The specific data collected may vary depending on your use of the application, device capabilities, and enabled features.

1.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Create an account
• Use our VR software application
• Contact our customer support
• Subscribe to our newsletter
• Participate in surveys or promotions
• Register for events or webinars

This information may include:

• Contact information (name, email address, phone number)
• Account credentials (username)
• Billing information (payment method details, billing address)
• Profile information (profile picture, biographical information)
• Communication preferences

1.2 Usage Data

When you use our VR software application or visit our website, we may automatically collect certain information about your device and usage patterns, including:

• Device information (hardware model, operating system version, unique device identifiers)
• IP address and network information
• Location data (with your consent)
• VR session data (duration, features used, performance metrics)
• Log data (access times, pages viewed, time spent on pages)
• Error reports and crash logs

1.3 VR-Specific Data

Our VR software application may collect additional information specific to your VR experience:

• Movement and positional tracking data
• Hand tracking and gesture data
• Eye tracking data (if applicable hardware is used)
• Voice commands and audio inputs
• Virtual environment interactions
• Performance and system diagnostics
• Body dimensions that you choose to store in the tracking features of your VR device
• Physical environment data, such as the dimensions of the room where you use the device
• Technical system information, such as crash logs which may contain your user ID, device ID, IP address, local computer file path, feature quality, and use of that feature

1.4 AI-Assisted Interactions

Our VR software may incorporate artificial intelligence (AI) capabilities to enhance user experience through natural conversation. When these features are active:

• Voice inputs may be processed through AI systems to understand and respond to your requests
• Text from conversations may be processed to generate appropriate responses
• We implement appropriate privacy safeguards including:
• Data minimization principles to limit collection to what is necessary
• Zero-retention policies where possible with our AI technology providers
• Deletion of audio data after processing
• De-identification of conversation transcripts when storage is required
• Encryption of all data during transmission and storage

We use the information we collect for various purposes, including:

2.1 To Provide and Maintain Our Services

• Creating and managing your account
• Processing transactions and billing
• Delivering the functionality of our VR software application
• Providing customer support and responding to inquiries
• Sending service-related communications

2.2 To Improve Our Services

• Analyzing usage patterns and trends
• Identifying and fixing technical issues
• Developing new features and enhancements
• Personalizing user experience
• Conducting research and development

2.3 Marketing and Communications

• Sending newsletters and promotional communications (with your consent)
• Providing information about new features or services
• Measuring the effectiveness of our marketing campaigns
• Conducting surveys and collecting feedback

2.4 Legal and Security Purposes

• Detecting and preventing fraud and security incidents
• Protecting against unauthorized access or misuse
• Complying with legal obligations
• Enforcing our terms of service and other policies

3.1 Retention Period

We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

3.2 Data Deletion Requests

Regardless of your location or region, you have the right to request deletion of your personal information. To request deletion of your personal data, please email us at info@augmend.health

Upon receiving your request, we will:

• Verify your identity
• Process your request within 30 days
• Notify you when the deletion is complete
• Provide confirmation of deletion

Some information may be retained for legal or legitimate business purposes even after deletion request, such as:

• Information necessary for legal compliance
• Aggregated or anonymized data that no longer identifies you
• Information needed to detect security incidents or protect against malicious activities

4.1 Third-Party Service Providers

We may share your information with third-party vendors, service providers, and other business partners who perform services on our behalf, such as:

• Cloud hosting and storage providers
• Payment processors
• Analytics providers
• Customer support services
• Marketing and email service providers

All third-party service providers are contractually obligated to use your information only for the purposes for which we disclose it and in accordance with this Privacy Policy.

4.1.1 Third-Party Access

Some components or features of our Service may include additional privacy notices, such as an optional feature that uses your personal information in a unique way. The language of those terms and privacy notices supplement this Privacy Policy.

You may follow links contained in our Service or provided to you by other users to third-party websites or products not operated by us. This Privacy Policy does not apply to third-party websites or products. We strongly suggest you review their privacy policies to understand how your personal information is used and stored by those third parties.

