IDENTIFEYE HEALTH INC. PRIVACY POLICY

Last Updated: 03/18/25

At identifeye HEALTH Inc. (“identifeye”, “us”, “we” or “our”), maintaining the trust of our users is of the utmost importance to us. We have developed this Privacy Policy (this “Policy”) to explain how we collect, process, use, and share information about our users. 

Please read the Policy carefully to understand our practices regarding our collection and use of your personal information and how it will be treated. 

By visiting the Site, accessing or using the Services, or interacting with any aspect of our business, you accept the terms of this Policy and expressly consent to our collection, use, and disclosure of data, including Personal Data, provided to or otherwise received by us for the purposes and in the manner described in this Policy and the applicable Customer Agreement.

If you have any questions regarding our privacy practices or this Policy, please contact us using the contact details given below.

  1. Applicability of this Privacy Policy

This Policy applies to our website located at https://www.identifeye.health/ (the “Site”), use of our products and services, including the identifeye Camera, online identifeye Portal, and any other technology supplied by us (collectively, the “Services”), and any other interactions (e.g., customer support inquiries, etc.) you may have with us.

This Policy does not apply to any third-party applications or technology that integrate with the Services or to any other third-party products, services, or businesses (“Third-Party Services”). While using the Services, you may be directed to a third-party website via links or other references, which may take you to that third-party website (“Third-Party Websites”). This Policy does not apply to you or any other data collected from or provided by you to Third Party Websites. You should review such Third-Party Services’ or Third-Party Websites’ privacy policy (and such other terms and conditions) to determine how your data will be used before sharing any Personal Data.

  1. Who Are “You”?

This Policy describes how we use “your” information. To understand which of our uses of information are actually applicable to you and your information see the following useful definitions.

You may be a:

  • Customer – an entity, or person representing an entity that has an agreement in place with identifeye HEALTH Inc. (“Customer Agreement”) under which we provide you the Services.
  • End User – a person with a user account through one of our Customers.
  • Visitor – a person who is visiting our Site or has expressed an interest in our products or services by filling in a contact form or sign-up sheet in relation to an event or webinar or has had conversations about our products with our sales team and provided them with information.
  • Patient – a patient of one of our Customers (please see the patient paragraph below)

Your use of the Services may be subject to our Customer’s (e.g., your employer’s) policies, if any. If you have any questions about your specific settings and privacy practices, please contact the Customer with whom you have a direct relationship and whose account you use. We are not responsible for the privacy or security practices of our Customers, which may differ from those set forth in this Policy.

Patients – If you are a patient of a Customer:

In general, our Services are intended for use by Customers. As a result, we act as a data processor with respect to any patient personal information we collect and process through the Services. This means that our Customers control what patient personal information we collect through the Services and how we use it. If you are a patient of one of our Customers and have privacy-related questions or concerns, you should contact the relevant Customer or review their privacy policy where applicable.

We are not responsible for the privacy or security practices of our Customers, which may differ from those set out in this Policy.

  1. Data We Collect and Receive

Sometimes you provide us with data and sometimes data about you is collected automatically. To the extent data is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection laws, it is referred to in this Policy as “Personal Data.” You acknowledge and agree we may collect, process, store, access, and disclose Personal Data disclosed by you or our Customer (e.g., your employer) to facilitate the provision of Services and related support for the Services in the manner described in this Policy and the Customer Agreement.

  1. Customer Data 

Customers and End Users routinely submit data to identifeye when using the Services (“Customer Data”). Customer Data is governed by the Customer Agreement. Customer Data may include Account Information, Sync Data, or any Customer Data otherwise defined in the Customer Agreement. This Policy does not apply to any products, services, websites, or content that are offered by our Customers.

If you have any questions about your Personal Data with respect to Customer Data, please contact the Customer with whom you have a direct relationship.

  • Account Information. To create or update an End User account for the Services, you or our Customer (e.g., your employer) may provide us with data about you and your employment, such as:
    • Customer Name (e.g., your employer)
    • Employee ID
    • Name
    • Preferred Name
    • Email Address
    • Date of Birth 
    • Employment Status (e.g., Active/Inactive)
    • Job Title 
    • Job Location 
    • Division Name
    • Department Name
    • Password
    • IP Address
    • any other applicable Personal Data that may identify you individually

Our Customer is responsible for the management of your account on our Site or Services. If you have any questions or concerns regarding our use or collection of your Personal Data, or if you wish to make a request to exercise your rights as a data subject or a consumer (as explained below), please reach out to our Customer (e.g., your employer) as they are best placed to assist you.

  • Sync Data. We make tools available to integrate data from Third-Party Services used by Customer into the Services (“Sync Data”). When the Services are integrated with a Third-Party Service for Sync Data, we will receive all data selected by the Customer to sync with the Services. Sync Data is imported into the Services as either Account Information, Hosted Data, or such other Customer Data. 
  1. Other Information

We may collect other information (“Other Information”) from Customers and End Users related to their usage of the Services and interactions with us. Other Information may include Metadata, Log Data, Technical Data, Cookie Data, Third-Party Services, and Additional Information Provided to identifeye. If you have any questions about your Personal Data with respect to Other Information, please contact us at privacy@identifeye.health

  • Metadata. When an End User interacts with the Services, metadata is generated that provides additional context about the Services and the way End Users use the Services (“Metadata”). We collect aggregated or de-identified Metadata of the Services, so that the resulting data and statistics are not reasonably personally identifiable to any individual End User.
  • Log Data. Like most websites and web-based technology services, our servers automatically collect data when you access or use our Site or the Services and record it in log files (“Log Data”). The Log Data may include your Internet Protocol (IP) address, Internet service provider (ISP), browser type and settings, information about browser plugins, language preference, default email application, referring/exit websites, operating system, date and time stamp, cookie data, and certain user activities. 
  • Technical Data. We collect technical data, such as information about devices accessing the Services, including the type of device, device settings, operating system, application software, peripherals, and unique device identifiers (“Technical Data”). We do not collect Personal Data with any Technical Data or relate any Technical Data to any individual End User. 
  • Cookie Information. We use cookies and similar technologies in our Site and Services that help us collect Other Information. The Site and Services may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Site and Services. Cookies are small text files sent by us to your computer or mobile device for later retrieval. They are unique to your End User account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. We use both session-based and persistent cookies to help with authentication, security, identifying your preferences, analytics, and otherwise monitoring the functionality and performance of the Services. We and certain Third-Party Service Providers, which may include, but is not limited to, Google and Meta, may also use cookies to inform, optimize, and serve advertisements based on your past visits to our Site. 

If you do not wish to have cookies placed on your computer or in local storage, you may adjust your web browser settings accordingly. Most browsers are initially set to accept cookies. If you prefer, you can set your browser to block cookies or to alert you when cookies are sent. However, restricting cookies may impede your ability to use the Site or certain features of the Services. 

By continuing to browse our Site, you are agreeing to our use of cookies.

  • Third Party Services. Customers may choose to permit or restrict integrations with Third-Party Services. Once enabled, the enabled Third-Party Services may share certain data with identifeye to effectuate the integration. You should check the privacy settings and notices of these Third-Party Services to understand what data may be disclosed to us. When the Services are integrated with Third-Party Services to enhance the Services (e.g., Slack, Gmail, etc.), we may receive data regarding your credentials for and use of the applicable Third-Party Services, such as your user name, your unique identifier, and your information transmitted from or made available with permissions by such Third-Party Services (e.g., account profile, gender, age range, language, geographic region, etc.). When the Services are integrated with Third-Party Services for the login and authentication process (e.g., Google Sign-In, OneLogin, ADFS, and many other SAML 2.0 compatible services) and an Authorized User logs in to the Services using a Third Party Services authenticator, we may receive data regarding your credentials for the applicable Third Party Services, such as your log-in, your user name, your email, your unique identifier, profile picture, and your information transmitted from or made available with permissions by such Third-Party Services (e.g. account profile, gender, age range, language, geographic region, etc.).
  • Additional Information Provided to identifeye. We receive data when submitted to our Site or through our Services, or if you contact us (e.g., by email, telephone calls, written correspondence, web-based forms, or otherwise), request support, apply for or take a job with us, contract with us, interact with our social media accounts, or otherwise communicate with identifeye. 
  1. Sensitive Personal Data

We do not intentionally collect Sensitive Personal Data. We are not responsible and will not be liable for any loss or damages you may experience due to your disclosure of Sensitive Personal Data while using the Services. “Sensitive Personal Data” includes, but is not limited to, government-issued identification numbers; financial account numbers; credit or debit card numbers; consumer reports; background checks; any code or password that could be used to gain access to personal accounts; genetic data or biometric data; any Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; or data concerning health or sex life or sexual orientation. 

