Noti
Privacy Policy
Last Updated: December 1, 2024
This Privacy Policy describes the Personal Information [Company Name] (“Company,” “we,” “us,” or “our”) collects from users of our contact tracing mobile application (“Services”). It also describes how and to whom we disclose the Personal Information entered into the Services.
Please read this Privacy Policy carefully before accessing and using the Services to understand our policies and procedures regarding your Personal Information and how we will treat it.
The Services are not designed or intended to collect, create, or store Protected Health Information under the Health Insurance Portability and Accountability Act (HIPAA). The Services do not collect or store any Personal Information that can be used to contact you or to associate any information processed through the Services with you. We cannot control the information that you send us, whether through email or any other communication method on the Services and ask that you do not send us any Personal Information or Protected Health Information. If you do so, such information will be immediately and permanently deleted from the Services, including our servers and any other location or database where such information may be stored.
If you believe that we have received access to your Protected Health Information, you may contact us at contact@notillc.co
By downloading and using the Services, you agree to our collection and disclosure of your Personal Information as outlined below.
Updates
We reserve the right to modify this Privacy Policy anytime by posting an updated Privacy Policy on the Services. If we make changes, we will notify you by revising the date at the top of the policy. If we make any material changes, we may provide you with a notice on the Services, and we may also, at our sole discretion, provide Users with an email notification of those changes. You are responsible for regularly reviewing this Privacy Policy, and your continued use of the Services after we make changes is deemed to be acceptance of the updated Privacy Policy. If any modification is unacceptable, you shall cease using the Services. If you have any questions about this Privacy Policy or if you wish to exercise any of your rights under this Privacy Policy, you may contact us at contact@notillc.co
IMPORTANT INFORMATION REGARDING YOUR PERSONAL INFORMATION
Overview
The Services are intended to help prevent the spread of sexually transmitted infections (STIs). It does this by allowing users of our Services (“user,” “you,” or “your”) to voluntarily log their activities, umm, activities that may be impacted by STIs. For the sake of this Privacy Policy, we’ll call those activities generally “Encounter.”
Just like those activities, the Services take two to tango. Two (or more) users may choose to share their Encounters through the Services by scanning each other’s unique QR code provided through the Services. If a user is diagnosed with or otherwise believes they may have an STI, they have the option of self-reporting the STI on the Services (“Exposure”). If they do so, a notification is sent to the other user(s) with whom they had an Encounter during the relevant exposure period.
The Services do not store user Personal Information, and we, therefore, have no way of identifying either the user reporting the STI, or the user(s) who had an Encounter with them. We cannot guarantee that any user notified about the self-reported STI won’t, through the process of elimination or otherwise, be able to figure out who the other user is.
Collection
Unique User ID
When you access the Services, the Services use an application programming interface (API) that verifies your AppleID or GoogleID has a valid subscription to the Services. When this occurs, a Unique User ID is created on our servers, but we do not receive your AppleID or GoogleID, and your Unique User ID cannot be used by us to associate you with your Apple/GoogleID.
Contact Information
First and last name, email address, and telephone number only if you provide it to us when contacting us by email
Encounter Information
The date (day, month, and year only) two or more users report an Encounter.
Exposure Information
Self-reported STIs, the type of STI (for suggesting exposure periods), and the estimated exposure period.
Information About Minors
The Services are intended for individuals 18 or older. We do not knowingly collect information from children under 18.
Device Information
We may access and receive information that you provide us access to, such as your phone’s camera. Additionally, we may receive access to notifications, alerts, and other information from your device notification center when you provide access to such information to the Services on your mobile device.
Communication Information
Any content of any communications you send and/or receive through the Services or through other communication, such as email, to or from us.
Customer Testimonials
Any customer testimonials and comments on the Services, our website, the Apple App Store, and the Google Play Store, which you provide us through consent
Feedback and Support
Information you provide through our customer service helpdesk, including subjects, descriptions, request type, and attachments.
Use
Unique User ID
To determine whether you have an applicable subscription to the Services. This is handled on your mobile device, and the Services only tracks a successful identification between your Unique User ID and your AppleID or GoogleID through an API. The Services do not access or store your AppleID or GoogleID directly. Your Unique User ID may be used by you to sign back into the Services if you replace your mobile device.