4.2 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.4 With Your Consent

We may share your information with third parties when we have your consent to do so.

We have implemented comprehensive technical and organizational measures to protect the security and confidentiality of your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to protect your information, we cannot guarantee its absolute security.

Our security practices include:

5.1 Enterprise-Grade Encryption

• Transport Layer Security (TLS) for all communications between users and our systems
• Advanced Encryption Standard (AES) encryption for stored information
• Encrypted WebSocket technology for data connections with frequently-rotated access credentials

5.2 Access Controls

• Multi-factor authentication for system access
• Role-based permissions limiting access to authorized personnel only
• Detailed access logs of all system interactions
• Regular security audits and compliance verification

5.3 Infrastructure Security

• Data hosting on Amazon Web Services (AWS), providing enterprise-grade security infrastructure
• Regular security assessments and penetration testing
• Robust security incident response procedures
• Regular security training for our staff

5.4 Compliance and Certification

• Compliance with applicable data protection regulations
• SOC 2 certification process to validate our security controls (in progress)
• Regular third-party security assessments

If you have an account with us and you suspect unauthorized use of your account or its credentials, you should contact us immediately using the contact information provided in Section 10.

6.1 Access and Update

You can access and update certain personal information through your account settings or by contacting us directly.

6.2 Communication Preferences

You can opt out of receiving marketing communications from us by following the unsubscribe instructions included in each email or by updating your communication preferences in your account settings.

6.3 Cookie Preferences

You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. Please note that some parts of our website may become inaccessible or not function properly if you disable cookies.

6.4 Do Not Track

We do not currently respond to "Do Not Track" signals as there is no common industry standard for compliance.

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA). For more information, please visit our California Privacy Rights page at www.augmend.com/california-privacy.

AugMend Health recognizes that our VR software application may be used in healthcare and research settings where protected health information (PHI) may be processed. This supplementary notice explains our additional privacy protections for such data.

13.1 HIPAA Compliance

AugMend Health is fully HIPAA-compliant for applicable healthcare-related services. When our services are used in a healthcare context, we function as a Business Associate and maintain appropriate Business Associate Agreements (BAAs) with covered entities as required by law.

13.2 Enhanced Data Protection Measures

For healthcare and research applications, we implement additional protections:

• Automatic De-identification: Before storage, all session transcripts undergo automatic de-identification using natural language processing tools that recognize and replace personally identifiable information such as names, dates, and locations with generic labels (e.g., [Name_1]).
• Data Isolation: Healthcare and research data remains completely isolated from our other operations through technical separation measures. De-identified data collected for research purposes remains within the approved research scope and will not be repurposed for commercial applications outside the specified context.
• Healthcare-Grade Security: In addition to our standard security measures, healthcare data benefits from additional protections including enterprise-grade AWS infrastructure with specialized healthcare security configurations.
• Enhanced Audit Controls: We maintain detailed access logs for all healthcare data, enabling regular security audits and compliance verification.
• Specialized Data Retention: Healthcare data retention follows HIPAA guidelines with a minimum six-year retention period unless otherwise specified by the applicable healthcare institution or research protocol.

13.3 AI Processing in Healthcare Contexts

When our VR application processes healthcare conversations using AI:

• We implement zero data retention policies with our AI providers where data exists only temporarily to serve the request
• Audio processed for speech-to-text is deleted immediately after transcription
• We maintain strict data minimization principles, collecting only information necessary for the authorized healthcare or research purpose
• All data transmissions use multiple layers of encryption
• User conversations are processed through secure channels with appropriate access controls

13.4 Incident Response

In the unlikely event of a security incident involving healthcare data, AugMend maintains a formal response plan that includes immediate reporting, rapid containment, thorough documentation, and appropriate notifications as required by HIPAA and other applicable regulations.

