof may need to verify your identity prior to granting any such request.
Upon request, CaptureProof will, as required by applicable law, grant individuals reasonable access to personal information that it holds about them. CaptureProof will assist controllers in fulfilling requests by individuals for access to their information that is being processed by CaptureProof. A copy of personal data undergoing processing must be provided to data subjects by controllers without charge. Controllers may charge a reasonable fee for additional copies. An individual's right to access may be limited if it would adversely affect the rights and freedoms of others.
Upon request, CaptureProof will, as required by applicable law, permit individuals to correct or amend information without undue delay that is demonstrated to be inaccurate or incomplete. As a processor, CaptureProof will assist controllers in fulfilling requests by individuals for correction or amendment. Taking into account the purposes of the processing, data subjects have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Upon request, CaptureProof will delete information without undue delay as required by applicable law. As a processor, CaptureProof will assist controllers in fulfilling requests by individuals for deletion. The right to have personal information deleted is subject to certain conditions, including but not limited to: the data is no longer necessary for the purposes for which it was collected or processed; the data subject withdraws consent when the processing is based on consent and there are no other legal grounds for processing; the data subject objects to the processing and there are no overriding legitimate grounds for the processing; and the data have been unlawfully processed. Under certain circumstances under the law, data cannot be deleted, including but not limited to when processing is necessary for: public health; scientific research or statistical purposes; and defense of legal claims.
Upon request, CaptureProof will restrict the processing of information as required by applicable law. As a processor, CaptureProof will assist controllers in fulfilling requests by individual for restrictions. Restrictions may be requested, for example, when: the accuracy of the personal data is contested; the processing is unlawful and the data subject prefers restriction to deletion; the data is no longer needed for processing but is still needed for defense of legal claims; or there is a question whether the processing overrides the interests of the data subject.
Under certain circumstances, data subjects have the right to receive their personal data in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from the initial controller. If technically feasible, data subjects may have the data transmitted directly from one controller to another. The right to portability must not adversely affect the rights and freedom of others. As a processor, CaptureProof will assist controllers in movement of the data for these purposes as applicable.
Data subjects have the right to object to the processing of personal data under certain circumstances including the right to object at any time to the processing of personal data for direct marketing purposes. Once a data subject objects to processing for direct marketing purposes, the personal data may no longer be processed for such purposes.
Data subjects also have certain rights with respect to automated decision-making including profiling. A data subject has the right, under certain circumstances, not to be subject to profiling which produces legal effects for the data subject. This right does not apply if the profiling is necessary to perform a contract between the data subject and controller, is authorized by law, or is based on the data subject's explicit consent.
Upon request, CaptureProof will restrict the processing of information in accordance with the data subject's exercise of the right to object as required by applicable law. As a processor, CaptureProof will assist controllers in fulfilling such requests by individuals.
CaptureProof takes reasonable precautions to protect personal information in its possession. CaptureProof has put in place appropriate physical, technical and administrative safeguards to secure the information from loss, misuse, unauthorized access or disclosure, alteration, or destruction. CaptureProof has in place appropriate physical, technical and administrative safeguards to: (a) ensure the confidentiality, integrity, availability and resilience of processing systems and services; (b) restore the availability and access to personal data in the event of a physical or technical incident; and (c) test, assess and evaluate the effectiveness of the security measures. Additional details regarding security measures taken by CaptureProof can be found in the Security Policy.
In the event of a personal data breach, CaptureProof will provide appropriate notification in accordance with GDPR and other applicable laws. As a processor, CaptureProof will notify the controller of a personal data breach without undue delay after becoming aware of the breach.
CaptureProof conducts self-assessed compliance audits of its relevant policies and practices to verify adherence to this Policy. Any employee that CaptureProof determines is in violation of this policy will be subject to disciplinary action.
