Privacy Policy
How NightingaleMD collects, uses, and protects your information
NightingaleMD, Inc. ("NightingaleMD," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website at nightingale.md, use our Florence AI Voice Care Navigator platform, or otherwise interact with our services.
1. Information We Collect
1.1 Information You Provide
We collect information that you voluntarily provide to us, including:
- Contact Information: Name, email address, phone number, and organization name when you request a demo or contact us.
- Professional Information: Your title, role, organization type, and electronic health record (EHR) system when you complete our demo request form.
- Communications: Any messages, feedback, or inquiries you send to us via email or our website.
1.2 Protected Health Information (PHI)
When our Florence AI Voice Care Navigator platform is deployed by healthcare providers and health plans, it may process Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). The handling of PHI is governed by our Business Associate Agreements (BAAs) with covered entities and is subject to our HIPAA Compliance policies.
1.3 Automatically Collected Information
When you visit our website, we may automatically collect:
- Browser type and version
- Operating system
- Pages visited and time spent on each page
- Referring website addresses
- IP address (anonymized)
2. How We Use Your Information
We use the information we collect to:
- Respond to your demo requests and inquiries
- Provide, maintain, and improve our Florence AI platform and services
- Communicate with you about our products, services, and updates
- Comply with legal obligations, including HIPAA requirements
- Protect the security and integrity of our platform
- Analyze website usage to improve user experience
3. How We Share Your Information
We do not sell your personal information. We may share information with:
- Service Providers: Third-party vendors who assist us in operating our platform, subject to confidentiality obligations.
- Healthcare Partners: Covered entities and their authorized representatives, as governed by Business Associate Agreements.
- Legal Requirements: When required by law, regulation, legal process, or governmental request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice.
4. Data Security
We implement industry-standard security measures to protect your information, including:
- Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256.
- Access Controls: Role-based access controls with multi-factor authentication for all system access.
- SOC 2 Type II Certification: Our platform undergoes regular third-party security audits.
- IAL-2 Identity Assurance: We maintain IAL-2 level identity verification for platform access.
- Monitoring: Continuous security monitoring and incident response procedures.
5. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law. Demo request information is retained for up to 24 months. PHI retention is governed by applicable HIPAA regulations and our agreements with covered entities.
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate information
- Request deletion of your personal information
- Opt out of marketing communications
- Request a copy of your data in a portable format
For PHI-related rights, please refer to our HIPAA Compliance page, which includes information about your rights under the HIPAA Privacy Rule.
7. Cookies and Tracking
Our website uses minimal cookies necessary for site functionality. We do not use third-party advertising trackers. Analytics data is collected in aggregate and anonymized form only.
8. Children's Privacy
Our website and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised effective date. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:
NightingaleMD, Inc.
Email: hello@nightingalemd.com
Website: www.nightingale.md