  1. No Children’s Data

Except for as required by law and otherwise specified on our product labeling, our business activities are directed to other businesses and the Services are intended for use only by those who are 18 years of age and over. The Services are not directed to or intended for use by children, and we do not intentionally collect, process, or store any Personal Data from any person under 13 years of age. In the event we discover we have inadvertently collected, processed, or stored any Personal Data from a person under 13 years of age, we will promptly take the appropriate steps to delete such data or seek the necessary verifiable parental consent for that collection in compliance with the Children’s Online Privacy Protection Act (“COPPA”).

  1. How and Why We Use Data

Customer Data will be used by identifeye in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Customer may, for example, use the Services to grant and remove access, create End Users accounts, assign roles and configure settings, access, modify, share, restrict, export, and remove Customer Data and otherwise apply its own policies to the Services.

Other Information will be used by identifeye in furtherance of our legitimate interests in operating our business and providing the Site and Services, to perform contractual obligations, and/or pursuant to your express consent for a specific purpose. Specifically, identifeye may use Other Information for these purposes and legal bases:

  • Providing the Site and Services. To make the Site available and support delivery of the Services under a Customer Agreement, manage End Users’ requests interacting with the Services (e.g., login and authentication, remembering settings, etc.), hosting and back-end infrastructure, analyze and monitor usage, monitor and address service performance, security, and technical issues.
  • Improving the Site and Services. To test features, interact with feedback platforms and questionnaires, manage landing pages, heat mapping, traffic optimization, data analysis and research.
  • Support Services. To respond to support requests via live chat, phone, or email and otherwise provide support for and resolve problems with the Services.
  • Communications. To send service, technical, and administrative emails, messages, and other communications. Service-related communications about changes to the Services and important Services-related notices, such as maintenance and security announcements, are essential to delivery of the Services and you cannot opt-out. Marketing communications about new product features, service offerings, and other news about identifeye are optional and you have the choice whether or not to receive them.
  • Account Management. To contact for billing, account management, feedback, and other administrative matters.
  • Security Purposes. To help prevent and investigate security issues and abuse.
  • Legal Obligations. To comply with legal obligations as required by applicable law, legal process, or regulations.
  1. How We Share and Disclose Data

Except as described in this Policy or the applicable Customer Agreement, identifeye will not use or disclose your Personal Data for any purpose other than to the extent necessary to perform the Services and related support for the Services, unless you expressly consent to any other use or disclosure. We may share and disclose data with respect to:

  • Customer’s Instructions. We will share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of the Services functionality, and as required by applicable law. 
  • Customer Access. Account administrators, End Users, and other Customer representatives and personnel may be able to access, modify, or restrict access to your data. For example, our Customer (e.g., your employer) may use the Services administrative controls and features to access or modify your account details or view certain activities in their Customer account.
  • Displaying the Services. When an End User submits data on the Services, it may be displayed to the Customer and other End Users on the same account. For example, an End User’s name, job title, and work email address, among other things, may be displayed with their profile accessible to the Customer and other End Users in the same Customer account. You are solely responsible for all data you post, upload, store, display, transmit, or submit on the Services, including Personal Data, and the consequences thereof. We are not responsible and will not be liable for the data disclosed on the Services.
  • Rendering the Services. Our employees and contractors may have access to your data on a need to know and confidential basis to the extent necessary to render the Services and related support for the Services.
  • Third-Party Service Providers. We engage third parties to host and process data in support of delivering of the Services (“Third-Party Service Providers”). We may share your data, including Personal Data, with Third-Party Service Providers (e.g., email services, platform hosting, cloud computing services, data storage and processing facilities) to the limited extent necessary to let them perform business functions and services for us or on our behalf in connection with the provision of the Services, provided that such Third-Party Service Providers process data in a manner consistent with this Policy and applicable data protection laws and will not use or disclose Personal Data for any other purpose. 
  • Third-Party Services. Customer may enable or permit integrations with or use of Third-Party Services in connection with the Services. When enabled, identifeye may share certain data with such Third-Party Services as requested to effectuate the integration. Third-Party Services are not owned or controlled by identifeye and third parties that have been granted access to your data may have their own policies and practices for its collection and use. You should check the privacy settings and notices of these Third-Party Services to understand their privacy practices.
  • Changes to Our Business. If identifeye engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of its assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g., due diligence), we may share or disclose data in connection therewith, subject to standard confidentiality obligations.
  • Aggregated or De-identified Data. If any data is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use or disclose such aggregated or de-identified data for any purpose. For example, we may share aggregated or de-identified data with prospects or partners for business or research purposes, such as statistical analysis, to research trends and predictive analysis, or to develop or improve the Services.
  • Enforcement of Agreements. We may disclose data to ensure compliance with and enforce Customer Agreements and any other contractual or legal obligations with respect to the Services and our business.
  • Protection of Rights. We may disclose data to protect and defend our rights and property, including intellectual property rights, and to ensure compliance with applicable laws and enforce third party rights, including intellectual property and privacy rights.
  • Legal Compliance. If we are compelled by law, such as to comply with a subpoena, court order, or other lawful process, or in response to a lawful request by public authorities to meet national security or law enforcement requirements, we may disclose data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation, or legal process.
  • Safety and Security. We may disclose data to protect your safety and security; to protect the safety, security, and property of Customers; and to protect the safety, security, and property of identifeye and our employees, agents, representatives, and contractors.
  • Your Consent. We may disclose your data to third parties when we have your express consent to do so.
  1. Retention