The specific data collected may vary depending on your use of the application, device capabilities, and enabled features.

1.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Create an account
• Use our VR software application
• Contact our customer support
• Subscribe to our newsletter
• Participate in surveys or promotions
• Register for events or webinars

This information may include:

• Contact information (name, email address, phone number)
• Account credentials (username)
• Billing information (payment method details, billing address)
• Profile information (profile picture, biographical information)
• Communication preferences

1.2 Usage Data

When you use our VR software application or visit our website, we may automatically collect certain information about your device and usage patterns, including:

• Device information (hardware model, operating system version, unique device identifiers)
• IP address and network information
• Location data (with your consent)
• VR session data (duration, features used, performance metrics)
• Log data (access times, pages viewed, time spent on pages)
• Error reports and crash logs

1.3 VR-Specific Data

Our VR software application may collect additional information specific to your VR experience:

• Movement and positional tracking data
• Hand tracking and gesture data
• Eye tracking data (if applicable hardware is used)
• Voice commands and audio inputs
• Virtual environment interactions
• Performance and system diagnostics
• Body dimensions that you choose to store in the tracking features of your VR device
• Physical environment data, such as the dimensions of the room where you use the device
• Technical system information, such as crash logs which may contain your user ID, device ID, IP address, local computer file path, feature quality, and use of that feature

1.4 AI-Assisted Interactions

Our VR software may incorporate artificial intelligence (AI) capabilities to enhance user experience through natural conversation. When these features are active:

• Voice inputs may be processed through AI systems to understand and respond to your requests
• Text from conversations may be processed to generate appropriate responses
• We implement appropriate privacy safeguards including:
• Data minimization principles to limit collection to what is necessary
• Zero-retention policies where possible with our AI technology providers
• Deletion of audio data after processing
• De-identification of conversation transcripts when storage is required
• Encryption of all data during transmission and storage

We use the information we collect for various purposes, including:

2.1 To Provide and Maintain Our Services

• Creating and managing your account
• Processing transactions and billing
• Delivering the functionality of our VR software application
• Providing customer support and responding to inquiries
• Sending service-related communications

2.2 To Improve Our Services

• Analyzing usage patterns and trends
• Identifying and fixing technical issues
• Developing new features and enhancements
• Personalizing user experience
• Conducting research and development

2.3 Marketing and Communications

• Sending newsletters and promotional communications (with your consent)
• Providing information about new features or services
• Measuring the effectiveness of our marketing campaigns
• Conducting surveys and collecting feedback

2.4 Legal and Security Purposes

• Detecting and preventing fraud and security incidents
• Protecting against unauthorized access or misuse
• Complying with legal obligations
• Enforcing our terms of service and other policies

3.1 Retention Period

We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

3.2 Data Deletion Requests

Regardless of your location or region, you have the right to request deletion of your personal information. To request deletion of your personal data, please email us at info@augmend.health

Upon receiving your request, we will:

• Verify your identity
• Process your request within 30 days
• Notify you when the deletion is complete
• Provide confirmation of deletion

Some information may be retained for legal or legitimate business purposes even after deletion request, such as:

• Information necessary for legal compliance
• Aggregated or anonymized data that no longer identifies you
• Information needed to detect security incidents or protect against malicious activities

4.1 Third-Party Service Providers

We may share your information with third-party vendors, service providers, and other business partners who perform services on our behalf, such as:

• Cloud hosting and storage providers
• Payment processors
• Analytics providers
• Customer support services
• Marketing and email service providers

All third-party service providers are contractually obligated to use your information only for the purposes for which we disclose it and in accordance with this Privacy Policy.

4.1.1 Third-Party Access

Some components or features of our Service may include additional privacy notices, such as an optional feature that uses your personal information in a unique way. The language of those terms and privacy notices supplement this Privacy Policy.

You may follow links contained in our Service or provided to you by other users to third-party websites or products not operated by us. This Privacy Policy does not apply to third-party websites or products. We strongly suggest you review their privacy policies to understand how your personal information is used and stored by those third parties.

