Privacy Policy

Interactive Care Privacy Policy

Last Updated: April 23, 2025

This Privacy Policy describes how Interactive Care (intcare.org) (“Interactive Care”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal information of users. Interactive Care is an online healthcare service that uses AI-powered interactive avatars for virtual patient engagement, including history taking, procedure explanations, and post-operative care. We are based in the United Arab Emirates (UAE) and are committed to protecting your privacy in compliance with all applicable laws, including the EU General Data Protection Regulation (GDPR)​en.wikipedia.org, the U.S. Health Insurance Portability and Accountability Act (HIPAA)​ncbi.nlm.nih.gov, and UAE data protection laws (such as the Personal Data Protection Law, PDPL). By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use Interactive Care.

Information We Collect

We collect personal information necessary to provide our healthcare services and to operate our website effectively. The types of information we may collect include:

  • Personal Identification and Contact Information: Name, contact details (such as phone number or email address), and any identifiers you or your clinician provide to access the service. Patients typically access our questionnaire via a unique one-time access code, which is associated with their session.
  • Health Information: Medical history details, symptoms, treatment information, post-operative feedback, and other health-related responses you provide through our AI interactive avatars. This may include sensitive health data (Protected Health Information or PHI under HIPAA definitions) that you share during virtual history taking or procedure explanations.
  • Clinician Information: Contact details of the designated clinician or healthcare provider (e.g. name, email address) who will receive the patient’s submitted questionnaire data. This is provided to ensure your responses reach the correct healthcare professional.
  • Usage Data: Information about how you use our website and portal. This can include technical data such as your IP address, browser type, device type, operating system, and timestamps of access. We also collect data on interactions with our site (pages visited, features used) to understand user engagement.
  • Cookies and Tracking Information: Through the use of cookies and similar technologies, we gather data on user preferences and website traffic. This may include cookie identifiers or analytics IDs that help us recognize your browser or device and analyze usage patterns. (See “Use of Cookies and Tracking Technologies” below for more details.)

We collect most information directly from you or your clinician (for example, when a clinician generates an access code or when you fill out the interactive questionnaire). In some cases, we may automatically collect certain data (such as Usage Data) when you navigate our site. All collection is done via secure portals and forms to ensure confidentiality.

How We Use Your Information

We use the collected information for the following purposes, and always in accordance with applicable law:

  • To Provide and Improve Our Services: We process personal and health information to facilitate your virtual engagement with our interactive avatars and to enable thorough history taking, procedure explanation, or post-operative check-ups. Your information allows the AI avatar to tailor its questions and provide relevant guidance, and it enables us to compile a report of your responses for your clinician. We may also use aggregated or de-identified information to improve our service features and the AI’s effectiveness (for example, to refine the avatar’s questions or user experience) without using personally identifiable details.
  • To Deliver Information to Your Clinician: The primary use of your health responses is to send them to the designated healthcare provider for review and follow-up care. After you submit your questionnaire, our system emails your responses to your clinician’s secure email address. This ensures that your provider has the information needed for your care. We treat this transmission with the same level of privacy and security as any medical record transfer under HIPAA​ncbi.nlm.nih.gov.
  • Operational Needs and Service Administration: We use personal data to administer our website and portals. This includes using the one-time access code to verify your session and ensure that only you (and not an unauthorized person) can access your questionnaire. We might use your contact information to communicate with you about the service when necessary (for example, to send confirmations or technical notices, or to respond if you reach out for support). We may also use data internally to monitor for and prevent fraud, abuse, or other activities that could harm the security or integrity of our systems.
  • Legal and Compliance: We process information as required to comply with legal obligations and regulatory requirements. For example, we may retain certain transaction records or communications as required by healthcare regulations, or use your data to fulfill reporting obligations (e.g. responding to lawful requests by authorities, or to comply with data protection audits under GDPR/PDPL). We also ensure our data processing aligns with the legal bases provided under relevant laws – for instance, we rely on your consent (especially for processing health information, which is sensitive) and on the necessity of processing to provide the healthcare service you requested. Where applicable, we adhere to data minimization and purpose limitation principles under GDPR​en.wikipedia.org, using your data only for the purposes stated in this policy or compatible purposes.