We will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of the Services functionality, and as required or permitted by applicable law. We may retain Other Information and any data pertaining to you, including Personal Data, for as long as your End User account is active and thereafter for as long as necessary for the purposes described in this Policy, including for the period of time needed to pursue our legitimate business interests, provide our Customer (e.g., your employer) with the Services, conduct audits, resolve disputes, comply with contractual obligations (including but not limited to Customer Agreements), and comply with (and demonstrate compliance with) legal obligations. After expiration of the applicable retention periods, we will either delete or anonymize your Personal Data or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your Personal Data.

  1. Security Measures

We maintain security measures designed to safeguard and secure the data we collect. Despite these safeguards, no data transmission over the Internet is guaranteed to be 100% secure, and we cannot guarantee that unauthorized access, hacking, data losses, or other breaches will never occur.

Please remember:

  • You provide Personal Data at your own risk.
  • You are responsible for safeguarding your End User account and password.
  • If you believe your privacy has been breached, please contact us immediately at privacy@identifeye.health
  1. Identifying the Data Controller and Data Processor

Data protection laws in certain jurisdictions differentiate between the “controller” and “processor” of data. In general, Customer is the controller of Customer Data. In general, identifeye is the processor of Customer Data and the controller of Other Information. 

  1. International Data Transfers

We primarily process and store data in connection with the Services in the United States. However, the Services are global and all data, including Personal Data, may be processed, and stored in any country where we have operations or where we engage Third-Party Service Providers. We may transfer data, including Personal Data, to countries outside of your country of residence, which may have data protection laws that are different from those of your country. We will take measures to ensure that your Personal Data remains protected to the standards described in this Policy and any such transfers comply with applicable data protection laws. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data. 

  1. Your Rights

Where we are acting as a data controller, and depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you.

  • When applicable, you can access, correct, update and delete your Personal Data by emailing us at privacy@identifeye.health. If you are an End User, you can also do this by signing in to your account and editing your information as desired. If you are an End User and you seek to access, correct, update, or delete Personal Data held or processed by us on behalf of a Customer, you should direct your inquiry to our Customer (e.g., your employer). Upon receipt of a request from one of our Customers for us to remove the data, we will respond to their request in a timely manner.
  • You can opt out of receiving marketing emails from us by following the unsubscribe link in the emails. If you choose to no longer receive marketing information, we may still communicate with you regarding such things as your security updates, product functionality, responses to service requests, or other transactional, non-marketing purposes.
  • You have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.
  1. Additional Rights for Europe  

Individuals located in the European Union, the European Economic Area and/or their member states, Switzerland, and the United Kingdom, have certain statutory rights under the General Data Protection Regulation (“GDPR”). To the extent that our processing of your Personal Data is subject to the GDPR, identifeye relies on its legitimate interests set forth in this Policy to process your Personal Data. If you are located in the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom, you may have the right to exercise additional rights available to you under the GDPR, including:

  • Right to Erasure (aka Right to be Forgotten”). You may have a broader right to erasure of Personal Data that we hold about you, such as, for example, if it is no longer necessary in relation to the purposes for which it was originally collected or we do not have a legal reason to continue to process and hold it. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions, or to comply with our legal obligations.
  • Right to Restrict Processing. You may have the right to request that we restrict processing of your Personal Data in certain circumstances (e.g., where you believe that the Personal Data we hold about you is inaccurate or unlawfully held). We may be permitted to store the data but not further process it. We may need to keep just enough data to make sure we respect your request in the future.
  • Right to Data Portability. You may have the right to be provided with your Personal Data in a structured, machine readable and commonly used format and to request that we transfer the data to another data controller without effecting the usability of the data.
  • Right to Object to Processing. You may have the right to request that we stop processing your Personal Data, such as for the purpose of direct marketing, scientific and historical research, or for a task in the public interest.
  • Right to Lodge a Complaint. You may also have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority.

When offering Services to its Customers, identifeye acts as a “processor” under the GDPR, and our receipt and collection of any Personal Data is completed on behalf of our Customers in order for us to provide the Services. Please direct any data subject requests under the GDPR to the Customer with whom you have a direct relationship and whose account you use. 

For any other requests related to your applicable rights under the GDPR, please contact us at privacy@identifeye.health. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request. 

  1. Additional Rights for California

California residents may have certain statutory rights under the California Consumer Privacy Act (“CPA”) regarding their personal information (as defined by the CCPA). To the extent that our processing of your Personal Data is subject to the CCPA, if you reside in California, you may have the right to exercise additional rights available to you under the CCPA, including:

  • Right to Opt-out. You may have the right to opt out of an organization selling your information to third parties. We do not sell information to third parties at this time, but should this change, we would update this Policy to provide further information on our practices and the exercising of this right. 
  • Right of Notice. You may have the right to be notified of which personal information we are collecting from you, the reasons why, and how it would be used. This Policy provides you with this information. 
  • Right of Disclosure. You may have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. 
  • Right of Deletion. You may have the right to request that we delete any personal information we have collected from you in the last 12 months, in certain circumstances.

You may only make a request to exercise your rights of disclosure once within a twelve (12) month period.

We will not discriminate against you for exercising your rights under the CCPA. Specifically, if you exercise your rights, we will not deny you services, charge you different prices for services, or provide you a different level or quality of services.

When offering Services to its Customers, identifeye acts as a “service provider” under the CCPA and our receipt and collection of any consumer personal information is completed on behalf of our Customers in order for us to provide the Services. Please direct any requests to exercise your rights under the CCPA to the Customer with whom you have a direct relationship. 

For any other requests related to your rights under the CCPA, please contact us at privacy@identifeye.health. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

  1. Enforcement

If you believe there has been a violation of this Policy or applicable data protection laws, please contact us immediately at privacy@identifeye.health.

  1. Changes to this Privacy Policy

We may change, modify, or update this Policy from time to time, in whole or in part, in our sole discretion, at any time without prior notice by posting updated versions on the Site. When we do, we will revise the “last updated” date on this page. If and when we make material changes, we will use commercially reasonable efforts to notify you by email, through the Services, or by posting a prominent notice on our Site. We encourage you to visit this page at https://www.identifeye.health/privacy-policy to stay informed on our privacy practices and review our most current Policy. Any changes, modifications, or updates to this Policy will become effective immediately upon such posting. Your continued use of the Services constitutes your agreement to be bound by such changes to this Policy. If you disagree with the changes to this Policy, your only remedy is to discontinue use of the Services and deactivate your account. 

  1. Contact Us

We encourage you to contact us with any questions, complaints, or requests with respect to your Personal Data, this Privacy Policy, and/or our privacy practices.

You may contact us at:
Email: privacy@identifeye.health

identifeye HEALTH Inc.
530 Old Whitfield St.
Guilford, CT 06437

PLATFORM
Platform
AI Toolkit
COMPANY
Careers
Contact
Team
CLINICAL
Learn
LEGAL
Privacy Policy
Terms of Service
The identifeye Camera and AI Toolkit are not yet available for sale in the U.S.
© identifeye HEALTH