4.2 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

4.4 With Your Consent

We may share your information with third parties when we have your consent to do so.

We have implemented comprehensive technical and organizational measures to protect the security and confidentiality of your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to protect your information, we cannot guarantee its absolute security.

Our security practices include:

5.1 Enterprise-Grade Encryption

• Transport Layer Security (TLS) for all communications between users and our systems
• Advanced Encryption Standard (AES) encryption for stored information
• Encrypted WebSocket technology for data connections with frequently-rotated access credentials

5.2 Access Controls

• Multi-factor authentication for system access
• Role-based permissions limiting access to authorized personnel only
• Detailed access logs of all system interactions
• Regular security audits and compliance verification

5.3 Infrastructure Security

• Data hosting on Amazon Web Services (AWS), providing enterprise-grade security infrastructure
• Regular security assessments and penetration testing
• Robust security incident response procedures
• Regular security training for our staff

5.4 Compliance and Certification

• Compliance with applicable data protection regulations
• SOC 2 certification process to validate our security controls (in progress)
• Regular third-party security assessments

If you have an account with us and you suspect unauthorized use of your account or its credentials, you should contact us immediately using the contact information provided in Section 10.

6.1 Access and Update

You can access and update certain personal information through your account settings or by contacting us directly.

6.2 Communication Preferences

You can opt out of receiving marketing communications from us by following the unsubscribe instructions included in each email or by updating your communication preferences in your account settings.

6.3 Cookie Preferences

You can set your browser to refuse all or some browser cookies or to alert you when cookies are being sent. Please note that some parts of our website may become inaccessible or not function properly if you disable cookies.

6.4 Do Not Track

We do not currently respond to "Do Not Track" signals as there is no common industry standard for compliance.

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA). For more information, please visit our California Privacy Rights page at www.augmend.com/california-privacy.

AugMend Health recognizes that our VR software application may be used in healthcare and research settings where protected health information (PHI) may be processed. This supplementary notice explains our additional privacy protections for such data.

13.1 HIPAA Compliance

AugMend Health is fully HIPAA-compliant for applicable healthcare-related services. When our services are used in a healthcare context, we function as a Business Associate and maintain appropriate Business Associate Agreements (BAAs) with covered entities as required by law.

13.2 Enhanced Data Protection Measures

For healthcare and research applications, we implement additional protections:

• Automatic De-identification: Before storage, all session transcripts undergo automatic de-identification using natural language processing tools that recognize and replace personally identifiable information such as names, dates, and locations with generic labels (e.g., [Name_1]).
• Data Isolation: Healthcare and research data remains completely isolated from our other operations through technical separation measures. De-identified data collected for research purposes remains within the approved research scope and will not be repurposed for commercial applications outside the specified context.
• Healthcare-Grade Security: In addition to our standard security measures, healthcare data benefits from additional protections including enterprise-grade AWS infrastructure with specialized healthcare security configurations.
• Enhanced Audit Controls: We maintain detailed access logs for all healthcare data, enabling regular security audits and compliance verification.
• Specialized Data Retention: Healthcare data retention follows HIPAA guidelines with a minimum six-year retention period unless otherwise specified by the applicable healthcare institution or research protocol.

13.3 AI Processing in Healthcare Contexts

When our VR application processes healthcare conversations using AI:

• We implement zero data retention policies with our AI providers where data exists only temporarily to serve the request
• Audio processed for speech-to-text is deleted immediately after transcription
• We maintain strict data minimization principles, collecting only information necessary for the authorized healthcare or research purpose
• All data transmissions use multiple layers of encryption
• User conversations are processed through secure channels with appropriate access controls

13.4 Incident Response

In the unlikely event of a security incident involving healthcare data, AugMend maintains a formal response plan that includes immediate reporting, rapid containment, thorough documentation, and appropriate notifications as required by HIPAA and other applicable regulations.