Privacy Policy
Last Updated: May 12, 2025
1. Introduction
Qurelo ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and services (collectively, the "Services").
We understand the sensitive nature of medical information and take our obligations regarding your privacy very seriously. This policy is designed to help you understand our practices and your rights regarding your information.
Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.
2. Information We Collect
We collect several types of information from and about users of our Services:
2.1 Personal Information
- Account Information: When you register for an account, we collect your name, email address, password, and other contact information.
- Payment Information: If you purchase premium services, we collect payment method information, transaction details, and billing information. Full payment card details are processed by our secure payment processors and are not stored by Qurelo.
- Profile Information: Information you provide in your user profile, such as demographic information or preferences.
- Communications: Records of your correspondence with us, including customer support interactions.
2.2 Medical Information
- Medical Reports: Reports you upload for analysis, which may contain sensitive health information, diagnostic results, medical measurements, and other clinical data.
- Health-Related Information: Any health-related information you share through our Services, including symptoms, conditions, medications, or treatment histories.
- Analysis Results: The interpretations, summaries, and analyses generated based on your medical reports.
2.3 Technical Information
- Usage Data: Information about how you interact with our Services, including browsing actions, patterns, features used, and time spent.
- Device Information: Information about your device, including IP address, browser type, operating system, and other technical identifiers.
- Cookies and Similar Technologies: Data collected through cookies, web beacons, and similar tracking technologies. For more information, please see our Cookie Policy.
3. How We Collect Your Information
We collect information through:
- Direct Interactions: Information you provide when creating an account, uploading medical reports, filling out forms, corresponding with us, or using our Services.
- Automated Technologies: As you navigate through our Services, we may automatically collect technical data using cookies, server logs, and similar technologies.
- Third Parties: We may receive information about you from third parties, such as payment processors, authentication services, or healthcare providers (with your consent).
4. How We Use Your Information
We use your information for the following purposes:
4.1 Providing and Improving Services
- To analyze and interpret the medical reports you upload
- To generate summaries, interpretations, and comprehensive analyses
- To process transactions and deliver purchased services
- To maintain your account and provide customer support
- To improve and develop our Services and algorithms
- To personalize your experience and deliver relevant content
4.2 Communication and Marketing
- To communicate with you about your account or transactions
- To respond to your inquiries and provide support
- To send administrative messages, updates, security alerts, and support messages
- To send marketing communications if you have opted in (with the option to opt-out)
- To inform you about new features, services, and offers
4.3 Security and Compliance
- To protect our Services and users from fraud, security threats, and illegal activities
- To verify your identity and authenticate access
- To enforce our Terms of Service and other policies
- To comply with legal obligations and regulatory requirements
- To establish, exercise, or defend legal claims
5. Legal Basis for Processing
We process your information based on the following legal grounds:
- Contract Performance: Processing necessary to provide the Services you have requested or to take steps at your request before entering into a contract.
- Consent: Where you have given explicit consent for processing your medical information or for specific purposes like marketing communications.
- Legitimate Interests: Processing necessary for our legitimate interests, such as improving our Services, providing security, and preventing fraud, as long as these interests are not overridden by your rights and freedoms.
- Legal Obligations: Processing necessary to comply with applicable laws, regulations, legal processes, or governmental requests.
6. How We Share Your Information
We may share your information with the following parties:
6.1 Service Providers
We share information with third-party service providers who perform services on our behalf, such as:
- Cloud storage providers
- Payment processors
- Analytics providers
- Customer support services
- Email and communication services
These providers are contractually obligated to use your information only to provide services to us and in accordance with our instructions and this Privacy Policy.
6.2 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
6.3 Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
6.4 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
6.5 Protection of Rights
We may disclose your information to protect and defend our rights, property, or safety; to enforce our Terms of Service; to protect against legal liability; or to protect the rights, property, or safety of our users or others.
6.6 Aggregated and De-identified Data
We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, development, or analytical purposes.
7. Data Security
We have implemented appropriate technical and organizational measures designed to protect the security of your information. These measures include:
- Encryption of sensitive data in transit and at rest
- Regular security assessments and vulnerability testing
- Access controls and authentication procedures
- Regular backup procedures
- Staff training on data protection and security practices
- Incident response protocols
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
8. Data Retention
We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you
- The nature of the medical reports you've submitted
- Our legal obligations
- The establishment, exercise, or defense of legal claims
For medical reports and analyses:
- By default, we do not store uploaded medical reports after processing
- Report analyses are retained in your account for your reference
- You can delete your analyses at any time through your account settings
9. Your Rights and Choices
Depending on your location, you may have certain rights regarding your information:
9.1 Access and Data Portability
You have the right to access the personal information we hold about you and, in some cases, receive a copy of this information in a structured, commonly used, and machine-readable format.
9.2 Correction
You have the right to request that we correct inaccurate or incomplete information about you.
9.3 Deletion
You have the right to request the deletion of your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
9.4 Restriction and Objection
You have the right to request that we restrict the processing of your information and to object to the processing of your information in certain circumstances.
9.5 Consent Withdrawal
If we rely on your consent as our legal basis for processing your information, you have the right to withdraw that consent at any time.
9.6 Complaint
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal information does not comply with applicable data protection laws.
To exercise these rights, please contact us at support@qurelo.com. We may need to verify your identity before fulfilling your request.
10. Children's Privacy
Our Services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at support@qurelo.com, and we will take steps to delete such information.
11. International Data Transfers
We may transfer, store, and process your information in countries other than your own. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us and our service providers in the United States and other countries.
When we transfer your information across borders, we take appropriate safeguards to ensure that your information receives an adequate level of protection, including:
- Entering into standard contractual clauses approved by relevant regulatory authorities
- Ensuring that recipients are bound by data protection laws providing adequate protection
- Obtaining your explicit consent for the transfer where required
12. Third-Party Links and Services
Our Services may contain links to third-party websites, services, or content that are not owned or controlled by us. This Privacy Policy does not apply to such third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.
13. Cookies and Similar Technologies
We use cookies and similar tracking technologies to track activity on our Services and to hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date, and the updated version will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently to stay informed about how we are protecting your information.
If we make material changes to this Privacy Policy, we will notify you either through the email address specified in your account or by placing a prominent notice on our website.
15. Special Notice for California Residents
Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have certain rights regarding their personal information. For more information about these rights and how to exercise them, please see our [California Privacy Notice].
16. Special Notice for European Economic Area Residents
If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR). For more information about these rights and how to exercise them, please see our [EU Privacy Notice].
17. Special Notice Regarding Health Information
While Qurelo is not a "covered entity" or "business associate" under the Health Insurance Portability and Accountability Act (HIPAA), we recognize the sensitivity of health information and are committed to protecting it with the highest standards of security and confidentiality.
We implement safeguards consistent with industry best practices for handling sensitive health information, including:
- Strict access controls and authentication
- Encryption of health data in transit and at rest
- Regular security assessments and audits
- Comprehensive privacy and security training for staff
- Clear policies for data handling and breach notification
18. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
Email: support@qurelo.com
Qurelo
[Your Company Address]
[City, State, ZIP]
[Country]