Privacy Policy

NightingaleMD, Inc. (“NightingaleMD,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website at nightingale.md, use our Florence AI Voice Care Navigator platform, or otherwise interact with our services.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, and organization name when you request a demo or contact us.
• Professional Information: Your title, role, organization type, and electronic health record (EHR) system when you complete our demo request form.
• Communications: Any messages, feedback, or inquiries you send to us via email or our website.

1.2 Protected Health Information (PHI)

When our Florence AI Voice Care Navigator platform is deployed by healthcare providers and health plans, it may process Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). The handling of PHI is governed by our Business Associate Agreements (BAAs) with covered entities and is subject to our HIPAA Compliance policies.

1.3 Automatically Collected Information

When you visit our website, we may automatically collect:

• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referring website addresses
• IP address (anonymized)

2. How We Use Your Information

We use the information we collect to:

• Respond to your demo requests and inquiries
• Provide, maintain, and improve our Florence AI platform and services
• Communicate with website visitors, prospective customers, customers, providers, care teams, health plans, and patients about our services, support, and operational updates
• Send non-marketing healthcare-related SMS messages to patients on behalf of participating providers, care teams, and health plans, where the patient has provided consent
• Comply with legal obligations, including HIPAA requirements
• Protect the security and integrity of our platform
• Analyze website usage to improve user experience

3. SMS Communications

NightingaleMD may send non-marketing healthcare-related SMS messages to patients on behalf of participating healthcare providers, care teams, and health plans. These messages may include appointment reminders, care follow-ups, medication adherence support, scheduling assistance, care management outreach, and requests to confirm or update care-related information.

Patients receive SMS messages from NightingaleMD only after providing consent through their provider, care team, health plan, or applicable care enrollment process. Consent may be collected verbally, electronically, or in writing and may be documented by the provider, health plan, care team, or NightingaleMD, depending on the applicable workflow.

Message frequency varies based on the patient's care needs and the communications requested by the patient's provider, care team, or health plan. Message and data rates may apply. Patients may reply STOP to opt out of SMS messages at any time or HELP for assistance.

NightingaleMD SMS messages are intended for healthcare operations, care coordination, and patient support. They are not marketing or promotional messages.

NightingaleMD does not sell or share SMS opt-in data, consent records, or mobile phone numbers with third parties or affiliates for marketing or promotional purposes.

4. How We Share Your Information

We do not sell your personal information. We also do not sell or share SMS opt-in data, consent records, or mobile phone numbers with third parties or affiliates for marketing or promotional purposes. We may share information with:

• Service Providers: Third-party vendors who assist us in operating our platform, subject to confidentiality obligations.
• Healthcare Partners: Covered entities and their authorized representatives, as governed by Business Associate Agreements.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice.

5. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256.
• Access Controls: Role-based access controls with multi-factor authentication for all system access.
• SOC 2 Type II Certification: Our platform undergoes regular third-party security audits.
• IAL-2 Identity Assurance: We maintain IAL-2 level identity verification for platform access.
• Monitoring: Continuous security monitoring and incident response procedures.

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Demo request information is retained for up to 24 months. PHI retention is governed by applicable HIPAA regulations and our agreements with covered entities.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Opt out of marketing communications
• Request a copy of your data in a portable format

For PHI-related rights, please refer to our HIPAA Compliance page, which includes information about your rights under the HIPAA Privacy Rule.

8. Cookies and Tracking

Our website uses minimal cookies necessary for site functionality. We do not use third-party advertising trackers. Analytics data is collected in aggregate and anonymized form only.

9. Children's Privacy

Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

11. Contact Us