Scienza Health Logo

    Privacy Policy

    Your privacy is important to us. Learn how we protect your information.

    Effective Date: August 23, 2025

    Last Updated: August 23, 2025

    Scienza Health, Inc. ("Scienza," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at www.scienzahealth.com (the "Website"), use our Gia™ AI platform, or interact with our services (collectively, the "Services").

    As a health technology company handling sensitive health data, we comply with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other relevant regulations.

    If you are a covered entity or business associate under HIPAA, please refer to our Business Associate Agreement (BAA), which governs our handling of Protected Health Information (PHI). For EU/UK residents, we process data under GDPR principles. For California residents, this Policy serves as our CCPA notice at collection.

    By using our Services, you consent to the practices described herein. If you do not agree, please do not use our Services.

    1. Information We Collect

    We collect information in several ways to provide and improve our Services. This includes:

    a. Personal Information You Provide

    • Contact and Account Information: Name, email address, phone number, mailing address, and account credentials when you register, request a demo, or contact us.
    • Health-Related Information: If you are a patient or user of our Gia™ platform, we may collect sensitive health data such as medical history, voice biomarkers (e.g., speech patterns for cognitive screening), wearable data (e.g., HRV, sleep metrics), and other PHI with your explicit consent or as permitted by law.
    • Payment Information: Billing details (e.g., credit card numbers) processed securely via third-party providers; we do not store full payment card details.
    • Other Voluntary Information: Feedback, survey responses, or communications you send us.

    b. Automatically Collected Information

    • Usage Data: IP address, browser type, device identifiers, pages visited, time spent, and referring URLs when you access our Website or Services.
    • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track user behavior, personalize content, and analyze trends. For details, see our Cookie Policy below.
    • Sensor and Device Data: In connection with our Services (e.g., Scienza Sentinel POC), we may collect environmental data from IoT sensors (e.g., temperature, humidity, air quality) and voice data from integrated devices.

    c. Information from Third Parties

    • Partners and Integrations: Data from healthcare providers, EHR systems (e.g., Epic), Samsung Galaxy devices (Samsung Health platform, Galaxy Watch), or APIs (e.g., ElevenLabs for voice processing) with your consent.
    • Public Sources: Aggregated data from public databases for research purposes, anonymized to protect privacy.

    We limit collection to what is necessary for our Services and do not collect data from children under 13 without verifiable parental consent.

    2. How We Use Your Information

    We use your information for legitimate business purposes, including:

    • Providing Services: To operate Gia™, perform cognitive screenings, automate documentation and billing, and deliver personalized health insights (e.g., using AI/ML for biomarker analysis).
    • Improving and Personalizing: Analyze usage to enhance features, train AI models (with anonymized data), and customize experiences.
    • Compliance and Security: Detect fraud, ensure regulatory compliance (e.g., HIPAA audits), and maintain data integrity.
    • Communications: Send service updates, alerts (e.g., outbreak predictions via Sentinel), or marketing materials (with opt-in consent).
    • Research and Analytics: Aggregate de-identified data for health research, subject to IRB approval and data minimization.
    • Legal Obligations: Respond to subpoenas, court orders, or regulatory requests.

    For sensitive health data (PHI), we process only as permitted under HIPAA (e.g., treatment, payment, operations) or with explicit consent under GDPR/CCPA. We use automated decision-making (e.g., AI risk scoring) with human oversight for significant decisions, and you have the right to contest outcomes.

    3. How We Share Your Information

    We do not sell your personal information. Sharing occurs only as necessary:

    • Service Providers: With vendors (e.g., AWS for hosting, ElevenLabs for voice processing) bound by contracts ensuring confidentiality and compliance.
    • Business Partners: With healthcare providers or integrators (Samsung Galaxy devices, Samsung Health platform, Samsung Knox security) under BAAs or data processing agreements.
    • Legal and Safety Reasons: To comply with laws, respond to authorities, or protect rights/safety (e.g., public health reporting).
    • Business Transfers: In mergers/acquisitions, with notice and consent where required.
    • With Your Consent: For any other purpose you approve.

