We don't sell your data or share your data unless you want us to do so.
We only share your information with people you specifically indicate. We do not share your information with ad companies, advertisers, researchers, or anyone else.
We do not in any capacity sell your information to other organizations, third parties, individuals, or any other entities.
Only you and people you explicitly allow to view your information can view your information. (And only select Plato Healthcare security staff have technnical access.)
At Plato Healthcare, we are committed to protecting the privacy and security of our users' data. This privacy policy explains how we collect, use, share, and protect your personal information. By using our services, you agree to the terms of this policy.
Data Collection: Plato Healthcare collects personal information such as your name, contact details, medical records, and health-related data to provide services such as centralizing your health records and enabling easy sharing with authorized parties, such as your healthcare providers, family members, or other third parties whom you designate. We also collect data from publicly available sources or authorized requests on your behalf.
Data Sharing: We may share your personal information with third parties under certain circumstances:
Revoking Data Access: If you decide to revoke access to your personal data, you can do so at any time using the Share features, by updating your account settings, or contacting us directly. Once access is revoked, we will immediately cease sharing your information with authorized parties. However, any data that has already been shared with your consent may continue to be stored and used by those parties, unless you request its deletion and they comply. Users also have the ability to directly delete any information they wish within the app itself.
Closed Accounts: In the event you want to close your account, Plato Healthcare will retain your data unless specified (via the app or email) to delete your data. (This is primarily so if you reactivate your account you can regain access to all of your previously retrieved information.)
Dormant Accounts: An account is considered a "Dormant Account" if the user is not part of a subscription service and has not used the app for over 2 years. In the event of a dormant account, Plato Healthcare will retain your data unless specified (via the app or email) to delete your data.
Plato Healthcare may use de-identified, anonymized, or pseudonymized data for service improvement. In doing so, we use technical methods to remove any personally identifiable information while enhancing the user experience.
Although we take steps to ensure that your data is de-identified, there is still a small risk that de-identified data could be used to infer personal attributes, including medical conditions, if combined with other available disparate information. However, this is likely to be very rare as we do not share personal details such as names, contact information, or addresses in our anonymized data processes.
When users first use our app, they are directed to an onboarding section. Part of this onboarding process includes requiring consent before they can move forward. If a user attempts to input information or use the app without completing the consent process, they are prompted to complete the required consent steps before proceeding.
Plato Healthcare discloses personal information only when required by law, or when explicitly authorized by the user. For example, we may disclose information in compliance with a court order or subpoena, or with your explicit consent to share health data with third parties such as healthcare providers. All disclosures are logged and monitored for compliance with our privacy policies.
Only authorized users have access to any personal information. Plato Healthcare has designed its platform to securely ‘containerize’ patient information. This digital container can only be accessed by the user or individuals whom they explicitly allow. No one else, including engineers, has access to this data, except for the CEO of Plato Healthcare who has technical access in exceptional cases.
Plato Healthcare takes data security seriously. All data is encrypted in transit and at rest using industry-standard encryption protocols. Only authenticated and authorized users have access to data, and security measures are continually monitored and updated. No engineer or developer at Plato Healthcare has access to patient information, ensuring that even internally, the highest standards of privacy are maintained.
Plato Healthcare retains data only for as long as necessary to fulfill the purposes for which it was collected. If a user closes their account or withdraws consent, we will stop collecting their data and securely delete or anonymize all personal information, unless legally required to retain it.
If a user’s account becomes dormant or is closed, Plato Healthcare retains the user’s data for a period of 90 days, during which the user may choose to reactivate their account. After this period, the data is securely deleted or anonymized. Users may also request earlier deletion by contacting us directly.
In some cases, sharing personal health information, such as genetic or family history data, may have implications for relatives or others. Users should be mindful that sharing such information could reveal personal attributes about others, including potential medical risks. Plato Healthcare does not share this information without explicit user consent and encourages users to consider the broader impact of data sharing on family members.
If a user withdraws their consent, Plato Healthcare will immediately stop collecting any new information on their behalf. The user’s existing data will be deleted or anonymized upon request, unless we are legally required to retain it. Users can contact us at any time to request data deletion or to withdraw consent for further data collection.
Notification of Changes: We may update this privacy policy from time to time to reflect changes in our practices, services, or legal obligations. In the event of significant changes, we will notify you via email and/or through in-app notifications. We encourage you to review any updates carefully and, if necessary, adjust your privacy settings or opt out of the service.
Data Protection Commitments: Plato Healthcare works with trusted third-party vendors to provide and improve our services, like billing or Cloud services. These vendors are required to adhere to strict confidentiality and data protection standards in accordance with applicable laws, including HIPAA and GDPR. Except for our Cloud provider (because that's where the data is securely stored), no 3rd party has direct or indirect access to any user's health information. We regularly review these partnerships to ensure your data remains secure and is used solely for the purposes outlined in this policy.
Data Breaches: The security of your data is our highest priority. In the unlikely event of a data breach involving your personal health records, Plato Healthcare will take immediate steps to investigate and resolve the issue. We will notify you promptly (via email, phone, and/or mail) if your data has been compromised and provide you with guidance on how to protect your information. Additionally, we will follow all applicable laws, including the FTC’s Health Breach Notification Rule, to ensure transparency and compliance.
Change in Ownership: In the event that Plato Healthcare is acquired or merges with another company, your personal information may be transferred as part of the transaction. If this happens, we will inform you in advance of any changes to the ownership of your data and provide options for you to review and update your privacy settings, or opt out if the new owner’s policies do not align with your preferences.
Plato Healthcare leverages third-party Language Learning Models (LLMs) to enhance our services, including providing patient education, answering general health questions, and offering support for users in managing their healthcare information. Our AI tools are intended to assist users in understanding health-related information and improving accessibility to our resources.
AI/LLM Services Used: We are currently experimenting with multiple well-known LLMs, including OpenAI, LLaMA, and Gemini models, as well as several popular models available through HuggingFace. These LLMs were chosen based on their capabilities in natural language processing and are used solely to deliver insights, improve user experience, and enhance accessibility to health information. We do not develop our own LLMs but carefully select and use third-party tools that align with industry standards.
Data Sharing with AI/LLM: While using these AI models, Plato Healthcare limits the personal information shared with the LLM to the minimum necessary to deliver relevant information and insights to users. No personal health records or identifiable patient data are shared directly with AI providers. Data shared with AI models is de-identified, anonymized, or pseudonymized to prevent any linkage back to an individual user, maintaining the confidentiality and security of all users’ health information.
Risks, Known Biases, and Limitations of AI/LLM Models: LLMs, while highly advanced, come with known limitations and potential biases. These models are trained on large datasets and may sometimes produce responses that reflect inherent biases present in the training data. We recognize the importance of addressing these risks, and we monitor responses for accuracy and appropriateness. However, users should be aware of the following:
Responsible Disclosure of Abnormal AI/LLM Results: Plato Healthcare is committed to transparency and responsible disclosure. If an AI/LLM produces an abnormal or inappropriate result, we encourage users to report it to us at privacy@plato.healthcare. Upon notification, we will investigate the issue, work with our AI provider to address it, and inform affected users of any necessary corrections or follow-up actions.
For further information on the models used, including detailed terms and conditions, users can review OpenAI's use and limitations policies, LLaMA’s Trust and Safety section documentation, and Gemini's FAQ.
For any questions or concerns about our privacy policy, please contact us at privacy@plato.healthcare.