Capila Privacy Policy
Capila Privacy Policy
Effective Date: January 1, 2024
1. Introduction and Commitment to Privacy
At Capila, we deeply understand the personal and private nature of hair transplant procedures and clinic operations. Whether you’re a patient using our mobile application or a clinic using our web application, we take your privacy seriously and place the utmost importance on protecting your personal data. We are committed to following best practices and working towards full compliance with applicable data protection regulations, such as the General Data Protection Regulation (GDPR) in Europe and the Health Insurance Portability and Accountability Act (HIPAA) in the United States. Our goal is to keep your data secure, ensuring it is handled responsibly through trusted third-party services like Auth0 for authentication and data security.
This Privacy Policy applies to both the Capila mobile application for patients and the Capila web application for clinics. By using our platforms, you agree to the practices outlined in this policy.
2. Information Collection
Patient Data (Mobile App)
When you onboard with Capila’s mobile application, we collect certain information to personalize your recovery experience. This includes, for example, your procedure date or type of operation. This data allows us to send you customized recovery tips and train our AI chatbot to offer personalized guidance based on your recovery stage. Once collected, the data is anonymized and aggregated for internal analysis, meaning we may know general trends, but the data is not personally identifiable.
Clinic Data (Web App)
When clinics use Capila’s web application, we collect relevant information such as clinic name, admin contact information, billing details, and data on patient invitations. This data is used for administering the clinic’s account, managing subscriptions, and providing insights related to patient invitations and usage of the platform. Clinic data is never shared with third parties unless anonymized, and access is strictly controlled to safeguard privacy.
3. Use of Information
Personalized Experience for Patients (Mobile App)
The patient data we collect is used to customize the recovery experience. For example, the date of your procedure helps us send you relevant recovery tips at the right time. This data is also used to train our AI chatbot, allowing it to provide helpful responses. We ensure that all collected data is anonymized and aggregated before any analysis or internal research is conducted, ensuring privacy.
Usage Insights for Clinics (Web App)
For clinics, we use the collected data to improve the web platform’s functionality and provide valuable insights. Email addresses, names, and basic onboarding data related to the clinic’s invited patients are shared with the clinic. However, more detailed data, such as patient-chat interactions or private questions, remain confidential and are only available to the individual patient. Clinics will receive aggregated trends and insights to better understand patient outcomes, but this data is anonymized and not attributable to any specific individual.
4. Data Sharing and Disclosure
We do not share personal data with third parties unless it is anonymized. For clinics, this means that while we may provide insights into patient activity or trends, these insights are aggregated and stripped of any personally identifiable information. Clinics will not have access to patients’ private data beyond basic onboarding information.
We work with trusted third-party services, such as Auth0 for authentication and Typeform for lead generation and feedback. These third parties follow strict security and privacy standards, and all data interactions with these services are handled responsibly.
5. Data Protection Measures
External Security
We work with trusted, GDPR-compliant third parties to ensure that your data is stored and processed securely. Sensitive data is encrypted during transmission using industry-standard protocols such as TLS/SSL, and all third parties must follow strict data protection guidelines.
Internal Security
Internally, we follow stringent security protocols to protect patient and clinic data. This includes encrypted storage, password protection, access controls, and regular security audits to ensure data remains safe. Only authorized personnel have access to sensitive data, and security policies are continuously reviewed and updated.
6. User Consent and Control
Patient Controls (Mobile App)
Currently, users cannot directly modify or review their data in the app. We are, however, developing a profile management feature to give users control over their data. In the meantime, users can request data deletion or modification by contacting us at support@capilahealth.com.
Clinic Controls (Web App)
Clinic administrators have control over their billing data, subscription plans, and the basic data of patients they invite to the platform. However, clinics do not have access to private patient data, such as interactions with the AI chatbot.
7. Cookies and Tracking Technologies
We use cookies and similar technologies to better understand how users interact with our website and application. These cookies help us enhance your experience and provide essential functionality. We do not track personal data outside of what is required for the app’s functionality.
8. Subscription and Billing (Web App for Clinics)
Subscription Model: Clinics using the web app will be subject to a pay-per-patient model, where a one-time fee is charged for each invited patient. Later, we plan to introduce subscription plans that allow clinics to invite a set number of patients each month for a fixed fee.
Clinics are responsible for ensuring that their billing information is up to date. If payment fails or a subscription is canceled, clinics will lose the ability to invite new patients. However, patients already invited to the platform will retain access to the Capila mobile app for the remainder of their access period (typically one year). Clinics can still access past records even if their subscription is inactive.
9. Data Use for Reporting and Marketing
Clinics will receive necessary transactional emails related to patient invitations, updates, billing, and system alerts. Clinics can opt-in or out of marketing communications during sign-up, such as product updates or promotions. Opt-out is available at any time in the settings or via email.
Patients do not receive marketing communications unless they have explicitly opted in during account creation.
10. Data Retention and Termination of Service
For both patients and clinics, data will be retained for the duration of service and as required by law. If a clinic terminates their subscription, they will retain access to past data, and their patients will continue to have access to the Capila app. Patients’ data will be handled according to the policies outlined in the mobile app section.
11. International Data Transfers
All data collected by Capila is stored within the European Economic Area (EEA) in compliance with GDPR. Should any data transfer outside the EEA be necessary, we will ensure that it is fully compliant with data protection regulations.
12. Compliance and Future Improvements
While we strive to follow the best practices in GDPR and HIPAA compliance, we recognize that data security is an ongoing process. Capila is continually evolving its privacy measures and security protocols to ensure that we meet or exceed the standards set by these regulations. By using our platform, you acknowledge that we are committed to full compliance, but that these frameworks are complex and subject to change as we develop and improve our services.
13. Contact Information
If you have any concerns about our privacy practices or wish to request data deletion or modifications, please contact us at support@capilahealth.com.