Privacy Policy

1. Company Information

A.Y. Health Technologies Inc.
A Delaware corporation

Mailing Address:
447 Sutter St, Ste 506 - 1348
San Francisco, CA 94108

Email: support@circadify.com
Phone: 210-526-1305

2. Overview of Our Privacy Commitment

Circadify has been designed with privacy as a foundational principle. Our remote photoplethysmography (rPPG) technology enables contactless vital sign detection while maintaining the highest standards of data protection and user privacy. We have architected our system to minimize data collection and ensure that sensitive health information remains private.

3. Information We Do NOT Collect

Understanding what we do not collect is essential to understanding our privacy-first approach:

3.1 Video and Image Data

Facial video frames and data are never stored. Video captured by your camera during a vital signs scan is rapidly processed and immediately discarded. We do not store, retain, or archive any video recordings, images, or frames of your face or body. Facial data exists only transiently during processing and is discarded as soon as the scan completes.

3.2 Patient Identifying Information

We do not collect, store, or have access to:

• Patient names or any personally identifiable information (PII)
• Medical record numbers or patient identifiers
• Date of birth, Social Security numbers, or government IDs
• Addresses, phone numbers, or email addresses of patients
• Insurance information or billing details of patients
• Medical history or diagnosis information
• Any information that could be used to identify individual patients

3.3 Individual User Tracking

We do not track, identify, or profile individual users of the Circadify platform. We do not use tracking cookies, fingerprinting technologies, or any mechanism designed to identify or follow individual users across sessions or devices.

3.4 Health Data Visibility

Your healthcare provider cannot see your health data through our system. Vital sign readings generated by Circadify are displayed only to the individual being scanned during the scan session. Unless the user chooses to share this information, these readings are not stored on our servers, transmitted to healthcare providers, or accessible to any third party.

4. Information We DO Collect

4.1 Circadify Platform (App) Data

The only data transmitted from the Circadify application to our servers includes:

• Pixel Data for Processing: During a scan, anonymized pixel data from the facial region of interest (ROI) is transmitted to our inference model for vital sign calculation. This data consists solely of numerical arrays representing color values and contains no identifying information. This pixel data is processed in real-time and is not stored after the inference is complete.
• Organization-Level Usage Metrics: We log usage information on a per-organization basis only. This includes aggregate scan counts and timestamps. This data is used solely for billing purposes and service optimization and cannot be tied to individual users or patients.

4.2 Organization (Customer) Data

For healthcare organizations that purchase Circadify services, we collect only:

• Organization name and billing contact information
• Aggregate usage rates for billing purposes
• Technical integration credentials

4.3 Website Data

Our website (circadify.com) does not employ tracking cookies, analytics services, or any data collection mechanisms unless you voluntarily submit information through our contact form. If you choose to contact us, we collect only the information you provide for the sole purpose of responding to your inquiry.

5. How We Process Data

Circadify captures video from your device's camera and rapidly processes it to extract vital sign signals. Facial video frames and data are never stored — they are processed in real-time and immediately discarded once the signal extraction is complete.

Only the extracted pixel data (numerical arrays with no visual or identifying content) is transmitted to our secure servers for final vital sign calculation using our proprietary rPPG algorithms. This transmission is encrypted using industry-standard TLS protocols. The pixel data is processed in memory, never written to persistent storage, and discarded immediately after inference results are returned.

Vital sign results are delivered to your device and displayed to you. We do not retain copies of individual scan results.

6. Data Security

We implement appropriate technical and organizational security measures, including:

• TLS encryption for all data in transit
• Secure cloud infrastructure with access controls
• Regular security assessments and updates
• Employee access restrictions and training
• HIPAA-compliant infrastructure and processes

7. HIPAA Compliance

While Circadify's architecture minimizes the collection and processing of Protected Health Information (PHI), we maintain HIPAA-compliant practices for our healthcare organization customers. We will enter into Business Associate Agreements (BAAs) with covered entities as required.

8. Demo Scan Data Practices

We do not store facial data, facial images, or any identity-related information from the demo scan. Vital sign readings generated during a demo scan are temporarily stored in a Redis cache for a maximum of 15 minutes solely for displaying your results. After 15 minutes, this data is automatically and permanently deleted.

We collect anonymous usage and analytics data from the demo scan to improve our service. This analytics data is fully anonymized and cannot be used to identify individual users.

9. Data Retention

• Video and pixel data: Not retained; processed in real-time and immediately discarded
• Demo scan vital signs: Temporarily cached for a maximum of 15 minutes, then automatically deleted
• Facial data and identity: Never stored or transmitted
• Usage metrics: Retained for billing and service improvement purposes
• Organization account data: Retained for the duration of the business relationship
• Contact form submissions: Retained only as long as necessary to respond to inquiries

10. Third-Party Services

Circadify may integrate with third-party EHR systems and telehealth platforms at the direction of our healthcare organization customers. Any data sharing with these systems is governed by the agreements between the healthcare organization and those third-party providers. Circadify does not independently share user data with third parties for marketing or other purposes.

11. Children's Privacy

Circadify is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

12. Your Rights

Depending on your jurisdiction, you may have rights regarding your personal information, including the right to access, correct, delete, or port your data. Given our minimal data collection practices, there is typically little to no personal information for us to provide, correct, or delete.

To exercise any of these rights, please contact us at support@circadify.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised "Last Updated" date. Your continued use of our services after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

A.Y. Health Technologies Inc.
447 Sutter St, Ste 506 - 1348
San Francisco, CA 94108

Email: support@circadify.com
Phone: 210-526-1305