We do not use your personal information for any unrelated secondary purposes without your consent. In particular, we do not use patient data for advertising or share it with third parties for their own marketing. Any automated decision-making or profiling using your data (for example, AI analysis of your responses) is solely for providing the healthcare service and not to make any legally significant decisions about you without human involvement. If we ever need to use your information for a new purpose not described above, we will update this Privacy Policy and, if required, seek your consent.

Data Sharing and Disclosure

Interactive Care treats your personal information with care and confidentiality. We only share your data in limited situations, all aimed at operating our service or complying with the law. The parties with whom we may share data include:

  • Your Healthcare Provider/Clinician: The most direct sharing is with the clinician designated to receive your questionnaire results. Upon submission, your responses (including personal and health information) are emailed or otherwise securely delivered to that clinician, who will use the information for your treatment or follow-up. The clinician is typically a licensed healthcare provider who is separately responsible for protecting your health information under laws like HIPAA (if applicable) and their own privacy practices.
  • Service Providers (Processors): We use trusted third-party service providers to support our operations. These include web hosting providers, cloud infrastructure services, email delivery services, and technical support tools. For example, we might host our platform on a secure cloud server or use an email service to send the questionnaire results to clinicians. These providers may process personal data on our behalf solely for the purposes of providing their services to us (e.g., storing data, transmitting emails, or running analytics). We require all service providers to enter into appropriate agreements (such as Data Processing Agreements and, where applicable, Business Associate Agreements under HIPAA) to ensure they safeguard your data and use it only as instructed by us.
  • Analytics and Tracking Partners: Like many websites, we utilize standard analytics tools (e.g., Google Analytics or similar) to understand how users interact with our site and to improve the user experience. These tools may receive Usage Data (such as your IP address, device info, and browsing behavior). The information shared with analytics providers does not include your health responses or identifying medical information, but it may include online identifiers or geolocation data as captured by cookies. We ensure that any third-party analytics service is obligated to protect the data it collects on our behalf and not to use it for their own purposes beyond providing us with analytics. You have options to opt out of analytics – see “Your Rights and Choices” below.
  • Legal Compliance and Protection: We may disclose personal information if required to do so by law or legal process. For instance, if we receive a court order, subpoena, or lawful request by a government authority, we may need to provide the requested data. We may also share information when we believe it is necessary to investigate or enforce our terms and conditions, to protect the rights, privacy, safety, or property of our users, ourselves, or others, or to detect and prevent fraud or security issues.
  • Business Transfers: If Interactive Care undergoes a business transaction such as a merger, acquisition, corporate reorganization, or sale of assets, your personal data may be transferred to the successor or new owner as part of that deal. In such cases, we will ensure that the new owner is bound by confidentiality obligations and this Privacy Policy (or one with equivalent protections). We will notify you of any change of ownership or uses of your personal information, as well as any choices you may have regarding your personal data, in accordance with applicable laws.
  • Third-Party Integrations: In general, we do not share your information with third parties for their independent use, except as described above. We do not sell your personal data to any third parties. If in the future our service integrates with any third-party applications or tools (for example, a secure patient portal or a telemedicine platform) at your or your clinician’s request, we will only share data with those services with your consent or as necessary to fulfill the service (and we will ensure those third parties are obligated to protect your data).

Every third party that receives personal data from us is vetted for strong privacy and security practices. We disclose only the minimum information necessary for each purpose (data minimization). For example, our hosting provider has access to data stored on its servers but not to any more information than needed to keep our service running; our analytics providers see usage trends but not your individual identity if possible. By maintaining strict agreements and access controls, we ensure your data is not improperly disclosed or misused.

Data Retention and Deletion

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Given the nature of our healthcare service, we employ an intentionally short retention period for patient-provided data:

  • Patient Questionnaire Data: When you (the patient) complete the interactive questionnaire and submit your responses, our system immediately transmits your data to the designated clinician via secure email. After confirming the successful delivery of that email, we promptly delete your submitted responses and associated personal data from our active systems. This means the health information you provided is not stored on our servers beyond the short duration needed to compile and send it. The one-time access portal tied to your code is also deactivated and deleted upon submission, preventing any further access. This approach is part of our commitment to privacy by design – by automatically purging your data, we minimize the risk of unauthorized access or prolonged retention of sensitive health information.
  • Access Codes: The unique one-time access codes are invalidated after use. Once you have submitted your questionnaire (or if a code expires without use), the code can no longer be used to access any data. We may retain a record that a particular code was issued or used (e.g., a timestamp and which clinician it was associated with) for a brief period for audit and security purposes, but without the content of your questionnaire. These code records, if kept at all, are purged on a regular schedule once they are no longer needed (for example, we might clear code logs after a few weeks to ensure system integrity, unless required for investigation of an incident).
  • Clinician and Operational Data: If you are a clinician using Interactive Care, we may retain your contact information and account details for as long as you continue to use the service and as needed for our business relationship. If a clinician account is closed or inactive, we will delete or anonymize the associated personal information within a reasonable time, unless we are required to keep it for legal reasons (such as compliance with health record-keeping laws or contractual obligations). Any email communications or support tickets will be kept only as long as needed to resolve issues or as required by law.
  • Web Analytics Data: Data collected via cookies and analytics tools may be retained by us or our third-party analytics providers for a certain period (for example, Google Analytics retains user-level and event data for a set duration, often 14 months by default). This data is generally aggregated and not directly identifiable to you. We retain analytics data to analyze trends over time and improve our website, but we do not link this data to individual patient identities. Where possible, we configure analytics to automatically delete old data after a set period. You can also clear cookies from your browser to remove certain tracking data (see “Use of Cookies and Tracking Technologies”).
  • Legal Retention Requirements: In certain cases, we may need to retain data for longer to comply with legal obligations or resolve disputes. For example, healthcare regulations or medical malpractice laws might require that records of care or related communications be preserved for a minimum period. However, since Interactive Care itself does not serve as the permanent medical record holder (we transfer information to your provider), our policy is to avoid storing patient health data long-term. If any personal data must be retained in backups or archives, we will secure it and isolate it from routine use. Once any applicable retention period expires, we will ensure the data is securely deleted or anonymized.

When we delete personal information, we use commercially reasonable and secure methods to render the data unrecoverable. This may include secure erasure of electronic files and overwriting of backups. Please note that once data is deleted from our active systems, it cannot be recovered. If you need a copy of your submitted questionnaire for your own records, please consider saving it before submission or requesting it from your clinician (as we will not have access to it after deletion).

Use of Cookies and Tracking Technologies

Interactive Care utilizes cookies and similar tracking technologies to provide a smooth online experience and to gather useful information about how our services are used. This section explains what these technologies are and how we use them:

  • What Are Cookies? Cookies are small text files that are stored on your browser or device by websites, applications, or advertisements. They often include an anonymous unique identifier. Cookies allow a website to remember your actions or preferences over time. Similar technologies include web beacons (pixel tags), local storage, and scripts that recognize your device.
  • How We Use Cookies: We use cookies for several purposes:
    • Essential Cookies: These are necessary for the operation of our service. For example, when you enter your one-time access code and fill out the questionnaire, an essential session cookie may be used to keep you logged in to that session securely as you navigate through the questions. Without these, the service may not function properly.
    • Preference Cookies: If our site offers settings or preferences (like language selection or font size), cookies might remember these choices so you have a tailored experience.
    • Analytics Cookies: We use these to collect information about how visitors use our website. This helps us understand user behavior and improve our service. For instance, we may use Google Analytics cookies to see which pages are visited most or how users found our site. The data collected typically includes information like the pages you visit, how long you stay, what browser or device you used, and approximate geographic location. This information is aggregated and does not directly identify you. It helps us analyze site traffic and performance.
    • Security Cookies: Some cookies are used to enhance security, for example by helping to detect malicious activity or violations of our terms. These cookies might store information about your session or use mechanisms to ensure that an action on the site is genuinely from you.
  • Third-Party Cookies: As part of our use of third-party services, such as analytics or embedded content, those third parties may set their own cookies. For example, our site analytics provider might set cookies to help measure interactions. We do not use any third-party advertising networks that set cookies, and we do not allow third parties to collect your personal data for advertising via our site. Any third-party cookies on our site are intended for our operational analytics or functionality needs only.
  • Cookie Choices: You have the ability to control or limit how cookies are used. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed on your device. Please note that if you disable certain cookies (especially essential cookies), some parts of our service may become unavailable or not function properly – for example, the interactive questionnaire may not remember your progress without a session cookie.
    • When you first visit our website from certain jurisdictions, you may see a cookie notice or banner. If required by law (such as in the EU/UK), we will obtain your consent for non-essential cookies. You can choose to accept or decline analytics cookies via that interface.
    • Even after accepting, you can always clear cookies from your browser or use browser extensions to manage tracking. For Google Analytics specifically, Google provides an opt-out browser add-on you can install to prevent data collection by Google Analytics on any site.
  • Do Not Track Signals: “Do Not Track” (DNT) is a preference you can set in your browser to signal that you do not wish to be tracked across websites. Our website currently does not respond to DNT signals, because there is no industry standard for interpreting them. However, we only use your data as described in this policy, and you can opt out of tracking as noted above.

