Privacy Policy

Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. Introduction and Scope

Cloud Security Web LLC ("Company," "we," "our," or "us"), operating as Echopad AI, provides cutting-edge healthcare artificial intelligence services and software solutions. This Privacy Policy governs all information collection, processing, use, disclosure, retention, and protection practices related to our website, platform, applications, services, and all associated products (collectively, the "Services").

Important Legal Notice: This Privacy Policy forms an integral part of our Terms of Service and must be read in conjunction with all other policies, agreements, and legal documents governing your use of our Services. Your use of our Services constitutes your acceptance of all our policies without limitation or qualification.

2. Information Collection

2.1 Information You Voluntarily Provide

When you interact with our Services, we collect and retain all information you provide to us, including but not limited to:

• Contact and Account Information: Full legal name, email addresses, telephone numbers, physical mailing addresses, job titles, organizational affiliations, professional credentials, and any other identifying information you provide
• Technical and System Information: EHR system details, IT infrastructure information, software versions, network configurations, and technical specifications
• Business Information: Company size, number of providers, patient volume, specialty areas, operational workflows, and business metrics
• Communication Content: All messages, inquiries, feedback, support requests, survey responses, and any other communications you send to us
• Professional Data: Professional licenses, certifications, employment history, and credentials
• Financial Information: Billing details, payment information, transaction history, and related financial data

Consent and Authorization: By providing any information to us, you grant Cloud Security Web LLC a perpetual, irrevocable, worldwide, royalty-free license to use, process, store, and analyze such information for any legitimate business purpose.

2.2 Protected Health Information (PHI)

For healthcare customers operating under Business Associate Agreements (BAA), we may process, store, and analyze PHI as necessary to provide our Services. All PHI handling complies with HIPAA Privacy, Security, and Breach Notification Rules. However, you acknowledge and agree that:

• You, as the covered entity or business associate, bear primary responsibility for ensuring HIPAA compliance in your use of our Services
• We process PHI solely on your behalf and at your direction
• You are responsible for obtaining all necessary patient authorizations and consents
• You indemnify and hold harmless Cloud Security Web LLC from any claims arising from your handling or use of PHI

2.3 Automatically Collected Information

We automatically collect extensive technical and usage data when you access or use our Services:

• Device Data: Device identifiers, hardware models, operating system versions, browser types and versions, device settings, and unique device tokens
• Usage Analytics: Pages viewed, features accessed, time spent, click patterns, navigation paths, session duration, frequency of use, and interaction sequences
• Network Information: IP addresses, internet service provider, geographic location data (including GPS coordinates if permitted), network connection type, and bandwidth usage
• Log Files: Comprehensive server logs including timestamps, error reports, system events, and debugging information
• Performance Metrics: Response times, loading speeds, error rates, and system performance indicators
• Cookies and Tracking: All cookie data, web beacons, pixel tags, local storage data, and similar tracking technologies

Automatic Collection: This data collection occurs automatically and continuously whenever you interact with our Services, regardless of whether you have created an account or are merely visiting our website.

3. How We Use Your Information

Cloud Security Web LLC reserves the right to use all collected information for any lawful business purpose, including without limitation:

3.1 Service Provision and Improvement

• Providing, maintaining, improving, and enhancing all aspects of our Services
• Developing new features, products, and service offerings
• Personalizing and customizing your user experience
• Processing transactions and managing accounts
• Providing technical support and customer service
• Training and improving our artificial intelligence and machine learning models

3.2 Business Operations

• Conducting market research, analytics, and business intelligence
• Generating aggregated reports and statistics for internal and external use
• Benchmarking and comparative analysis
• Quality assurance and performance monitoring
• Financial reporting and accounting

3.3 Marketing and Communications

• Sending promotional materials, newsletters, and service updates
• Conducting targeted marketing campaigns
• Analyzing marketing effectiveness
• Building customer profiles and segments

Marketing Opt-Out: While you may request to opt out of marketing communications, we reserve the right to continue sending transactional, service-related, and administrative messages.

3.4 Legal and Security

• Ensuring compliance with legal obligations and regulations
• Protecting against fraud, abuse, and unauthorized access
• Enforcing our Terms of Service and other policies
• Responding to legal processes and governmental requests
• Protecting our rights, property, and safety
• Investigating and prosecuting violations of our policies

4. Information Sharing and Disclosure

Cloud Security Web LLC may share your information with third parties under various circumstances:

4.1 Service Providers and Vendors

We engage third-party companies and individuals to facilitate our Services, including cloud hosting providers, data storage services, analytics platforms, customer relationship management systems, payment processors, and marketing services. These service providers may have access to your information solely to perform specific tasks on our behalf.