Contact Information
Contact information, if any, only if you have contacted us through the Services or separately via email or another communication method.
Encounter Information
To notify other users anonymously about an Exposure.
Exposure Information
Users reporting an STI will self-report this information, which triggers a notification through the Services. The notification does not identify the user, the type of STI, or any other identifiable information.
Information About Minors
We do not knowingly use Personal Information about minors.
Sharing
Other Users
We share your self-reported Exposure Information anonymously with the user(s) with whom you had a relevant Encounter.
Service Providers
We may share your Personal Information with service providers, contractors, and other third parties we use to support our business, and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purpose we disclose it to them.
Business Transfers
We may share or transfer Personal Information we store in relation to a merger, sale, financing, or acquisition of all or a portion of our business to another person or entity.
As Aggregated Information
We may disclose aggregated information about our users that does not identify any individual to our business partners or any other third party.
Legal Compliance
We may disclose your Personal Information to comply with applicable laws, a court order, or legal processes and to protect our legal rights.
With Your Consent
We may disclose your Personal Information for any other purpose with your consent.
Protection
All Personal Information
We use commercially reasonable technical and administrative safeguards to secure Personal Information and reduce the risk of loss or misuse. Our Services use secure server software ("SSL") to encrypt all information you input before sending it to us, and our servers are encrypted.
HIPAA
We do not request or store Protected Health Information, and our Services do not (and are not intended to) comply with HIPAA.
Retention
All Personal Information
We retain your Personal Information only as long as our Services are downloaded and installed on your mobile device. We may retain your Personal Information, as reasonably required to comply with our legal obligations, including our legal agreements, regulatory compliance, and court orders.
Encounter Information
We retain Encounter Information only for as long as it is relevant, and it will be deleted from our servers no later than six months from the entry date.
Exposure Information
We retain Exposure Information only for as long as it is relevant, and it will be deleted from our servers no later than six months from the entry date.
Device Information
We may retain anonymous (de-identified) information about your use of the Services for statistical and analytics purposes, but we do not retain your Personal Information or any information that may be used to re-identify statistical information.
Consent to Processing of Your Personal Information in the United States
Please be aware that your Personal Information may be processed by us outside of your home country, including in the United States, where data protection and privacy regulations may not offer the same level of protection as privacy laws in your country. If you create an account with us, you agree to this Privacy Policy, and you consent to the transfer of all information you provide to us in the United States.
Responsible Disclosures of Security Vulnerabilities
If you have discovered or believe that you have discovered a security vulnerability on the Services, or if you encounter any Personal Information of any other User, we request that you notify us immediately at [Company Email]. If you are conducting any security test of the Services and encounter any sensitive data (including financial information, proprietary information, or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else. We will use commercially reasonable efforts to identify, investigate, and remedy any potential security vulnerabilities with the Services within a reasonable timeframe upon our notification. If we believe that a security vulnerability does or could exist, we reserve the right to limit access to the Services and to require you to update your password or the account that you use to access the Services or take any additional security measures before the Services may be accessed.
Third-Party Websites
We may provide links to third-party websites on the Services, but this Privacy Policy does not apply when you access third party websites directly from the Services. Please note that we have no control or responsibility over their data collection, use, or disclosure practices. You will be subject to their privacy policies when you click on links that take you to external websites. If you access and transmit information to third-party websites, you do so at your own risk. You should carefully review the privacy policy of any third-party website you visit before using it or disclosing your Personal Information to its provider.
Supplemental Notice to California Residents
Californian users of the Services may have additional rights under California Privacy Laws (defined below).
Additional Definitions Applicable to California Privacy Laws:
“CCPA” or “California Consumer Privacy Act” means California Civil Code § 1798.100 et seq.
"Consumer," "Business," "Sell," and "Service Provider" will have the meanings given to them in the CCPA.
California Consumer Privacy Act ("CCPA")
If the processing of your Personal Information is subject to the CCPA, you have the right to:
Request us to disclose the categories and specific pieces of Personal Information we collect, use, disclose, and sell;
Know the categories of Personal Information that we collect and the purposes for which we collected or used such Personal Information and whether that information is sold or shared;
Know the categories of sources from which the Personal Information was collected;
Know the categories of third parties with whom we shared or to whom we sell your Personal Information;
Know whether we collected or sold your Personal Information for business or commercial purposes;
Request deletion of Personal Information we collected from you, subject to certain exceptions;
Opt-out of the sale of their Personal Information; and
Not receive discriminatory treatment by us for exercising their rights set out in the CCPA.
Categories of Personal Information Collected by Us
For information about what categories of Personal Information we may collect from our Services Users in the twelve (12) months preceding the date this Privacy Policy was last modified, the sources of such information, the purposes for collecting and using that information and what types of third-party Service Provider we may share that information with please see the table above.
Do Not Sell My Personal Information
As a California consumer, you have the right to opt out of the sale of your Personal Information. To make such a request, contact us at contact@notillc.co
In the past 12 months, we have not sold your Personal Information.
Minors
Our Services are intended for individuals 18 or older. If you are under 18, you have the right to request and obtain the removal of content or information you have publicly posted under the California Business and Professions Code Section 22581. Be aware that your request does not guarantee the complete or comprehensive removal of content or information posted online, as the law may not permit or require removal in certain circumstances.
Do Not Track Features
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting your web browser's preferences or settings page. However, at this stage, there is no uniform technology standard for recognizing and implementing DNT signals. As such, we do not currently respond to or support DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.
California’s Shine the Light Law
Under California's Shine the Light Law, California Consumers may request the type of Personal Information we disclose to third parties for their direct marketing purposes and a list of those third parties (if any).
We have not disclosed Personal Information to third parties for direct marketing purposes.
To make any requests regarding your California Privacy Rights, contact us at contact@notillc.co
Supplemental Notice To Individuals that Reside In the European Economic Area
Users of the Services who are residents of the European Economic Area (EEA) may have additional rights afforded to them under the EU General Data Protection Regulation (GDPR) and European Union Member States, including the United Kingdom and Switzerland.
Making a request in relation to your Personal Information
The GDPR gives EEA consumers various rights with respect to the Personal Information we collect, including the right to (subject to certain limitations):
Request copies of your Personal Information;
Access, update or delete the Personal Information we have on you;
Request that we correct any information you believe is inaccurate, or request us to complete information you believe is incomplete;
Request erasure of your Personal Information that we have collected, under certain conditions;
Request that we restrict the processing of your Personal Information, under certain conditions;
Object to processing of your Personal Information, under certain conditions;
Request that we transfer the data we have collected to another organization, or directly to you, under certain conditions;
Withdraw consent at any time where we are relying on consent to process your Personal Information.
Please note that we may ask you to verify your identity before responding to such requests. You will not have to pay a fee to access your Personal Information or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact your local Data Protection Authority about our collection and use of your Personal Information.
Legal Basis for Processing
We need a lawful basis to collect, use, and disclose your Personal Information as a controller. Our lawful basis will depend on the information concerned and the context in which it is processed. Generally, we rely on the following lawful basis for processing Personal Information:
We need to perform a contract with you;
You have given us permission to do so;
The processing is in our legitimate interest, and it is not overridden by your rights;
For payment processing purposes;
To comply with the law.
By creating an account and/or by accessing and using the Services, you are agreeing to this Privacy Policy (collectively, “Contracts”). You acknowledge and agree that we may rely upon these Contracts as a legal basis for processing your Personal Information.
Transfers of Personal Information
WE ARE LOCATED IN THE UNITED STATES, AND ANY PERSONAL INFORMATION YOU SUBMIT TO THE SERVICES WILL BE PROCESSED IN THE UNITED STATES. THE SERVICES ARE INTENDED FOR USERS IN THE UNITED STATES ONLY, AND IF YOU ARE LOCATED OUTSIDE OF THE UNITED STATES, PLEASE DO NOT USE THE SERVICES. IF YOU ARE LOCATED OUTSIDE OF THE UNITED STATES AND USE OUR SERVICES, YOU CONSENT TO OUR TRANSFER AND PROCESSING OF YOUR PERSONAL INFORMATION IN THE UNITED STATES.
Contact Information
If you have any questions or complaints about this Privacy Policy or our handling of your Personal Information, please contact us at contact@notillc.co