By using our site without disabling cookies, you consent to our use of cookies as described here. We provide notice of our cookie use in this Privacy Policy and (where required) via a banner. For more detailed information about the specific cookies we use or to change your preferences, please contact us (see “Contact Information” below).

Data Security

We take the security of your personal data very seriously. Interactive Care implements administrative, physical, and technical safeguards to protect the information we collect and maintain​securitashealthcare.com. These measures are designed to prevent unauthorized access, maintain data integrity, and ensure the confidentiality of sensitive information, in line with industry standards and legal requirements (including HIPAA’s Security Rule and GDPR’s security obligations). Key security practices include:

  • Encryption: All communications between your browser and our platform are encrypted using Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocols. This means that when you enter your information into the questionnaire or when data is transmitted to the clinician, it is encrypted in transit to prevent eavesdropping. We also encrypt sensitive data at rest on our servers or databases, so that if our storage were accessed without authorization, the data would be unreadable. Email deliveries of patient data to clinicians are sent through secure channels. If we use third-party email services, we ensure they support encryption (e.g., TLS) for sending messages. We encourage clinicians to use secure email solutions as well to receive patient data.
  • Access Controls: We restrict access to personal information to only those personnel and partners who have a legitimate need to know it in order to operate our services. For example, our technical staff may need access to the system that temporarily holds questionnaire data, but strict role-based permissions ensure they can only access what is necessary to maintain the service. We follow the “minimum necessary” principle for PHI​securitashealthcare.com – meaning we limit any exposure of patient data to the least amount needed for the task at hand. All staff members with such access are trained on confidentiality obligations and are subject to disciplinary measures if they violate privacy protocols.
  • Secure Development Practices: Our platform is built with security in mind. We employ measures such as input validation, regular software updates/patching, and secure coding practices to reduce vulnerabilities. We also perform testing (including possibly vulnerability scans or penetration tests by ourselves or security experts) to identify and fix potential weaknesses. Components of our AI avatar system that handle sensitive data are designed to process information without retaining it, adding an extra layer of security through data minimization.
  • Monitoring and Auditing: We monitor our systems for suspicious activities and have intrusion detection systems in place. Audit logs are maintained (while respecting user privacy) to trace access to sensitive systems. This helps us detect any unauthorized access or anomalies in real time. If any employee or contractor attempts to access data beyond their authorization, our monitoring would flag it for investigation.
  • Data Storage and Deletion Safeguards: As described in “Data Retention and Deletion”, we purposefully limit how long we store personal data. By deleting patient health data shortly after submission, we reduce the window of risk exposure. Our backups and archives (if any contain personal data) are secured and encrypted. We ensure that when data is deleted from primary systems, it is also removed from any secondary storage or queued for secure deletion as soon as feasible.
  • HIPAA Compliance Measures: For any health information that falls under U.S. HIPAA regulations, we implement required safeguards pursuant to the HIPAA Security Rule. This includes administrative measures (like having privacy and security policies, staff training, and incident response plans), physical measures (secure data centers, access badges, device controls), and technical measures (encryption, unique user IDs, audit controls)​securitashealthcare.com. We also have a breach notification protocol: in the unlikely event of a data breach involving PHI or personal data, we will notify affected individuals and regulators as required by HIPAA and other applicable laws.
  • GDPR and PDPL Security Compliance: Under GDPR and UAE PDPL, we are required to ensure appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. We meet these obligations by the measures described above. Additionally, we evaluate our security controls regularly to keep up with evolving threats and technologies. We maintain documentation of our data processing activities and risk assessments in line with GDPR’s accountability principle.