4.2 Business Partners

We may share information with EHR vendors, healthcare technology partners, integration partners, and other collaborators necessary for providing seamless service integration and enhanced functionality.

4.3 Corporate Transactions

In the event of any merger, acquisition, reorganization, sale of assets, bankruptcy, or similar corporate transaction, your information may be transferred as part of the transaction. You acknowledge and consent to any such transfer, and you agree that any successor entity may continue to process your information as described in this Privacy Policy.

4.4 Legal and Regulatory Requirements

We may disclose your information when required by law, legal process, litigation, governmental request, regulatory authority, or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations
• Protect and defend our rights and property
• Prevent fraud or illegal activity
• Protect the safety of users or the public
• Respond to emergencies or urgent situations

4.5 Aggregated and De-Identified Data

We may freely share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you. Such data may be used for research, benchmarking, publications, marketing materials, and any other lawful purpose without restriction.

5. Data Retention

Retention Rights: Cloud Security Web LLC retains all collected information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce agreements, and protect our legitimate business interests. Specific retention periods include:

• Account Information: Duration of account plus minimum 7 years following account closure
• PHI: As required by HIPAA (minimum 6 years) or longer if required by state law or contractual obligations
• Transaction Records: Minimum 7 years as required for financial and tax compliance
• Communications: Indefinitely unless deletion is specifically requested and legally permissible
• Usage Data and Logs: Minimum 3 years for security and analytical purposes
• Backup Systems: Data in backup systems may be retained for extended periods as part of our disaster recovery protocols

Important Notice: Even after you request deletion, we may retain information where legally required, reasonably necessary for legitimate business operations, or where complete deletion is technically infeasible. Residual copies may persist in backup systems and archives.

6. Data Security

Cloud Security Web LLC implements reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• AES-256 encryption for data at rest and TLS 1.2+ encryption for data in transit
• Multi-factor authentication and role-based access controls
• Regular security audits, penetration testing, and vulnerability assessments
• SOC 2 Type II compliance and annual independent security reviews
• Employee training and background checks
• Comprehensive incident response and disaster recovery plans
• Network segmentation and intrusion detection systems

Security Disclaimer: HOWEVER, YOU ACKNOWLEDGE AND AGREE THAT NO SECURITY MEASURES ARE PERFECT OR IMPENETRABLE. CLOUD SECURITY WEB LLC MAKES NO WARRANTIES OR GUARANTEES REGARDING THE SECURITY OF YOUR INFORMATION. YOU ASSUME ALL RISKS ASSOCIATED WITH PROVIDING INFORMATION TO US AND USING OUR SERVICES. WE SHALL NOT BE LIABLE FOR ANY UNAUTHORIZED ACCESS, HACKING, DATA BREACHES, OR OTHER SECURITY INCIDENTS.

7. Your Rights and Choices

7.1 Access and Correction

You may request access to your personal information or request corrections to inaccurate data. However, we reserve the right to:

• Verify your identity before providing access (which may require substantial documentation)
• Charge reasonable fees for access requests that are excessive, repetitive, or burdensome
• Deny requests that are unreasonable, technically infeasible, or would compromise others' privacy
• Take up to 90 days to respond to requests
• Provide information in the format we deem appropriate

7.2 Data Deletion Requests

You may request deletion of your personal information, but please understand that:

• We are not required to delete data needed for legal compliance, fraud prevention, security purposes, or legitimate business operations
• Deletion may result in loss of access to Services and all associated data
• Some information may remain in backup systems for extended periods
• Aggregated or de-identified data is not subject to deletion requests
• We may retain metadata and log files even after deletion

7.3 Marketing Communications

You may opt out of promotional emails using the unsubscribe mechanism. However, opting out does not apply to transactional, service-related, administrative, legal, or security communications, which we may continue sending indefinitely.

7.4 Cookies and Tracking

You may disable cookies through browser settings, but this may significantly impair functionality and result in inability to use certain features or access parts of our Services.

7.5 Limitations on Rights

Important: All rights described above are subject to significant limitations and exceptions. We reserve the right to deny any request if we determine it is not legally required, unduly burdensome, technically infeasible, or contrary to our legitimate business interests.