CaptureProof's Data Protection Officer can be contacted at:
CAPTUREPROOF, Inc
c/o Data Protection Officer, David Chasteen
611 S. Gateway Blvd, Ste 120
South San Francisco, CA 94080
United States of America
security@captureproof.com
415-691-7615
In compliance with Privacy Shield Principles, CaptureProof commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding out Privacy Shield policy should first contact CaptureProof at:
CAPTUREPROOF, Inc
c/o Privacy Officer, Meghan Conroy
611 S. Gateway Blvd, Ste 120
South San Francisco, CA 94080
United States of America
security@captureproof.com
415-691-7615
CaptureProof will investigate and attempt to resolve complaints regarding use and disclosure of personal information by reference to the principles contained in this Policy.
CaptureProof has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
CaptureProof has further committed to refer unresolved privacy complaints under the Privacy Shield to the DPAs or FDPIC as applicable. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by CaptureProof, please contact the DPA or FDPIC for more information and to file a complaint.
The EU DPA panel may be contacted at ec-dppanel-secr@ec.europa.eu and the EU DPA may be contacted directly via the information provided at http://ec.europa.eu/justice/data-protection/bodies/authorities/third-countries/index_en.htm Fax: (32-2)296 80 10. Telephone: (32-2)295 17 86. Mail: Data protection panel secretariat, Rue de Luxembourg 46 (01/126), B-1000 Brussels, BELGIUM.
The Swiss FDPIC may be contacted directly via the information provided at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html . By mail at Office of the Federal Data Protection and Information Commissioner FDPIC, Feldeggweg 1 CH 3003 Berne. Telephone +41 (0)58 462 43 95 (Monday-Friday 10-12am). Telefax: +41 (0)58 465 99 96.
The DPA and FDPIC dispute resolution process shall be conducted in English.
In addition, the United States Federal Trade Commission is the statutory body that has jurisdiction to hear any claims against CaptureProof regarding possible unfair or deceptive practices and violations of laws or regulations governing privacy. If CaptureProof does not resolve the complaint, you can submit the matter to arbitration to a single arbitration of the Privacy Shield Panel. The remedies from this arbitration are limited to individual-specific, non-monetary equitable relief (such as access, correction, deletion, or return of the individual’s data in question) necessary to remedy the violation of the Principles only with respect to the individual.
Adherence by CaptureProof to the Privacy Shield Principles may, as permitted, be limited (a) to the extent required to respond to a legal obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.
This Policy may be amended from time to time, in a manner consistent with the requirements of the Privacy Shield Principles and GDPR. CaptureProof will post any revised policy here and we encourage visiting the CaptureProof website periodically to check for updates.
When processing personal information or personal data pursuant to a contract with a controller, CaptureProof utilizes contractual clauses to ensure compliance with the Privacy Shield Framework Principles and the GDPR requirements. These contractual clauses shall include: (a) the subject-matter and duration of the processing; (b) the nature and purpose of the processing; (d) the type of personal data and categories of data subjects; and (e) the obligations and rights of the controller. The contractual clauses shall also stipulate that CaptureProof: (a) processes the personal data only on documented instructions from the controller unless otherwise required by applicable law; (b) ensures that persons authorized to process the personal data have agreed to treat the information confidentially; (c) takes appropriate security measures; (d) will not engage another third party processor (subcontractor) without prior specific or general written authorization from the controller; (e) will enter into a contract with any third party subcontractor requiring the subcontractor to provide the same protections imposed on CaptureProof; (f) will remain liable to the controller for the performance by subcontractors; (g) assists the controller in response to requests by data subjects seeking to exercise their rights insofar as possible given the nature of the processing; (h) assists the controller in ensuring compliance with security obligations insofar as possible given the nature or the processing and the information available to CaptureProof; (i) at the choice of controller, deletes or returns all personal data at the end of the provision of services unless otherwise required by law; and (j) makes information available to the controller to demonstrate compliance with the data protection law and as necessary for audits.
Last Modified: May 3, 2022
Last Modified: May 3, 2022
The Business Associate Agreement set forth below binds only Covered Entities, as defined in the Health Insurance Portablity and Accountability Act and implementing regulations ("HIPAA"), including Health Care Providers and the health care organization to which they belong. The Business Associate Agreement does not apply to Users who are patients.
This is the standard Business Associate Agreement (BAA) that CaptureProof offers to all Covered Entity Users. We are willing to negotiate terms of the Business Associate Agreement with any Covered Entity. In order to negotiate new terms to a BAA, we are willing to do so at a fixed fee of USD $3000.