Despite our robust security measures, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. You can also play a part in protecting your data by keeping the one-time access code confidential and notifying us immediately if you suspect any unauthorized access to your session. If you have reason to believe that your data is not secure or has been compromised, please contact us immediately so we can investigate and resolve the issue.

International Data Transfers

Interactive Care is based in the UAE, but our services may be accessed by users around the world, including in the European Economic Area (EEA), United Kingdom, and the United States. If you are using our service from outside the UAE, be aware that your personal information may be transferred to, stored in, or processed in the UAE or other countries that may not have the same level of data protection laws as your home jurisdiction. We take steps to ensure that such international data transfers comply with applicable legal requirements and that your information remains protected.

  • Data Transfers from the EEA/UK: If you are located in the EEA or UK, we comply with the cross-border transfer provisions of the GDPR (and UK GDPR). GDPR governs the transfer of personal data outside the EU/EEA​en.wikipedia.org. When we transfer personal data from Europe to the UAE or any other country not deemed “adequate” by the European Commission, we rely on appropriate safeguards as outlined in GDPR Article 46. The primary safeguard we use is the European Commission’s Standard Contractual Clauses (SCCs) – these are contractual commitments between us and the data recipient (such as our hosting or email service providers) that legally bind them to protect your data to EU standards​dlapiperdataprotection.com. Where applicable, we’ve executed SCCs with our service providers to cover transfer of data such as analytics or cloud storage to non-EU locations. In addition, we may also rely on your explicit consent for certain transfers (especially for sensitive health data), or other exceptions permitted by GDPR, but only when strictly necessary and appropriate.
  • Data Transfers from UAE to Other Countries: UAE’s PDPL introduces requirements for transferring personal data outside the UAE, ensuring that the data receives adequate protection​dlapiperdataprotection.com. If we transfer personal data from the UAE to another country (for example, if our backup servers are located abroad, or if a clinician is in another country), we will comply with any obligations under UAE law. This may include conducting an assessment of the foreign country’s data protection level or obtaining regulatory approvals if required (noting that the PDPL’s Executive Regulations will detail these, and we will follow the latest guidelines). We treat all personal data with the same high standards, regardless of where it’s transferred.
  • Other International Access: Because our service involves emailing patient data to the clinician, the location of your clinician could determine where your data ultimately goes. For example, if your clinician is in the US and we send an email with your information to them, that constitutes a transfer of your data to the US. In such cases, we consider that transfer as part of providing the service you requested (your healthcare), and we ensure it’s done securely. If the clinician is subject to HIPAA (in the US), they will handle your information under HIPAA’s protections. For EU patients with clinicians outside the EU, we ensure that appropriate safeguards (like those mentioned above) are in place for that transfer as well.
  • Safeguards and Transparency: No matter where your data is processed, we will protect it as described in this Privacy Policy. We maintain technical protections (encryption, access control, etc.) during transit and storage internationally. We also keep transparent records of our data flows. If you have questions about the mechanisms or specific countries to which your data may be transferred, you can contact us for more information. We will gladly provide details of the safeguards we have put in place for cross-border data transfers, as permitted by confidentiality obligations.

By using Interactive Care and providing us with your information, you consent to the transfer of your personal information across international borders as needed to deliver our services. We understand that international transfers can carry risk, so we continuously monitor legal developments (such as changes in GDPR transfer rules or new UAE regulations) and will update our practices and this Policy as needed to remain compliant.

Your Rights and Choices

We respect your rights to your personal data. Depending on your jurisdiction (for example, if you are in the EU/EEA, UK, or UAE), you may have certain rights under data protection laws regarding the information we hold about you. We also strive to extend many of these rights universally to all our users, even if not mandated in every region, as part of our commitment to privacy and transparency. These rights include:

  • Right to Access: You have the right to request confirmation of whether we are processing your personal information, and if so, to access that information. We will provide you with a copy of your personal data undergoing processing, along with information about how it’s used, who it’s shared with, and how long we expect to keep it, subject to applicable law. (Note: Because we delete patient questionnaire data shortly after collection, in many cases we may no longer have your health information to provide. In such cases, we would direct you to your clinician who received the original data. We will, however, be able to confirm if a submission was processed and deleted.)
  • Right to Rectification: If any of your personal information that we hold is inaccurate or incomplete, you have the right to request that we correct or update it. For example, if you notice that we have misspelled your name or recorded the wrong contact information, you can ask us to fix it. In many scenarios, since we retain minimal data, this might apply more to a clinician’s account info or contact details. If the information in question is part of a submitted questionnaire (which we cannot alter after the fact), you may need to correct the information directly with your healthcare provider.
  • Right to Erasure: You have the right to request that we delete your personal data. This is also known as the “right to be forgotten.” We will honor such requests to the extent required by law. In contexts where we serve as a data controller, we will erase your data upon request provided that we do not have a compelling legal reason to keep it (e.g., a regulatory requirement or an ongoing legitimate business need). As noted, for patient data we largely perform automatic deletion after use. If for some reason any of your personal data remains in our systems, we will erase it upon verified request. Please be aware that we might need to retain certain information for legal compliance (for instance, audit logs or proof of consent) and will inform you if that is the case. If your data has been shared with a clinician, that clinician may have independent obligations to retain a record of your medical information, and you would need to request deletion from them separately.
  • Right to Restrict Processing: You can ask us to limit the processing of your personal information in certain circumstances. For example, if you contest the accuracy of the data or object to our processing, you can request a restriction while we address your concern. When processing is restricted, we will still store your information but not use it until the issue is resolved (except to the extent necessary, such as to secure the data or as required by law). Given our minimal retention, restriction requests may have limited applicability, but we will note your preferences and comply where feasible.
  • Right to Data Portability: For data you provided to us directly, you have the right to request a copy in a structured, commonly used, machine-readable format (for example, a JSON or CSV file), and you have the right to transmit that data to another service where technically feasible. This right applies when the processing is based on your consent or a contract with you and is carried out by automated means. If you request it, and if we still have your data, we can provide you, for instance, with a copy of your questionnaire responses in a portable format. (Often, however, your clinician will have the only copy after we delete our copy, so portability might need to be facilitated through them.)
  • Right to Object: You have the right to object to our processing of your personal information in certain situations. You can object at any time to processing of your data for direct marketing (though we currently do not perform marketing to patients). You can also object if we are processing your data based on legitimate interests or for a task in the public interest, and you have personal circumstances that make you want to object. If you raise an objection, we will consider it and stop or adjust processing unless we have compelling legitimate grounds to continue or a legal obligation. For example, you might object to our use of cookies for analytics; in that case, we will honor your objection by disabling analytics for your visits (through cookie settings).
  • Right to Withdraw Consent: In cases where we rely on your consent to process your data (such as explicit consent to process health data, or consent for optional cookies), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing that occurred before you withdrew consent, but it means we will stop the specific processing going forward. For instance, if you gave consent for us to use an AI learning tool on your de-identified health data but later change your mind, you can revoke that consent and we will cease that processing. If you withdraw consent for something essential (like the processing of your health data during the questionnaire), please understand we may not be able to continue providing that aspect of the service to you.
  • Additional Rights Under Specific Laws: If you are a resident of certain jurisdictions, you may have additional rights. For example, UAE’s PDPL provides rights very similar to GDPR (access, correction, deletion, restriction, objection to automated processing, etc.)​dlapiperdataprotection.com. Under HIPAA (for U.S. patients), you have rights to access and amend your health records via your healthcare provider, and to an accounting of disclosures. We support HIPAA rights by cooperating with your provider (the covered entity) in fulfilling those requests. If you or your provider contacts us for an accounting of any disclosures we made of your PHI, we will provide the necessary information as required by HIPAA. We will also communicate any request for correction or deletion of PHI to your provider if the data is in their possession.
  • Managing Cookies/Tracking: As described in the Cookies section, you have choices to opt out of certain data collection. You can refuse or delete cookies to prevent tracking. If we have an in-site cookie management tool, you can use that to toggle analytics cookies on or off. You can also use browser privacy settings or plug-ins to block tracking scripts. We honor such preferences in practice by not persisting data when you opt out.

Exercising Your Rights: To make any request regarding your personal data, please contact us using the information in the Contact Information section. We may need to verify your identity before fulfilling the request (to protect your privacy and ensure we’re giving effect to the right person’s wishes). For example, we might ask you to provide the access code used or other details we have on file to confirm you are the data subject or an authorized representative. We will respond to your request within a reasonable timeframe as required by law. Under GDPR, we generally have one month to respond, which can be extended if necessary (we will inform you if an extension is needed). There is typically no fee for exercising your rights, but if a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on it (as permitted by law).

