Vai Portal – Privacy Policy

Last Updated: May 4, 2025

Vai Portal ("we," "us," or "our"), a New York-based company, is committed to protecting your privacy and handling your sensitive health information responsibly. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that data, in compliance with applicable US federal laws—including HIPAA—, the California Consumer Privacy Act (CCPA) if relevant, and New  York State privacy laws such as the SHIELD Act.

By using the Vai portal services ("Services"), you consent to the practices described in this Privacy Policy.

1. Data Collection & Use

Information You Provide

• Contact Information: Your name and email address for account creation, identity verification, and communication.
• Protected Health Information (PHI): Medical data such as brain X-ray images, MRI images, other medical reports, and related clinical notes you upload to obtain a second opinion. This information is treated as PHI under HIPAA.

How We Use Your Information

• To Provide Services: Contact information is used for account management and service communications. Uploaded images and reports are used solely by authorized personnel (including consulting physicians bound by confidentiality) to create the second opinion you request.
• Improving Services: We may use aggregated or fully de-identified data (which cannot identify you) to analyze usage and improve our platform.
• Purpose Limitation: We do not share, sell, rent, or trade your identifiable personal information or PHI with third parties for marketing or commercial use, and we never use PHI for advertising. We will use or disclose PHI only as required or permitted by law.

2. Health Data Handling (Protected Health Information – PHI)

• Sensitivity & Confidentiality: We treat uploaded medical data with the highest level of confidentiality, adhering to HIPAA privacy and security standards.
• Access Control: Only authorized personnel directly involved in your second opinion (processing staff and consulting physicians) can access your PHI, and only on a need-to-know basis under strict confidentiality.
• Compliance: All PHI is handled in accordance with HIPAA, the HITECH Act, and applicable New York State laws.
• User Responsibility: You are responsible for the clarity and completeness of the images and reports you upload and for retaining your originals.

3. Data Security

We maintain reasonable administrative, technical, and physical safeguards to protect your personal information and PHI, consistent with the HIPAA Security Rule and the NY SHIELD Act’s “reasonable security” standard. Measures include:

• Secure hosting platforms with robust physical and electronic protections
• Encryption (SSL/TLS) for data in transit and at rest
• Strict access controls, audit logs, firewalls, and assessments
• Staff training on privacy and security obligations

No system is 100% secure. If a breach involving unsecured PHI or personal data occurs, we will notify affected individuals and authorities as required by law.

4. User Rights

Under HIPAA and other applicable laws, you have rights regarding your information:

• Access to PHI in your designated record set
• Amendment of inaccurate or incomplete PHI
• Accounting of Disclosures we have made of your PHI
• Request Restrictions on certain uses/disclosures
• Confidential Communications by alternative means
• Deletion of your account and contact data (subject to legal retention requirements)
• Opt-Out of non-essential communications (we do not sell your data)
• Non-Discrimination for exercising your rights

To exercise these rights, contact us using the details below. We will respond within legally required timeframes and may need to verify your identity.

5. Children’s Privacy

Our Services are intended for adults (18+) or for minors only through a parent/legal guardian who provides consent. We comply with COPPA and do not knowingly collect personal data from children under 13 without verifiable parental consent. If we learn that we have such data, we will delete it promptly.

6. Legal Compliance

We operate in compliance with HIPAA, the HITECH Act, the NY SHIELD Act, and other applicable US federal and New York State privacy and security laws.

7. Policy Updates

We may update this Privacy Policy periodically. Material changes will be posted on our platform with an updated "Last Updated" date and (where required) provided via direct notification. Continued use after changes constitutes acceptance.

8. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact our Privacy Officer at:

[Email Address for Privacy Inquiries]
[Company Name]
[Mailing Address in New York]
[Phone Number]

By using Vai Portal, you acknowledge that you have read, understood, and agree to this Privacy Policy.