top of page
220921_logo-50 3

Last Updated: May 5, 2025

PRIVACY POLICY

INTRODUCTION

Welcome to AugMend ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our VR software application.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our application.


This Privacy Policy covers the "personal information," meaning information about an identified or identifiable individual that is collected through our services. By accessing or using our services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

1. INFORMATION WE COLLECT

The specific data collected may vary depending on your use of the application, device capabilities, and enabled features.


1.1 Personal Information


We may collect personal information that you voluntarily provide to us when you:

  • Create an account

  • Use our VR software application

  • Contact our customer support

  • Subscribe to our newsletter

  • Participate in surveys or promotions

  • Register for events or webinars
     

This information may include:

  • Contact information (name, email address, phone number)

  • Account credentials (username)

  • Billing information (payment method details, billing address)

  • Profile information (profile picture, biographical information)

  • Communication preferences
     


1.2 Usage Data


When you use our VR software application or visit our website, we may automatically collect certain information about your device and usage patterns, including:
 

  • Device information (hardware model, operating system version, unique device identifiers)

  • IP address and network information

  • Location data (with your consent)

  • VR session data (duration, features used, performance metrics)

  • Log data (access times, pages viewed, time spent on pages)

  • Error reports and crash logs
     


1.3 VR-Specific Data


Our VR software application may collect additional information specific to your VR experience:
 

  • Movement and positional tracking data

  • Hand tracking and gesture data

  • Eye tracking data (if applicable hardware is used)

  • Voice commands and audio inputs

  • Virtual environment interactions

  • Performance and system diagnostics

  • Body dimensions that you choose to store in the tracking features of your VR device

  • Physical environment data, such as the dimensions of the room where you use the device

  • Technical system information, such as crash logs which may contain your user ID, device ID, IP address, local computer file path, feature quality, and use of that feature
     


1.4 AI-Assisted Interactions


Our VR software may incorporate artificial intelligence (AI) capabilities to enhance user experience through natural conversation. When these features are active:

  • Voice inputs may be processed through AI systems to understand and respond to your requests

  • Text from conversations may be processed to generate appropriate responses

  • We implement appropriate privacy safeguards including:

  • Data minimization principles to limit collection to what is necessary

  • Zero-retention policies where possible with our AI technology providers

  • Deletion of audio data after processing

  • De-identification of conversation transcripts when storage is required

  • Encryption of all data during transmission and storage

2. HOW WE USE YOUR INFORMATION

We use the information we collect for various purposes, including:


2.1 To Provide and Maintain Our Services

 

  • Creating and managing your account

  • Processing transactions and billing

  • Delivering the functionality of our VR software application

  • Providing customer support and responding to inquiries

  • Sending service-related communications

     

2.2 To Improve Our Services

  • Analyzing usage patterns and trends

  • Identifying and fixing technical issues

  • Developing new features and enhancements

  • Personalizing user experience

  • Conducting research and development



2.3 Marketing and Communications

  • Sending newsletters and promotional communications (with your consent)

  • Providing information about new features or services

  • Measuring the effectiveness of our marketing campaigns

  • Conducting surveys and collecting feedback

     

2.4 Legal and Security Purposes

 

  • Detecting and preventing fraud and security incidents

  • Protecting against unauthorized access or misuse

  • Complying with legal obligations

  • Enforcing our terms of service and other policies

3. DATA RETENTION AND DELETION

3.1 Retention Period


We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

3.2 Data Deletion Requests


Regardless of your location or region, you have the right to request deletion of your personal information. To request deletion of your personal data, please email us at info@augmend.health


Upon receiving your request, we will:
 

  • Verify your identity

  • Process your request within 30 days

  • Notify you when the deletion is complete

  • Provide confirmation of deletion


  • Some information may be retained for legal or legitimate business purposes even after deletion request, such as:

  • Information necessary for legal compliance

  • Aggregated or anonymized data that no longer identifies you

  • Information needed to detect security incidents or protect against malicious activities

4. DATA SHARING AND DISCLOSURE

4.1 Third-Party Service Providers

We may share your information with third-party vendors, service providers, and other business partners who perform services on our behalf, such as:
 

  • Cloud hosting and storage providers

  • Payment processors

  • Analytics providers

  • Customer support services

  • Marketing and email service providers

     

All third-party service providers are contractually obligated to use your information only for the purposes for which we disclose it and in accordance with this Privacy Policy.


4.1.1 Third-Party Access


Some components or features of our Service may include additional privacy notices, such as an optional feature that uses your personal information in a unique way. The language of those terms and privacy notices supplement this Privacy Policy.


You may follow links contained in our Service or provided to you by other users to third-party websites or products not operated by us. This Privacy Policy does not apply to third-party websites or products. We strongly suggest you review their privacy policies to understand how your personal information is used and stored by those third parties.


4.2 Business Transfers


If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.


4.3 Legal Requirements


We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).