We recognize that many Covered Entities have their own contracting requirements, and that our click-through BAA is not a one-size-fits-all document. We offer the ability for customers to negotiate our standard form BAA with us, within certain boundaries and on the terms and conditions set forth below. We will aim to be as flexible as we can, but we also recognize that, because of the wide variance in risk tolerances and different sensitivities attached to different types of health information, our product, and the terms under which it is offered, will not be suitable for all organizations. Subject to the payment of the $3,000 non-refundable fee, we will engage in good faith negotiations with you to put in place a BAA specific to your entity. However, as with any contractual negotiations, we cannot guarantee that an agreement will be reached.
Email: legal@captureproof.com for further information.
This Business Associate Agreement is between CAPTUREPROOF, Inc. and the covered entity User who purchases CaptureProof’s 'Service' as defined in the Terms and Conditions. This Business Associate Agreement is incorporated by reference into the Terms and Conditions of Service when applicable. Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule.
If you are entering into this Agreement on behalf of a business or medical practice, you represent that you have the authority to bind said business to this Agreement.
THIS BUSINESS ASSOCIATE AGREEMENT is dated on the day of acceptance of the "Terms and Conditions" or when the user begins to use the Service, whichever is first. This agreement is entered into between the User (hereafter referred to as "Covered Entity") and CAPTUREPROOF, Inc. (hereafter referred to as "Business Associate").
WHEREAS, Covered Entity is subject to the requirements of the Health Insurance Portability and Accountability Act ("HIPAA") and amendments thereto set forth in the American Recovery and Reinvestment Act (the "HITECH Amendments") and the HIPAA Privacy, Security and Breach Notification Rules (the "HIPAA Rules");
WHEREAS, Business Associate is a business associate of Covered Entity under HIPAA, the HITECH Amendments, and the HIPAA Rules.
NOW THEREFORE, the parties agree to the terms of this Business Associate Agreement as follows:
IN WITNESS WHEREOF, the parties have caused this Agreement to be executed by their duly authorized officers.
Business Associate Addendum
This Business Associate Agreement Addendum is between CAPTUREPROOF, Inc. and the covered entity User who purchases CaptureProof’s "Services” as defined in the Terms and Conditions. This Business Associate Agreement Addendum is incorporated by reference into the Terms and Conditions of Service when applicable. Terms used, but not otherwise defined, in this Addendum shall have the same meaning as those terms in the Privacy Rule.
If you are entering into this Addendum on behalf of a business or medical practice, you represent that you have the authority to bind said business to this Addendum.
THIS BUSINESS ASSOCIATE AGREEMENT ADDENDUM is dated on the day of acceptance of the "Terms and Conditions" or when the user begins to use the Service, whichever is first. This agreement is entered into between the User (hereafter referred to as "Covered Entity") and CAPTUREPROOF, Inc. (hereafter referred to as "Business Associate").
WHEREAS, Covered Entity is subject to the requirements of the Health Insurance Portability and Accountability Act ("HIPAA") and amendments thereto set forth in the American Recovery and Reinvestment Act (the "HITECH Amendments") and the HIPAA Privacy, Security and Breach Notification Rules (the "HIPAA Rules");
WHEREAS, Business Associate is a business associate of Covered Entity under HIPAA, the HITECH Amendments, and the HIPAA Rules.
NOW THEREFORE, the parties hereby agree to this Addendum to the Business Associate Agreement to protect personal information transferred from European Union/Swiss Countries in accordance with the Privacy Shield framework developed by the U.S. Department of Commerce in consultation with the European Commission to satisfy the European Commission's Directive on Data Protection.
The parties agree to comply with CaptureProof's Privacy Shield Policy which is incorporated herein by reference. This includes, but is not limited to, assurance from agents that they will safeguard personal information consistent with the Privacy Shield Policy.
IN WITNESS WHEREOF, each of the undersigned has caused this Addendum to be duly executed in its name and on its behalf as of the Effective Date.
Last Modified: May 3, 2022
Your browser has known security flaws, and may not display all features of this website. Please update your browser to the latest version, or download one of the following supported browsers:
