Privacy Policy

This privacy policy provides comprehensive information relating to how we collect, use, and share your personal and medical information at Updox LLC, a Delaware limited liability company with its principal place of business in Ohio, (“Updox”) and the rights you have in relation to this data. This policy applies to your use of Updox’s website (“Website”), located at https://updox.com/, and other digital and online services and products provided by Updox (collectively, “Services”). This policy also describes our privacy practices and procedures that relate to the Website and the Services as well as the purposes for which your Personal Information may be used.

In our privacy policy, “Updox”, “we” and “our” mean Updox LLC, and “you” means any person who accesses and uses our Website or the Services.

1) Contact Information 

Updox LLC 
6555 Longshore St. Suite 200
Dublin, Ohio 43017

E-Mail: legal@updox.com  

2) Your Consent

Please take a few minutes to review this policy before using the Website or the Services. By using this Website or the Services, you are consenting to the collection, use and disclosure of your information as set forth in this policy. If you do not agree to be bound by this policy, you may not access or use this Website or the Services.

3) Geographical Limitations

The owner of the Website and the Services is based in the State of Ohio in the United States. We provide the Website and the Services for use only by persons located in the United States. We make no claims that the Website, the Services or any of their content is accessible or appropriate outside of the United States. If you access the Website or the Services from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

4) Protected Health Information (PHI)

This privacy policy describes the use of your Personal Information (defined below) collected through the Website and the Services. 

This Website is not designed for you to communicate with health providers regarding your specific treatment or care, and we do not monitor or respond to such enquiries communicated via the Website. If you wish to seek care or communicate regarding your treatment, please contact your health care provider directly.

5) Categories of Personal Information We Collect

Our Website and the Services collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (”Personal Information”). 

We collect Personal Information related to you:

a) from you when you provide such information to us;

b) through technology-enabled collection and tracking services that allow us to automatically collect certain information when you use our Website or the Services or interact with our emails, or social media.

c) from other sources, including from Providers who perform a business, professional or technical support functions for us.

Information You Provide To Us

When you use our Website or the Services, we may collect:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e)) such a name, signature, address, telephone number, or medical information.
  • Protected classification characteristics under California or federal law such as age, marital status, medical condition, physical or mental disability, sex.
  • Commercial information. Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or other similar network activity. Information on a consumer’s interaction with a website, application, or advertisement.

We also keep track of how you use and interact with our Services through the use of cookies and other tracking technologies as listed below.  

Automatically Collected Information

When you use certain Services, we use cookies, web beacons, pixel tags, social media widgets and other automated information collection and tracking technologies to collect and store certain types of Personal Information (“Automatically Collected Information”).  Automatically Collected Information includes information such as:

  • Services – your username, IP address, the screens you use, how you navigate through the services
  • Corporate Web Site – IP address, the screens you visit

Cookies

A cookie is a small piece of data sent from a website that is stored on your computer by your web browser. Cookies are mainly used to manage your browser session, capture your preferences, and provide analytics. Some cookies exist only while your browser remains open (e.g. session cookie) while others are persistent (e.g. your preferences). 

Social Media Widgets

The Website may contain links to our social media accounts on Facebook, Twitter, Instagram and LinkedIn platforms. Clicking on any such links means that the respective social network receives information on which website you came from as a user. 

6) How We Use Your Personal Information

We may use Personal Information we collect for the following purposes:

  • To provide you our products and services
  • To communicate with you
  • For our internal operations
  • For fraud prevention, security and legal compliance

Examples of how we use Personal Information for these purposes are listed below. Please note that we may use information that does not specifically identify you or your device(s) without restriction.

To Provide You our Products and Services

  • Establish and maintain your customer account for our Services
  • Fulfill and manage subscription orders, payments of products or services we offer and communicate with you about these transactions
  • Enable certain functionalities on our Website and Services (for example, to permit you to subscribe to one of our services)
  • Provide customer service

To Communicate with You

  • Communicate with you regarding your transactions with us, including purchases, orders, payments 
  • Connect with you to deliver customer service through our customer service or on social media or Internet chat platforms

For Marketing, Promotions and Advertising

  • Personalize, optimize and improve your experiences with our Services
  • Send communications and other information regarding our Services and promotions that we believe may be of interest to you

For our Internal Operations

  • Analyze the performance and effectiveness of our Services, including by analyzing visitor interaction with our Website and Services
  • Measure the performance of our different marketing efforts
  • Develop new services to enhance the customer experience with our Services
  • Maintain, enhance and improve our programs, accounts and records, including your Personal Information records
  • Conduct research and analytics related to our operations
  • Perform logistics and other operation and business activities
  • Pursuant to merger, acquisition, reorganization  

For Fraud Prevention, Security and Legal Compliance

  • Prevent, detect, mitigate and investigate fraud, security breaches and activities that are or potentially may be prohibited or illegal
  • Protect the security and integrity of our Services and data relating to such Services, including your Personal Information
  • As we believe to be required or appropriate to protect the rights, property, safety and security of Updox and our employees, customers and others
  • Assist law enforcement and respond to legal and/or regulatory inquiries in accordance with federal and state privacy laws as well as the Business Associate Agreement
  • As we believe to be required or appropriate under applicable law

7) How we share your Personal Information

We will only share your data with third parties as described below, within the scope of applicable law, or with the appropriate consent. Otherwise, it will not be shared with third parties unless we are obliged to do so due to mandatory legal regulations (disclosure to external bodies such as law enforcement authorities in the United States).

Sharing with Third Parties

We may share your Personal Information we collect with third parties for other purposes, such as in the following ways:

  • With our Providers. To companies who perform a business, professional or technical support function for us; for example, fax services, analytics, call center/chat services, payment processing, and fraud prevention.
  • With social media platforms, such as Facebook, Twitter, YouTube, LinkedIn and Instagram, through social media widgets and other tools used in connection with our Website which may be deployed by our Providers (for example, tools for you to share content on our Website with your friends and followers on social media).
  • To comply with the law. To comply with applicable law or reasonable requests for information based on governmental regulation, court order, subpoena or a similar related action. 
  • To protect ourselves. To enforce our policies and agreements, to protect our or others’ rights, property or safety, to prevent or mitigate the risk of harm or loss, in connection with an investigation of suspected or actual unlawful activity or in connection with any legal action, claim or dispute.
  • With successors to all or part of our business. In the event of a corporate sale, merger, reorganization, change in corporate control, acquisition, bankruptcy or similar event.
  • At your direction. At your direction or request or when you otherwise consent. 

Disclosures of Personal Information 

In the course of providing Services to you, we may disclose the following categories of Personal Information for a business purpose, for the purposes described in this privacy policy and to Providers, partners and vendors who perform business, professional and/or technical support functions for us:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers.
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e)) such a name, signature, address, telephone number, medical information, or health insurance information. 
  • Protected classification characteristics under California or federal law such as age, medical condition, physical or mental disability, sex.
  • Commercial information. Records of services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
  • Internet or other similar network activity. Information on a consumer’s interaction with a website, application, or advertisement.

Sales of Personal Information

  • Updox does not sell your Personal Information.

8) Limiting our Collection and Use of Your Personal Information

We strive to offer you choices about how we collect and use Personal Information relating to you. Please be aware that disallowing certain data collection may limit the usefulness of our Services, including our Website and Services. Your choices include the following:

Emails and Postal Mail 

From time to time, we may communicate with you for promotional purposes through emails or postal mail. Even if you opt-out of receiving marketing or promotional communications from us, we may still contact you to respond to an inquiry and for transactional purposes (for example, sales confirmations, training scheduling or billing matters).

Emails. To opt-out of receiving promotional emails from us and to unsubscribe from future promotional emails, you may use the “Unsubscribe Link” included within a promotional email from us to you. Please allow a reasonable period of time for your request to be removed from our email contact list to be made effective.

Postal Mail. To opt-out of receiving promotional postal mail, you may contact your Customer Success representative who will be happy to assist you. Please allow a reasonable period of time for your request to be removed from our promotional mailing contact list to be made effective.

9) Data retention period

We store your data as long as it is necessary for the processing purpose in question. Please note that a number of legally imposed retention periods require data to be stored for extended periods. This relates in particular to commercial or fiscal retention obligations. Unless there are further retention requirements, the data will be routinely deleted after subscription termination and in accordance with the Business Associate Agreement, as applicable.

In addition, we may retain the information if you have directed us to do so, or in the event of legal disputes and we use evidence within the statutory limitation periods.

10) Security of Personal Information

The security of your Personal Information is important to us.  We make commercially reasonable efforts to secure and protect the privacy, accuracy, and reliability of your information and to protect it from loss, misuse, unauthorized access, disclosure, alteration, and destruction. We have implemented security measures consistent with industry standards.  As no data security protocol is impenetrable, we cannot guarantee the security of our systems or databases, nor can we guarantee that Personal Information we collect about you will not be breached, intercepted, destroyed, accessed, or otherwise disclosed without authorization. Accordingly, any information including your Personal Information is provided by you at your own risk. 

Our Security Practices. We use a variety of administrative, contractual, technical and physical controls and safeguards to help protect your Personal Information from loss and unauthorized access, collection, use, disclosure, copying, modification, destruction or similar risks. However, no control or safeguard can completely guarantee that such information is completely secure. 

Your Security Practices. You are also responsible for taking reasonable steps to protect your Personal Information against unauthorized disclosure or use.