8. HIPAA Compliance

For customers operating under Business Associate Agreements:

• We implement HIPAA-compliant safeguards for PHI processing
• We provide Business Associate Agreements as required
• We report breaches in accordance with HIPAA requirements

Customer Obligations: You acknowledge that YOU are primarily responsible for HIPAA compliance in your practice. You must obtain all required patient authorizations, maintain proper policies and procedures, train your workforce, and ensure appropriate use of our Services. You indemnify Cloud Security Web LLC for any violations arising from your practices or use of our Services.

9. International Data Transfers

Our Services are operated from the United States. By using our Services, you consent to the transfer, storage, and processing of your information in the United States and other countries where our service providers operate. You acknowledge that:

• Data protection laws in the United States may differ from and provide less protection than laws in your jurisdiction
• Your information may be subject to access by law enforcement and government agencies in the United States
• We make no representations that our Services comply with data protection laws in your jurisdiction
• You waive any claims arising from data transfers or differences in legal protection

10. Children's Privacy

Our Services are NOT intended for individuals under 18 years of age. We do not knowingly collect information from minors. If we discover that a minor has provided information, we may delete it without notice. Parents or guardians who believe a minor has provided information should contact us immediately.

11. Third-Party Services and Links

Our Services may contain links to third-party websites, services, or content. We have no control over and assume no responsibility for third-party practices. Your interactions with third parties are governed solely by their terms and privacy policies. We strongly encourage you to review their policies before providing any information. Cloud Security Web LLC disclaims all liability for third-party services.

12. Changes to Privacy Policy

Modification Rights: Cloud Security Web LLC reserves the absolute right to modify, update, or replace this Privacy Policy at any time, for any reason, without prior notice. Changes become effective immediately upon posting to our website with an updated "Last Updated" date.

Your Responsibility: It is YOUR responsibility to review this Privacy Policy periodically. Continued use of our Services after changes constitutes your binding acceptance of the modified Privacy Policy. We are under no obligation to notify you of changes individually.

No Grandfathering: All changes apply to all users and all information, including information collected prior to the change. There is no "grandfathering" of previous policies.

13. California Privacy Rights (CCPA)

California residents may have certain rights under the California Consumer Privacy Act (CCPA), subject to significant exceptions:

• Right to Know: You may request disclosure of categories and specific pieces of personal information collected (subject to verification and exceptions)
• Right to Delete: You may request deletion (subject to numerous exceptions for legal compliance, fraud prevention, and business operations)
• Right to Opt-Out: We do not sell personal information in the traditional sense
• Non-Discrimination: We will not discriminate against you for exercising CCPA rights, but we may charge different prices or provide different service levels based on the value of your information

Important Limitations: Most CCPA rights do not apply to PHI covered by HIPAA, employment information, or business-to-business communications. We reserve the right to verify identity extensively before responding to requests and may charge reasonable fees for burdensome requests.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area, you may have certain rights under GDPR. However, please note that:

• Our Services are based in the United States and primarily serve US customers
• We do not specifically target EEA residents
• All rights are subject to significant limitations and exceptions
• We may refuse requests that are manifestly unfounded or excessive

15. Limitations of Liability

CRITICAL NOTICE: TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

• CLOUD SECURITY WEB LLC SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM OR RELATED TO THIS PRIVACY POLICY OR OUR DATA PRACTICES
• WE MAKE NO WARRANTIES REGARDING DATA SECURITY, ACCURACY, OR AVAILABILITY
• YOU ASSUME ALL RISKS ASSOCIATED WITH PROVIDING INFORMATION TO US
• OUR TOTAL LIABILITY SHALL NOT EXCEED THE AMOUNT PAID TO US IN THE PRECEDING 12 MONTHS
• SOME JURISDICTIONS DO NOT ALLOW LIMITATIONS ON LIABILITY, BUT WE ASSERT THEM TO THE FULLEST EXTENT LEGALLY PERMISSIBLE

16. Dispute Resolution and Governing Law

This Privacy Policy is governed by the laws of the State of Delaware, United States, without regard to conflict of law principles. Any disputes arising from this Privacy Policy shall be resolved through binding arbitration in accordance with the procedures specified in our Terms of Service. You waive any right to class actions, jury trials, or pursuing claims in any other forum.

17. Contact Information and Support

For questions, requests, or concerns regarding this Privacy Policy or our data practices, you may contact us at:

Response Time: We will make commercially reasonable efforts to respond to inquiries within 30-90 business days, though we are under no legal obligation to respond to all inquiries. We reserve the right to verify your identity, charge fees for excessive requests, and deny requests at our discretion.