Privacy Policy

1.1 Information You Provide

We may collect information that you voluntarily provide when using the Site, including:

• Account Information: When you authenticate via our login system, we receive your name, email address, and user identifier from the authentication provider.
• AI Concierge Conversations: Messages you send to Jenny, our AI-powered concierge assistant, are stored to maintain conversation history and improve service quality.
• Conversation Ratings: If you rate a response from Jenny (thumbs up/down), that rating is recorded alongside the associated message.
• Voice Input: If you use the voice input feature with Jenny, your audio is transcribed to text for processing. Audio files are temporarily stored during transcription and are not retained after processing.

1.2 Information Collected Automatically

When you access the Site, we may automatically collect certain information, including:

• Usage Data: Pages visited, features used, time spent on pages, and navigation patterns.
• Device Information: Browser type, operating system, device type, and screen resolution.
• Log Data: IP address, access times, referring URLs, and server response codes.
• Cookies and Similar Technologies: Session cookies for authentication and preferences. See Section 5 for details.

We use the information we collect for the following purposes:

• Authentication and Access Control: To verify your identity and provide appropriate access to restricted content based on your role (anonymous visitor, authenticated provider, or administrator).
• AI Concierge Service: To power Jenny's responses, maintain conversation history, and improve the quality and accuracy of AI-generated information about Onyxa Medical products and clinical evidence.
• Site Improvement: To understand how users interact with the Site, identify areas for improvement, and optimize the user experience.
• Content Personalization: To deliver relevant content based on your role and access level.
• Security: To detect, prevent, and address technical issues, unauthorized access, and potential security threats.
• Compliance: To comply with applicable laws, regulations, and legal processes.

Jenny is an AI-powered assistant that provides information about Junera™ technology, clinical evidence, and Onyxa Medical products. The following data practices apply specifically to the AI concierge:

• Conversation Storage: Your messages and Jenny's responses are stored in our database to maintain conversation history and enable you to resume previous conversations.
• Message Processing: Your messages are sent to a large language model (LLM) service for response generation. Messages are processed in real-time and are not used to train the underlying AI model.
• Voice Data: If you use voice input, audio is transcribed using a third-party speech-to-text service (OpenAI Whisper). Audio data is processed transiently and is not stored by the transcription service after processing.
• Text-to-Speech: When you use the voice playback feature, text is sent to ElevenLabs for speech synthesis. ElevenLabs processes the text transiently for audio generation.
• Ratings and Feedback: Message ratings you provide are used to evaluate and improve Jenny's response quality.
• Analytics: Aggregate conversation metrics (message counts, response times, topic frequency) may be analyzed to improve the service. These analytics do not identify individual users.

Important: Jenny is an AI assistant and does not provide medical advice. Do not share protected health information (PHI), patient data, or other sensitive personal information in your conversations with Jenny.

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: We use third-party service providers to operate the Site, including cloud hosting, AI language model services, speech-to-text transcription (OpenAI), and text-to-speech synthesis (ElevenLabs). These providers process data on our behalf and are contractually obligated to protect your information.
• Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
• Protection of Rights: We may disclose information when we believe it is necessary to protect the rights, property, or safety of Onyxa Medical, our users, or others.

The Site uses the following types of cookies and similar technologies:

You can control cookies through your browser settings. Disabling cookies may affect the functionality of certain features, including authentication and the AI concierge.

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (HTTPS/TLS), secure authentication protocols, access controls based on user roles, and regular security assessments.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained for the duration of your account and for a reasonable period thereafter.
• Conversation Data: AI concierge conversations are retained to maintain your conversation history. You may request deletion of your conversation data by contacting us.
• Usage Analytics: Aggregate analytics data is retained indefinitely in anonymized form.
• Log Data: Server logs are retained for up to 90 days for security and troubleshooting purposes.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to certain exceptions.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Opt-Out: Opt out of certain data processing activities, including analytics tracking.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

The Site is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately so we can take appropriate action.

The Site is operated from the United States. If you access the Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Site, you consent to the transfer of your information to the United States.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on the Site with a revised effective date. Your continued use of the Site after any changes constitutes your acceptance of the updated Privacy Policy.

For questions or concerns about this Privacy Policy, or to exercise your data rights, please contact: