SDK Privacy Policy
Effective Date: July 20, 2023
This Privacy Policy outlines how Hyfe Inc (“The Company”) collects, uses, discloses, and protects your personal information when you use our SDK and the associated Insights API. Please read this Privacy Policy carefully to understand our practices regarding your personal information.
1. Information Collection
1.1. Cough Detection:
Hyfe’s Software Development Kit (SDK) operates on your device to analyze ambient sound and detect coughs. It generates timestamps that correspond to each cough detected. The cough detection process is performed locally on your device and does not involve the transmission or storage of audio data or any personally identifiable information (PII).
1.2. Insights API:
The generated cough timestamps can be connected to our Insights API, which allows for analysis and aggregation of cough frequency data. When you choose to use the Insights API, the cough timestamps will be sent to our servers for processing. However, please note that the cough audio itself is not transmitted or stored on our servers - the APIs only analyze the cough frequency and rate - i.e. how often cough occurs over a specific period of time.
1.3. Opt-in Cough Sound Recording and Analysis
Hyfe provides the option, at a client's particular request, to opt in into sharing the recorded coughs, for purposes that include but are not limited to data labeling, quality control and validation or specific research purposes. In these cases your explicit consent is required along with a detailed disclosure of how the cough data will be recorded and stored.
2. Use of Information
2.1. Cough Detection:
The cough timestamps generated by the Company’s SDK are used solely for the purpose of detecting coughs and analyzing cough frequency. These timestamps are stored locally on your device and can be accessed by associated applications, including Hyfe’s APIs.
2.2. Insights API:
When you choose to connect the cough timestamps to our Insights API, The Company may collect and use cough timestamps to provide aggregated analytics and personalized insights. This data helps us analyze cough patterns and trends, provide you with actionable, personalized insights, and develop statistical models.
When you opt in to share the recorded coughs for research or other specific purposes, the audio data will be processed by our Insights API to provide aggregated analytics and insights. The data processed will be anonymized and aggregated to protect your privacy and comply with applicable data protection regulations.
2.3. Opt-in Cough Sounds
As mentioned in section 1.3 of the Privacy Policy, the cough timestamps generated by The Company’s SDK are used solely for the purpose of detecting and timestamping coughs. If you choose to opt in for cough data sharing, the recorded audio data will be used for the additional purposes explicitly disclosed to you during the consent process. In such cases, the recorded audio data will be processed and stored in accordance with the terms outlined in the detailed disclosure provided to you at the time of obtaining your explicit consent.
3. Data Retention
3.1. Cough Detection:
The cough timestamps generated by our SDK are stored locally on your device and are retained for a limited period of time determined by the application using the SDK. The Company does not have access to or store these cough timestamps on our servers.
3.2. Insights API
If you choose to connect the cough timestamps to our Insights API, the cough timestamps will be processed and stored on our servers. Data sent to the Insights API is encrypted at-rest and stored on full volume encrypted servers. The specific retention period will be determined by us and will be based on the requirements of our analysis and research. The anonymized and aggregated data processed by our Insights API may be shared with third parties for research purposes or other specific uses. However, this data will not include any personally identifiable information and will comply with applicable data protection regulations.
4. Information Sharing and Disclosure
4.1. Cough Detection
The cough timestamps generated by our SDK are stored locally on your device and are not shared with us or any third parties, except as required by applicable law or legal process.
4.2. Insights API
The cough timestamps connected to our Insights API - as well as other data as described in section 1 above, may be shared with trusted third-party service providers or partners who assist The Company in analyzing and processing the data. These third parties are bound by strict confidentiality obligations and are prohibited from using the data for any other purpose than providing the agreed-upon services to us.
5. Compliance
5.1. GDPR Compliance:
Our SDK for cough detection and the associated Insights API are designed with a commitment to comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). To ensure GDPR compliance, we implement the following practices:
A. Lawful Basis: We process personal information, including cough timestamps, based on the lawful basis of legitimate interests as outlined in Article 6(1)(f) of the GDPR. Our legitimate interest is to improve the accuracy of cough detection and provide valuable insights to our users.
B. Data Minimization: We strictly limit the data we collect and process to the minimum necessary for the cough detection and analysis purposes.
C. Anonymization and Aggregation: Any data sent to our servers for analysis through the Insights API is anonymized and aggregated, ensuring the protection of individual privacy.
D. User Rights: As a data subject under the GDPR, you have certain rights regarding your personal information. These include the right to access, rectify, and erase your data, as well as the right to restrict processing and data portability. If you wish to exercise these rights, please contact us using the information provided in the Privacy Policy.
E. Data Transfers: In case data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data, as required by the GDPR.
F. Data Breach Notification: In the event of a data breach that poses a risk to your rights and freedoms, we will notify the appropriate supervisory authority and affected users in accordance with the GDPR's requirements.
5.2. HIPAA Compliance:
While our SDK and Insights API are primarily designed for non-medical and consumer use, we understand the importance of protecting sensitive health information. As such, we have implemented certain measures aligned with the Health Insurance Portability and Accountability Act (HIPAA) to safeguard any protected health information (PHI) that may be associated with cough detection:
A. No PHI Collection: Our SDK does not collect, process, or transmit any audio data, including speech or cough sounds, that could be considered PHI.
B. Business Associate Agreements (BAAs): We acknowledge that some of our customers may be subject to HIPAA as covered entities or business associates. If we engage in any activity that involves the creation, receipt, maintenance, or transmission of PHI, we are willing to sign a Business Associate Agreement with the relevant parties, outlining our responsibilities in handling PHI.
Please note that while we strive to comply with the relevant data protection regulations, it is essential for users and organizations to ensure their own compliance when using our SDK and Insights API in any context that involves personal or sensitive health information. This may include obtaining appropriate consents, agreements, or certifications as required by applicable data protection laws and regulations.
6. Data Security
We implement industry-standard security measures to protect the cough timestamps and any other personal information we collect. However, please note that no method of transmission or storage over the internet is completely secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
7. Changes to the Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated Privacy Policy on our website or through other reasonable means. Your continued use of the SDK after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
8. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at [privacy@hyfe.ai].
Please note that this Privacy Policy applies solely to the use of our SDK and the associated Insights API and does not govern the practices of any third-party applications or services that may use our SDK. We encourage you to review the privacy policies of those third-party applications or services before using them.
