PRIVACY POLICY

1. Effective as of May 22, 2015

This privacy policy governs your use of Figure 1, a software application (“Application”) that was created by Figure 1, Inc. The Application includes a method for viewing medical images, a database of medical images, and mechanisms for users to upload images to the database or send them to each other.

What information does the Application obtain and how is it used?

User Provided Information

The Application obtains the information you provide when you download and register the Application.

2. Part 1: Personal User Information

When you register with us and use the Application, you provide:

  1. your username
  2. your password
  3. your email address
  4. your specialty (selected from a drop-down menu).

We will store your username, country and specialty on an unencrypted server. Your password is cryptographically hashed and your email address is encrypted. These information elements are referred to collectively as your “Personal User Information.” We collect and hold this information for the purpose of administering your use of the Application.

You are solely responsible for (1) maintaining the strict confidentiality of your Personal User Information, (2) not allowing another person to use your Personal User Information to access the Services, (3) any and all damages or losses that may be incurred or suffered as a result of any activities that occur under your Personal User Information. You agree to immediately notify Figure 1, Inc. in writing by email to privacy@figure1.com of any unauthorized use of your Personal User Information or any other breach of security. Figure 1, Inc. is not and shall not be liable for any harm arising from or relating to the theft of your Personal User Information, your disclosure of your Personal User Information, or the use of your Personal User Information by another person or entity.

3. Part 2: User-Provided Case Information

(a) When you use the application, you may:

  1. upload images
  2. create image captions and tags
  3. share the image as private or public.

We will store your uploaded images, image captions, date created, number of times the tag is used, common variations of image tags (such as misspellings) and information on whether the tag appears in searches. The Application stores only de-identified images, not the original unedited image, which may contain personally identifying features. (See list of identifying features in Section 7 of the Terms of Service). We do not store IP addresses or location information relating to images uploaded by users.

(b) When you use the application, you may provide comments. We will store your comments made, the date of comment and the username connected to the comment.

(c) When you use the application, you may “favorite” images for easy reference later. We will store which images on Figure 1 you have “favorited”, as well as the date favorited and the username connected to the image favorited.

(d) When you use the application, you may flag images provided by other users (e.g., to indicate that identifiable information may have been improperly included in an image, caption, or comment). We will store the images that you flag, the subcategory of the flagged image, the date flagged and the username referenced to the flagged image.

(e) We will also store the date your account was created, the Application version, and the last login date.

These informational elements shall be referred to as “User-Provided Case Information.” All User-Provided Case Information that you generate in the Application must comply with local, national, provincial, state, and federal privacy legislation and best practices. Identifying information must be removed from any uploaded images and should not be included in any captions or comments. The Application is already enabled with Figure 1, Inc.’s proprietary features, such as automatic and manual information-blocking tools, to help you remove direct identifiers and other common identifiers from User-Provided Case Information, but the existence of these tools does not release you from any obligations under local, national, provincial, state, and federal laws to maintain the privacy of patients or other users.

(f) Optional User Provided Information

  1. You also have the option to ask to be verified as a licensed healthcare professional. If you choose this option, you will be asked to provide us with additional information, which we will cross-reference with publicly available data to ensure that you actually are a licensed healthcare professional. If you are verified, we will store your status as a “verified healthcare professional”.
  2. You also have the option to invite colleagues to join Figure 1 so that they can use the Application too. If you choose to do this, the Application will access the address book on your mobile device to enable you to choose which of your colleagues you would like to invite to the Application. We only store the email addresses of those colleagues you invite to join the Application for the purpose of sending them an invitation email from our server. We do not store your complete address book.
  3. You will also have the option to expand your user profile with additional information. If you choose this option, you may complete any of the following fields: real name, state, country, and institution, and you may include a short biography and upload a profile picture. Information you provide will be visible to all verified healthcare professionals using the Application or the website. You are responsible for the accuracy of all of the information you provide.

(g) Automatically Collected Information

In addition, the Application may collect certain information automatically, such as the type of mobile device you use, the IP address of your mobile device, your mobile operating system and information about the way you use the Application in order to improve the Application and deliver the services.

All information stored on our server will not be accessible by third parties. We do not collect user level search activity or viewing activity. This is compiled only at an aggregate, in order to help us better understand how users are using our Application, so that we can optimize your experiences.

We may also use the information provided by you to contact you from time to time to provide you with important information, push notifications and marketing promotions. You will be given the option to opt-out of these notifications.

Does the Application collect precise real time location information of the device?

This Application does not collect precise information about the location of your mobile device.

Do third parties see and/or have access to information obtained by the Application?

We will disclose User Provided and Automatically Collected Information, within or outside your jurisdiction, as described above in the following circumstances:

What are my opt-out rights?

You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.

However, the Application will not allow you to opt out of any announcements and messages related to the implementation of this Policy and your obligations thereunder. As such, should your uploaded images, image captions, or comments contain identifying information about a patient (as described in the Terms of Service,) you will receive messages from Figure 1 notifying you of a potential privacy violation associated with this content.

You may also delete your account by going to your profile and tapping and holding the “Logout” button. You will be asked to confirm that you would like to delete your account. If you confirm, your profile information and all images associated with your profile will be automatically deleted from the Figure 1 server. We cannot guarantee, however, that we will be able to recall images that have been provided to third-parties, such as medical journals or medical education websites.

4. Data Retention Policy, Managing Your Information

We will retain User Provided Information as described above for as long as you use the Application, and will delete it if you delete your account, which can be done easily on the profile tab in the app or by contacting us via privacy@figure1.com. You may also permanently delete images from the Application. Once an image is deleted by the user, it will be deleted from our server along with all references to the image, such as all associated comments or favorites. We cannot guarantee, however, that we will be able to recall images that have been provided to third-parties, such as medical journals or medical education websites.

If you contact Figure 1, Inc. to delete your account, the change will be processed within seven (7) calendar days.

5. Security

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic and procedural safeguards to protect information we process and maintain.

For example, your password is cryptographically hashed and your email address is encrypted.

We limit access to your information to authorized employees and contractors who need to know that information in order to operate, develop or improve the Application. Please be aware that, although we will take reasonable steps to safeguard and maintain security of Personal User Information, User-Provided Case Information, Optional User Provided Information, and Automatically Collected Information that we process and maintain, no security system can prevent all potential security breaches. Please refer to the Terms of Service for more details about Figure 1, Inc.’s and your obligations with respect to the proper use of the Application and notification obligations thereunder.

6. Changes

This Privacy Policy may be updated from time to time for any reason. Each time you use the Application, the most current version of the Privacy Policy will apply. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here. You are advised to consult this Privacy Policy regularly for any changes. Unless stated otherwise, the most current version of the Privacy Policy applies to all information that we have about you. We will not materially change our policies and practices to make them less protective of your privacy without the consent of affected users.

7. Your Consent

By using the Services, you are consenting to our processing of Personal User Information, User-Provided Case Information, Optional User Provided Information, and Automatically Collected Information as set forth in this Privacy Policy now and as amended by us. “Processing” means using cookies on a computer/hand held device or using or touching information in any way, including, but not limited to, collecting, storing, deleting, using, combining and disclosing information.

Contact us – If you have any questions regarding privacy while using the Application, have questions about our practices, or wish to make a complaint about our handling of your personal data, please contact us via email or anonymously here. We will make every effort to investigate and respond to your complaint in a timely way.

Any and all good-faith disclosures of privacy concerns under this Policy will not be used to restrict or prohibit you from continuing to use the Application to the extent permitted by law. However, disclosure of any unlawful practices implicating the Privacy Policy to Figure 1, Inc. does not release you from your obligations to notify local, national, provincial, state, and federal authorities of any violation of law related to your use of the Application.

8. Notice to California Residents

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by us to third parties for the third parties’ direct marketing purposes. With respect to these entities, this Policy applies only to their activities within the State of California. To make such a request, please send an email to privacy@figure1.com or write us at:

34 Park Road, Toronto, Ontario, Canada, M4W 2N4 or

9. ADDITIONAL TERMS FOR UNITED KINGDOM, NORWEGIAN, ICELANDIC, SOUTH AMERICAN AND EUROPEAN UNION RESIDENTS

If you are a resident of the United Kingdom, Norway, Iceland, the European Union or South America, legislation* permits you to request that we tell you what personal information we hold about you and how we process it and that we provide you with a copy of that information. You are also entitled to access, rectify, change, update, delete, revoke, or improve upon your personal information at any time. You can exercise this right free of charge. We may ask you to provide further information to confirm your identity before considering your request. To make such a request, please send an email to privacy@figure1.com or write us at:

Figure 1, Inc., 34 Park Road, Toronto, Ontario, Canada, M4W 2N4

Digital +Ethics: 15 rue Rougemont, 75009 Paris (if you are a resident of France).

If you use the Application to invite colleagues to join Figure 1 or to share photos with a colleague, you must first have their consent to use their e-mail address for this purpose. Figure 1 will rely on your obtaining that consent.

For purposes of providing the Application Figure 1 may transfer your personal data to servers located in the United States or other countries outside of the european Economic Area which provide for a different level of data protection. By using, and continuing to use the Application, you agree to that transfer.

The data we hold is used solely for the purposes of operating the Figure 1 site and communicating with you. We will not provide it to any third parties, other than service providers acting on our behalf to assist in running the Figure 1 App. The information we request from you is mandatory unless indicated otherwise and is necessary to enable Figure 1 to provide you with the Figure 1 App. You are also entitled to object to any processing of your personal data on reasonable grounds.

*Legislation

10. ADDITIONAL TERMS FOR AUSTRALIAN, NEW ZEALAND, CHINESE, INDIAN, JAPANESE AND SOUTH AFRICAN RESIDENTS

If you are a resident of the Australia, New Zealand, India, Japan, the PRC or South Africa privacy legislation permits you to request that we tell you what personal information we hold about you and provide you with a copy of that information. You also have the right to request that we correct your personal information if it is inaccurate, out-of-date or incomplete. We may ask you to provide further information to confirm your identity before considering your request. To make an access and/or correction request, please send an email to privacy@figure1.com or write us at:

Figure 1, Inc., 34 Park Road, Toronto, Ontario, Canada, M4W 2N4

If you use the Application to invite colleagues to join Figure 1 or to share photos with a colleague, you must first have their consent to use their e-mail address for this purpose. Figure 1 will rely on your obtaining that consent.

It is not mandatory for you to provide us with any of your personal information. However, if you do not provide the information that we ask for, you may not be able to access and use all of the Application’s features available to users.

Figure 1 may transfer your personal data to servers located in other countries for purposes of providing the Application. By using, and continuing to use the Application, you agree to that transfer. If you are an Australian resident, you acknowledge that by providing your consent to the transfer to servers located outside Australia, we are not required to take reasonable steps to ensure your personal information is handled in accordance with Australian privacy law.

If you are a user in the PRC, if you notice any personal information leakage or otherwise have any complaint about the protection of your personal information, please contact privacy@figure1.com. We will respond within fifteen days of the receipt of your email.