Privacy Policy for AURALIT-i

Effective Date: 13/11/2024

1. Introduction

Bioscience and Technology Holdings PTY (Ltd), trading as Vital Pursuit ("we," "us," or "our"), is committed to protecting the privacy of individuals who interact with our services. This Privacy Policy explains how we collect, use, process, and safeguard your personal information when you use our services, including our application, AURALIT-i, and any related websites or platforms (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to the collection and use of your information as described herein. If you do not agree with our practices, please do not use our Services.

Definitions:

• Personal Information: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal information, whether or not by automated means.
• Cookies: Small data files stored on your device by a website or application.

This Privacy Policy applies to all users and visitors of our Services.

---

2. Information We Collect

We may collect and process the following types of personal information:

2.1. Information You Provide to Us

• Account Information: When you create an account, we collect your email address, password, and any other profile details you provide.
• Audio Content: Audio recordings that you upload or record using our Services, which may include personal or sensitive information about you or third parties.
• Client Information: Details about your clients or patients, if you input such data into our Services, including names and other identifying information.
• Payment Information: Financial details such as credit card numbers or bank account information, processed securely by our payment gateway partner, Paystack.
• Communications: Information you provide when you contact us directly, such as feedback, inquiries, or customer support requests.

2.2. Information Collected Automatically

• Usage Data: Information about how you use our Services, including actions taken, pages viewed, and features used.
• Device Information: Details about the device you use, such as hardware model, operating system, browser type, IP address, and device identifiers.
• Log Information: Server logs, which may include information like your IP address, access times, and pages visited.

2.3. Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect information about your interactions with our Services, which helps us enhance your experience and gather analytical data.

2.4. Information from Third Parties

We may receive information about you from third parties, such as:

• Service Providers: Identity verification services, analytics providers, or Customer Record Management (CRM) partners.
• Publicly Available Sources: Information from public databases or social media platforms, according to your privacy settings on those services.

---

3. Purpose of Collection

We collect your personal information to:

• Provide and Maintain Services: Facilitate account creation, authenticate users, process audio files, generate transcripts and documents, and deliver the features of our Services.
• Manage Your Account: Handle your account settings, preferences, and access permissions.
• Process Transactions: Handle payments, subscriptions, and related financial activities securely.
• Communicate with You: Send administrative messages, updates, security alerts, and support communications.
• Personalize Your Experience: Customize content and tailor our Services to your interests and preferences.
• Marketing Communications: Send promotional materials and updates about our Services, with your consent where required.
• Analytics and Improvements: Monitor usage, conduct data analysis, and improve the quality and performance of our Services.
• Security and Fraud Prevention: Protect against, identify, and prevent fraud and other unlawful activities.
• Legal Compliance: Comply with legal obligations, enforce our terms, and respond to legal process or governmental requests.

---

4. Data Sharing and Processing

We may share your personal information with:

4.1. Third-Party Service Providers

We use third-party service providers to perform services on our behalf, including:

• Cloud Hosting and Storage: Services to securely store and manage data.
• AI Processing: Services to process audio and text data.
• Payment Processing: Services to handle payments securely.
• Analytics Services: Services that analyze usage data to help us improve our Services.
• Marketing and Communications: Platforms that assist in delivering CRM communications.

These providers are contractually bound to protect your personal information and use it only for the purposes for which it was disclosed.

4.2. Legal Obligations and Protection

We may disclose your personal information if required to do so by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, regulations, or court orders.
• Protect and defend our rights or property.
• Prevent or investigate possible wrongdoing in connection with the Services.
• Protect the personal safety of users or the public.

4.3. Business Transfers

In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your personal information may be transferred to a successor or affiliate as part of that transaction.

4.4. Anonymized Data

We may share aggregated or anonymized data that cannot reasonably be used to identify you. This information may be used for analytics, research, or marketing purposes.

---

5. Security Measures

We implement robust security measures to protect your personal information, including:

Data Processing with OpenAI:

• Zero Data Retention Policy at OpenAI: OpenAI operates under a Zero Data Retention policy for OpenAI services utilized by the AURALIT-i application. This means that OpenAI does not store or retain any data submitted after processing is complete, helping to protect your personal and sensitive information from unauthorized access or disclosure.

• HIPAA Compliance: The processing of data by OpenAI is conducted in compliance with HIPAA regulations as outlined in our BAA. This ensures that any Protected Health Information (PHI) processed by OpenAI is handled with the highest standards of security and confidentiality.

• Content Moderation and Harmful Content Detection:

  • Analysis by OpenAI's Content Moderation API: To maintain a safe and compliant service environment, all data returned by the OpenAI API is checked by OpenAI's Content Moderation API. This API analyzes the content for any harmful or prohibited material, such as hate speech. The Content Moderation API operates under a Zero Data Retention policy at OpenAI, ensuring that no data is stored or retained after analysis.