    For PHI, sharing is limited to HIPAA-permitted uses. Under CCPA, we do not "sell" or "share" data for cross-context advertising. International transfers (e.g., to EU) use Standard Contractual Clauses or adequacy decisions.

    4. Data Security

    We implement robust security measures to protect your information, including:

    • Encryption (AES-256) for data at rest and in transit.
    • Access controls, firewalls, and regular vulnerability scans.
    • Employee training on data protection.
    • Incident response plans, with notification within 72 hours for breaches under GDPR/HIPAA.

    While no system is impenetrable, we use reasonable safeguards aligned with industry standards (e.g., NIST for cybersecurity).

    5. Your Privacy Rights

    Depending on your location, you have rights including:

    • Access: Request details of your data.
    • Correction/Rectification: Update inaccurate information.
    • Deletion/Erasure: Request removal, subject to legal exceptions (e.g., HIPAA retention).
    • Opt-Out of Sale/Sharing: We do not sell data, but you can opt out of targeted advertising.
    • Limit Sensitive Data Use: Restrict processing of sensitive PHI.
    • Portability: Receive your data in a transferable format.
    • Object/Withdraw Consent: Stop processing where based on consent or legitimate interests.
    • Non-Discrimination: No penalties for exercising rights.

    To exercise rights, contact us at support@scienzahealth.com or via our Website form. We respond within 30-45 days (extendable under law), free of charge (up to twice/year under CCPA). Verification may require ID. For GDPR, our Data Protection Officer is dpo@scienzahealth.com. For CCPA, submit requests via +1 888 816 1534 or form; we honor global privacy controls.

    6. Cookies and Tracking Technologies

    We use cookies for functionality, analytics, and marketing. Categories:

    • Essential: For site operation (no consent needed).
    • Performance/Analytics: Track usage (e.g., Google Analytics, anonymized).
    • Functional: Personalize content.
    • Targeting: If enabled, for ads (opt-out via settings).

    Manage preferences via our Cookie Banner. For details, see our Cookie Policy. We respect Do Not Track signals.

    7. Children's Privacy

    Our Services are not for children under 13 (or 16 under GDPR). We do not knowingly collect data from minors without parental consent. If discovered, we delete it promptly.

    8. International Data Transfers

    Data may be transferred to the US or other countries. We use safeguards like Standard Contractual Clauses, Binding Corporate Rules, or adequacy decisions to ensure protection equivalent to GDPR.

    9. Retention of Your Information

    We retain data as needed for Services, legal obligations (e.g., 6-10 years for health records under HIPAA), or business purposes. De-identified data may be kept indefinitely for research.

    10. Changes to This Privacy Policy

    We may update this Policy; changes are posted here with the effective date. Continued use constitutes acceptance. For material changes, we notify via email or Website notice.

    11. Contact Us

    For questions or rights requests:

    Scienza Health, Inc.

    21163 Newport Coast Drive Suite 137

    Newport Beach, CA 92657

    Email: support@scienzahealth.com

    Phone: +1 888 816 1534

    DPO (for GDPR): dpo@scienzahealth.com

    For complaints, contact your local authority (e.g., ICO for UK, CPPA for California).

    We value your privacy

    GDPR Compliant

    We use cookies and similar technologies to improve your experience, analyze site usage, and assist in our marketing efforts. You can manage your preferences or learn more in our Privacy Policy.

    Voice Assistant Instructions

    The Gia AI voice assistant is available in the bottom right corner of the page. Click the voice assistant button to start a conversation.

    • Press Tab to navigate to the voice assistant button
    • Press Enter or Space to activate the assistant
    • Use your microphone to speak with the AI assistant
    • Press Escape to close the conversation window

    The voice assistant can help you with clinical documentation questions, product information, and healthcare AI implementation guidance.

    Skip to main content