If you request deletion or restrict our processing, note that some data might still reside with your healthcare provider or in backups that will be deleted later. We will inform you of the extent of any such limitations. We will also notify relevant third parties (like our processors) of your requests when required, so they can act accordingly on data they hold on our behalf.

Your Choices: In addition to formal rights, you have other choices about your personal data:

  • You may choose not to provide certain information (for example, you might skip answering some optional health questions); however, note that omitting information could affect the usefulness of the service for your care.
  • You can choose not to use the service via the online Interactive Care platform. If you prefer not to have your health information handled by our system, ask your clinician about alternative methods to provide your information (such as an in-person visit or a phone call).
  • If we send any non-essential communications (like a feedback survey or newsletters to clinicians), you can opt out by following the unsubscribe instructions in those messages or contacting us to be removed from the mailing list.

We want you to feel in control of your data. Interactive Care upholds the rights of individuals to access, correct, and control their personal information as provided by global data protection standards​dlapiperdataprotection.com. If you have any questions or concerns about your rights or how to exercise them, please reach out to us.

Children’s Privacy

Protecting the privacy of children is especially important in healthcare. Our services are not directed to children under the age of 13, and we do not knowingly collect personal information from anyone under 13 without verifiable parental consent. If you are under 13, please do not use Interactive Care or submit any personal data through our website or service.

For minors above 13 but under the age of majority (e.g., under 18 in most jurisdictions), Interactive Care should be used with the involvement of a parent or legal guardian or through a healthcare provider. In many cases, a parent or guardian, or the clinician, will facilitate the use of our service for younger patients (for example, a parent might receive the access code and help the child answer the health questions). We consider the clinician or guardian to be providing consent for processing the child’s data in these cases, as required by law. For instance, in the EU, if a child is under 16 (or a lower age as set by member state law, but not below 13), processing of their personal data in the context of online services requires parental consent, and we rely on the healthcare provider or parent to obtain and represent that consent.

If we learn that we have inadvertently collected personal information from a child under 13 (or equivalent minimum age in the relevant jurisdiction) without appropriate consent, we will take immediate steps to delete that information from our records. If you believe that a child under 13 may have provided us personal data without parental consent, please contact us so we can investigate and delete the data as necessary.

We encourage parents and guardians to be aware of and monitor the online activities of their children, especially when it involves providing personal information. Interactive Care is intended to be used as a tool under the guidance of healthcare professionals, and any pediatric use should be overseen by adults. We will gladly work with parents or guardians to address any concerns about children’s privacy.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated Privacy Policy on our website and update the “Last Updated” date at the top of the policy. If the changes are significant, we may provide a more prominent notice or seek your consent as required by law. For example, we might display a notice on our homepage or send an email to clinicians if we have their contact information, to inform about material changes.

Your continued use of Interactive Care after any changes to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If we make a change that materially affects how we handle personal data, we will not apply it retroactively to data collected under a previous version of the policy without obtaining any required consent.

In case we ever merge with or are acquired by another company, or if we launch a new product feature that affects how your data is used, those events may also trigger an update to this policy. Rest assured, we will maintain at least the same level of privacy protection for your information under any new policy as is described here, unless and until you consent to a new standard.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us. We are committed to resolving your inquiries and upholding your privacy rights.

Contact Us at:

Data Protection Officer (DPO): If we are required by law to appoint a Data Protection Officer (for example, under GDPR due to the nature of our processing of health data), you may also contact our DPO at [email protected]. [If not applicable, this line can be removed.]

We will respond to inquiries as promptly as possible, generally within one business week. If you contact us to exercise a privacy right, we may request additional information to verify your identity.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you may have the right to lodge a complaint with a supervisory authority or regulator. For EU residents, this would be your country’s Data Protection Authority. For UK residents, the Information Commissioner’s Office (ICO) is the supervisory authority. UAE residents can reach out to the UAE Data Office or relevant authority once the regulations are fully in force. US residents concerned about a potential violation of HIPAA can contact the U.S. Department of Health & Human Services’ Office for Civil Rights. We would, however, appreciate the chance to address your concerns directly first.

Thank you for trusting Interactive Care with your health information. We are dedicated to safeguarding your data and privacy while providing you with effective virtual healthcare services.