  • Logging of Moderation Results by Us: While OpenAI does not retain any data, we log the results of the moderation process. This logged data includes only the information on whether any of the text was flagged for potential violations, along with a job process ID. We use this information solely to monitor and prevent any harmful abuse of our application services, ensuring a safe and secure environment for all users. The logged moderation data does not include any personal or sensitive user content beyond the moderation flags and associated job process IDs.

• Encryption: All personally identifiable information in your personal profile, as well as that of your third-party clients, receives a primary layer 128-bit encryption before transfer. We use encryption protocols (SSL/TLS) to protect data during transmission. All data is also encrypted at rest by our third-party service providers.

• Access Controls: Access to personal information is limited to authorized personnel who require it to perform their job functions. We employ role-based access controls and authentication mechanisms to prevent unauthorized access to sensitive data.

• Firewalls and Intrusion Detection: Our systems are protected by firewalls and intrusion detection/prevention systems that monitor and block unauthorized access attempts, safeguarding against cyber threats and attacks.

• Regular Security Assessments: We conduct ongoing evaluations, including vulnerability assessments and penetration testing, to update and improve our security practices. This helps us identify and mitigate potential risks proactively.

User Responsibilities:

• Account Security: You are responsible for maintaining the confidentiality of your account credentials. Please protect your username and password and do not share them with others.

• Unauthorized Access: Notify us immediately at info-officer@auraliti.app if you suspect any unauthorized use of your account or any other breach of security.

Limitations:

While we strive to protect your information with industry-standard security measures, please note that no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security. In the unlikely event of a data breach, we will notify you and the relevant authorities as required by applicable laws.

---

6. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, subject to:

• Legal Requirements: Obligations to retain information under applicable laws and regulations.
• Dispute Resolution: Retention needed to resolve disputes or enforce our agreements.
• Business Needs: Operational requirements, such as maintaining accurate financial records.

After the retention period, we will securely delete or anonymize personal information.

---

7. Your Rights

Under POPIA and applicable laws, you have rights regarding your personal information:

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal information under certain circumstances.
• Objection: Object to the processing of your data for specific purposes.
• Data Portability: Request a copy of your personal information in a structured, machine-readable format.
• Withdraw Consent: Withdraw consent where processing is based on consent.
• Lodge a Complaint: File a complaint with the relevant data protection authority.

Exercising Your Rights:

To exercise your rights, contact our Information Officer at admin@auraliti.app. We may need to verify your identity before processing your request.

---

8. Compliance with POPIA and PAIA

We comply with the Protection of Personal Information Act (POPIA) and the Promotion of Access to Information Act (PAIA), ensuring transparency and accountability in data handling.

• PAIA Manual: Our PAIA manual is available at www.AURALIT-i.app/paia-manual, detailing procedures for requesting information.
• Information Officer: Responsible for overseeing compliance. Contact at info-officer@auraliti.app.

---

9. International Data Transfers

Your personal information may be transferred to and processed in countries outside of South Africa.

• Safeguards: We use legally approved mechanisms, such as Standard Contractual Clauses, to ensure data protection consistent with South African law.
• Consent: By using our Services, you consent to the transfer of your information to countries outside your country of residence.

---

10. Cookies and Similar Technologies

We use cookies and similar technologies to enhance your experience and gather data.

Types of Cookies We Use:

• Essential Cookies: Necessary for basic functionalities.
• Performance Cookies: Collect anonymous data on usage for improvements.

• Functional Cookies: Remember your choices to personalize content.

• Targeting Cookies: We DO NOT track browsing habits to deliver relevant advertising.

Managing Cookies:

• Browser Settings: Adjust your settings to refuse or delete cookies.
• Impact on Services: Disabling cookies may affect functionality.

---

11. Children's Privacy

Our Services are not intended for individuals under 18 years of age. Users under 18 must have permission from their parent or guardian to use our Services.

• No Intentional Collection: We do not knowingly collect personal information from children under 18.
• Parental Actions: If you believe your child has provided personal information, contact us to delete it.
• Deletion Procedures: Upon discovery, we will promptly remove such information from our records.

---

12. Third-Party Links

Our Services may contain links to third-party websites or services.

• No Control Over Third Parties: We are not responsible for their content or privacy practices.
• Recommendation: Review the privacy policies of any third-party sites you visit.

---

13. Changes to This Policy

Effective Date: 13/11/2024

We may update this Privacy as and when we deem it to be necessary.

• Notification of Changes: Significant changes will be communicated via email or through a notice on our website.
• Continued Use: Using our Services after changes constitutes acceptance of the updated policy.

---