We encourage you to take steps to help protect the confidentiality and security of your account and Personal Information, including the following:

  • Review your account periodically and immediately report any unexpected activity or unrecognized information
  • Install the latest security updates and antivirus software on your computer to help prevent malware and viruses
  • Use complex passwords and not using the same password on more than one Website
  • Password protect your computers and mobile devices
  • Do not share your passwords with others
  • Sign out/log off Website sessions to close your session

11) Links to other providers

Our Website also contains links to the websites of other companies or providers. We have no influence as to the content of these third party websites and as such cannot guarantee or assume liability for their content. The content of these pages is always the responsibility of the respective provider or operator of the pages.

12) Online offerings for children

We do not collect any information from children. Persons under the age of 16 are not permitted to submit any Personal Information to us without the consent of the legal guardian or a declaration of consent. We encourage parents and guardians to actively participate in the online activities and interests of their children.

13) Your Rights as a California Resident

Effective on January 1, 2020, the California Consumer Privacy Act (CCPA) provides consumers (California residents) with specific rights regarding their Personal Information. 

Note: CCPA does not apply to information that is already protected through the Health Insurance Portability and Accountability Act (HIPAA).  

If you reside in California and if the Personal Information is not covered by HIPAA, you may exercise the following rights:

  • A right to disclosure of the categories of Personal Information collected by us
  • A right to disclosure of the specific pieces of Personal Information collected by us
  • A right to deletion of Personal Information by us (subject to certain Exceptions outlined below)
  • A right to receive Personal Information in a format that will allow its transfer to third parties by you
  • A right to opt-out of the “sale” of Personal Information (reminder: Updox does not sell your Personal Information)
  • A right to sue for security breaches of Personal Information  

Access to specific information and data portability rights

You have the right to request that we disclose to you your Personal Information we have collected about you over the past 12 months from the day of your request. Once we receive and confirm your request, we will disclose to you:

  • The categories of Personal Information we collected about you.
  • The categories of sources for the Personal Information we collected about you.
  • Our business and commercial purposes for collecting that Personal Information.
  • The categories of third parties with whom we shared that Personal Information, if applicable.   
  • The specific pieces of Personal Information we collected about you.
  • If we ‘sold” your Personal information (which we do not), the categories of information as well as the categories of recipients who “purchased” your information
  • If we “disclosed” your Personal Information for a business purpose, the categories of information as well as the categories of recipients who “received” your information

Deletion request rights

Under CCPA, you have the right to request that we delete non-HIPAA covered Personal Information data that we collected from you and retained, subject to certain Exceptions: 

a) to complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;

b) to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;

c) to debug products to identify and repair errors that impair existing intended functionality;

d) to exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;

e) to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);

f) to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;

g) to enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;

h) to comply with a legal obligation; or

i) to make other internal and lawful uses of that information that are compatible with the context in which you provided it (each an “Exception” and collectively, “Exceptions”).

Applicability to Updox

  • Services Data. – Several exceptions (a, b, h, i) apply to the services data we collect and retain. This data cannot be deleted while the account is active.  
  • Website Data. – As mentioned above, Updox collects only minimal information when you visit our website. However, if needed, this data may be deleted upon your request. 

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • deny you goods or services.
  • charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • provide you a different level or quality of goods or services.
  • suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

However, we may offer you certain financial incentives that can result in different prices, rates or service quality levels as permitted by the CCPA. At this time, we do not provide any such financial incentives.

Exercising Access, Data Portability and Deletion Rights

Only you, or someone legally authorized to act on your behalf, may make a request related to your Personal Information. You may also make a request on behalf of your minor child. We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

You may only make a request for access or data portability twice within a 12-month period. The request must:

  • provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and
  • describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Making a request to delete data collected on our Website does not require you to create an account with us. Also, we will only use Personal Information provided in a request to verify the requestor’s identity or authority to make the request.

To exercise your rights described above, please submit a delete information request to us by email at: support@updox.com and include the following information:

  • Name of person whose information is to be deleted
  • Name of your business, if applicable
  • IP address used when accessing the Updox website

Your Authorized Agent

You have the right to designate an authorized agent to make a request under the CCPA on your behalf.

Response Timing and Format

We will confirm that we received your request within ten (10) days and will respond within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.

We will deliver our written response electronically or, at your option, by mail.

Any disclosures we provide will only cover the 12-month period preceding our receipt of the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

14) Changes to our privacy policy

We may modify this privacy policy from time to time. We will notify you of material changes to this policy by posting a notice at the Website or by emailing you at an email address associated with you, if applicable, and provide an “at a glance” overview of any changes. 

Getting started is simple:

Let Updox simplify the business of healthcare enabling a better healthcare experience for the patients and consumers you serve.

Updox makes it easy:

  • Broad solution that works together better than any individual product
  • Understand and be ready to use in less than 30 minutes
  • Designed specifically for out-of-hospital providers and pharmacists
  • Dedicated On-Boarding and Customer Success expertise
  • Phone, email and live chat support