4.4 With Your Consent


We may share your information with third parties when we have your consent to do so.

5. DATA SECURITY

We have implemented comprehensive technical and organizational measures to protect the security and confidentiality of your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to protect your information, we cannot guarantee its absolute security.

Our security practices include:


5.1 Enterprise-Grade Encryption
 

  • Transport Layer Security (TLS) for all communications between users and our systems

  • Advanced Encryption Standard (AES) encryption for stored information

  • Encrypted WebSocket technology for data connections with frequently-rotated access credentials



5.2 Access Controls
 

  • Multi-factor authentication for system access

  • Role-based permissions limiting access to authorized personnel only

  • Detailed access logs of all system interactions

  • Regular security audits and compliance verification


  • 5.3 Infrastructure Security

  • Data hosting on Amazon Web Services (AWS), providing enterprise-grade security infrastructure

  • Regular security assessments and penetration testing

  • Robust security incident response procedures

  • Regular security training for our staff

     

5.4 Compliance and Certification

Compliance with applicable data protection regulations
SOC 2 certification process to validate our security controls (in progress)

Regular third-party security assessments


If you have an account with us and you suspect unauthorized use of your account or its credentials, you should contact us immediately using the contact information provided in Section 10.

6. YOUR RIGHTS AND CHOICES

6.1 Access and Update


You can access and update certain personal information through your account settings or by contacting us directly.


6.2 Communication Preferences


You can opt out of receiving marketing communications from us by following the unsubscribe instructions included in each email or by updating your communication preferences in your account settings.



6.3 Cookie Preferences


You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. Please note that some parts of our website may become inaccessible or not function properly if you disable cookies.


6.4 Do Not Track


We do not currently respond to "Do Not Track" signals as there is no common industry standard for compliance.

7. CHILDREN'S PRIVACY

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 years of age. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will take steps to delete such information and comply with applicable legal requirements.

8. INTERNATIONAL DATA TRANSFERS

We are headquartered in the United States and may use service providers that operate in other countries. Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country.


We have taken appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy when transferred internationally. Please note that your personal information will be stored within the US.

9. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date, and the updated version will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently to stay informed about how we are protecting your information.

If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting).

10. CONTACT US

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:


AugMend Health, Inc. 
1 Broadway, 14th Floor, Cambridge MA.  Email: info@augmend.health  Phone: (617) 693-5727

11. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA). For more information, please visit our California Privacy Rights page at www.augmend.com/california-privacy.

12. EU/EEA PRIVACY RIGHTS

If you are located in the European Union or European Economic Area, you have certain rights under the General Data Protection Regulation (GDPR). For more information, please visit our EU Privacy Rights page at www.augmend.com/eu-privacy.

13. SUPPLEMENTARY PRIVACY NOTICE FOR HEALTHCARE DATA

AugMend Health recognizes that our VR software application may be used in healthcare and research settings where protected health information (PHI) may be processed. This supplementary notice explains our additional privacy protections for such data.  

13.2 Enhanced Data Protection Measures


For healthcare and research applications, we implement additional protections:

 

  • Automatic De-identification: Before storage, all session transcripts undergo automatic de-identification using natural language processing tools that recognize and replace personally identifiable information such as names, dates, and locations with generic labels (e.g., [Name_1]).
     

  • Data Isolation: Healthcare and research data remains completely isolated from our other operations through technical separation measures. De-identified data collected for research purposes remains within the approved research scope and will not be repurposed for commercial applications outside the specified context.
     

  • Healthcare-Grade Security: In addition to our standard security measures, healthcare data benefits from additional protections including enterprise-grade AWS infrastructure with specialized healthcare security configurations.
     

  • Enhanced Audit Controls: We maintain detailed access logs for all healthcare data, enabling regular security audits and compliance verification.
     

  • Specialized Data Retention: Healthcare data retention follows HIPAA guidelines with a minimum six-year retention period unless otherwise specified by the applicable healthcare institution or research protocol.



13.3 AI Processing in Healthcare Contexts


When our VR application processes healthcare conversations using AI:


We implement zero data retention policies with our AI providers where data exists only temporarily to serve the request
 

  • Audio processed for speech-to-text is deleted immediately after transcription

  • We maintain strict data minimization principles, collecting only information necessary for the authorized healthcare or research purpose

  • All data transmissions use multiple layers of encryption

  • User conversations are processed through secure channels with appropriate access controls

     

13.4 Incident Response

In the unlikely event of a security incident involving healthcare data, AugMend maintains a formal response plan that includes immediate reporting, rapid containment, thorough documentation, and appropriate notifications as required by HIPAA and other applicable regulations.

Untitled.png

Home
Contact

Privacy Policy

Facebook
Twitter
LinkedIn

Tel. 617-693-5727
One Broadway, Fourth Floor

Cambridge, MA 02142

© 2025 by AugMend Health. 

bottom of page