Information We Collect

Ondara collects information in several ways to provide and improve our services. We collect information that you provide directly when creating an account, including your name, email address, organization name, and password. When patients complete intake forms through Ondara, we collect the information they provide, which may include personal health information (PHI) such as medical history, symptoms, and other clinical data. We also automatically collect certain technical information through your use of our platform, including IP addresses, browser type, pages visited, and usage patterns. This information helps us understand how our platform is being used and identify areas for improvement.

How We Use Your Information

We use the information we collect for several purposes. First, we use it to provide and maintain our services, including processing intake forms and generating clinical summaries. We use your information to communicate with you about service updates, security alerts, and other administrative matters. With your consent, we may use your information to send you promotional content and updates about new features. We also use information to comply with legal obligations, enforce our terms of service, and protect the rights and safety of our users and platform. Analysis of usage patterns helps us improve our features and user experience.

Data Security

We implement comprehensive security measures to protect your information. All data, including Protected Health Information (PHI), is encrypted using AES-256-GCM encryption both at rest and in transit. We use industry-standard transport layer security (TLS) protocols for all data transmission. Access to systems containing PHI is restricted to authorized personnel only, and we maintain detailed audit logs of all access and modifications. Our infrastructure is hosted on secure, compliant cloud platforms with regular security audits and penetration testing. We also maintain strict internal policies regarding data handling and employee access to sensitive information.

HIPAA Compliance

Ondara is designed to be HIPAA-compliant from the ground up. We maintain technical, administrative, and physical safeguards required under HIPAA regulations. For covered entities and business associates, we offer a Business Associate Agreement (BAA) that outlines our obligations regarding the handling of PHI. Our platform implements role-based access controls, ensuring that users can only access the information necessary for their role. We conduct regular risk assessments and maintain documented policies and procedures for handling PHI. All staff handling PHI receive HIPAA training and awareness instruction.

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. Patient intake data and clinical summaries are retained according to your practice's specified retention period or until you request deletion. Account information is retained as long as your account is active. If you delete your account, we will delete associated personal information within 30 days, except where we are required to retain it by law or for legitimate business purposes. You may request specific information be deleted at any time, subject to legal retention requirements.

Your Rights

You have several rights regarding your information. You can access, review, and export your personal information at any time through your account settings. You have the right to correct inaccurate information and request deletion of your data, subject to legal requirements. You may object to certain uses of your information and have the right to restrict processing in certain circumstances. Under HIPAA, patients have the right to request access to their PHI, request amendments, and receive an accounting of disclosures. To exercise any of these rights, please contact us using the information provided at the end of this policy.

Third-Party Services

Our platform may integrate with third-party services such as email providers and communication tools to enhance functionality. We only share information with third-party service providers when necessary and have agreements in place to ensure they maintain appropriate security and confidentiality standards. We do not sell or share your personal information or PHI with third parties for marketing purposes. Any third-party services that handle PHI are required to execute a Business Associate Agreement with us and must comply with HIPAA regulations.

Children's Privacy

Ondara is not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information promptly. For individuals between 13 and 18, parental consent may be required for certain services. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by email or by updating the "Last updated" date at the top of this policy. Your continued use of Ondara after changes become effective constitutes your acceptance of the updated privacy policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions about this privacy policy, our data handling practices, or wish to exercise your privacy rights, please contact us at:

Ondara Privacy
Email: privacy@ondara.ai
Address: [Company Address]
Phone: [Company Phone]