Last Updated: 18 December, 2020
Butterfly Network Inc. (“Butterfly”, “we”, “us” or “our”) takes the privacy and the security of its users' data (like you) very seriously. This Privacy Notice ("Notice") explains who we are, how we collect, use and share personal information about you and how you can exercise your privacy rights.
PROCESSING ACTIVITIES COVERED
This Notice applies (unless a different Notice is displayed) to the processing of personal information collected by us in the usual course of business, including when you:
"You" may, depending on the context, be: a visitor to one of our Sites, offices or social media pages; a recipient of our communications; a patient whose personal information is being hosted in our Services; or a Service User of one or more of our Services.
This Notice does not apply to the personal information that we process as data processors on behalf of our customers in the course of providing our Services.
WHO WE ARE
We are Butterfly Network, a company headquartered in the United States. In support of our mission to democratize healthcare by making medical imaging accessible to everyone around the world, we have developed and provide a whole-body portable ultrasound scanner (the iQ Device) and related hosted, on demand Web-based application, application programming interfaces and platform services, which we offer to physicians or other licensed health care providers (our "customers"). You can find out more about us and our Services here.
If you are resident in the European Economic Area ("EEA"), UK or Switzerland, the controller of your personal information that we process for the purposes described in this Notice is Butterfly Network, Inc.
WHAT PERSONAL INFORMATION DO WE COLLECT?
The information we collect depends on the context of your interactions with Butterfly and the choices you make (including your privacy settings), the products and features you use, your location and applicable law.
In general, our Services are intended for use by Service Users. As a result, for much of the personal information (including patient personal information) we collect and process through the Services, we act as a data processor. This means, it is primarily our Service Users that control what personal information we collect through the Services and how we use it. Therefore, if you are a patient of one of our Service Users, and have privacy related questions or concerns about the privacy practices of or the choices the relevant Service User has made to share your information with us or any other third party, you should contact the relevant Service User or review their or (where applicable) their organizations' privacy notices.
Butterfly is not responsible for the privacy or security practices of its Service Users, which may differ from those set out in this Notice.
Information you provide to us:
If you are a Service User you (or your team administrator) may provide certain personal information to us through the Services - for example, when you sign up for a Butterfly account to access and use the Services, when you consult with customer support or send us an email or communicate with us in any way (for example, to make a support request).
The personal information we collect may include:
If you ever communicate directly with us, we will maintain a record of those communications and responses.
Information we collect automatically:
When you use or interact with the Services, we automatically collect or receive certain information through our Services (for example in log files) and through other technologies (such as cookies) about your device and usage of the Services. In some (but not all) countries, including countries in the European Economic Area ("EEA"), UK and Switzerland, this information is considered 'personal data' under data protection laws. For further information please review the section "Cookies and Similar Technologies" below.
The information we collect includes:
This information is used to:
Some of the data automatically collected within the Services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this data is primarily used for the purposes of identifying the uniqueness of Service User logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the Services to our customers (where we act as a data processor).
Information we process about our Service Users' patients: We process certain personal information about our Service Users patients on behalf of our Service Users (where we act as a data processor). This personal information includes:
As described above, in most cases, we only process patient personal information on behalf of and as instructed by our Service Users (the data controllers of the personal information).
However, where permitted by the relevant Service User and applicable law, we may leverage certain patient data collected through the operation of the Services for our internal research and development purposes to develop and improve our Services (for which we will be a data controller). For these purposes, we only use patient personal information in a de-identified form that does not specifically identify any particular patient (for example, by reference to their name or other identification data). For example, we may leverage de-identified patient data to train our models and algorithms to better interpret the ultrasound images captured from Butterfly devices, to make more consistent measurements and therefore to improve the functionality of our Services and diagnostic outcomes. To the extent the de-identified patient data is considered personal information under applicable privacy and data protection law, we will ensure that such data is processed in compliance with such privacy and data protection laws (including seeking patient consent where legally required). Please review our Patient Privacy Notice for further information.
Cookies and Similar Technologies (Services)
Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. The Services may make use of first or third party cookies (whether session or persistent cookies) and similar technologies, for such things as session management, account access/ authentication, to recognize returning Service Users, for storing and honoring Service User's preferences and settings, combating fraud, maintaining and monitoring the infrastructure of the Services, ensuring security protections, analyzing how our Services perform and other analytics purposes, and fulfilling other legitimate purposes as further described in this Notice (such as fixing issues with and improving our Services and related Service User experience). We also use analytics cookies to better understand how our Services are being used by tracking how you interact with the Services and where you click.
(B) Marketing Activities
Information you provide to us:
Our Site offers various ways to contact us, such as through form submissions, email or phone, to inquire about our company and Services. For example, when expressing an interest in obtaining information about us or our Services, subscribing to marketing or otherwise contacting us, we will collect personal information from you. We may also collect information from you in person at a tradeshow or event or via a phone call with one of our sales representatives or if you visit our offices (where you may be required register as a visitor and provide us with certain information).
The personal information we collect may include:
Personal information may also be provided to us on your behalf by another Service User (such as the ultimate customer). If you ever communicate directly with us, we will maintain a record of those communications and responses.
Information we collect automatically:
The information we collect may include:
Device data - such as your IP address, your operating system, your browser, device information, unique device identifiers, mobile network information, request information (speed, frequency, the site from which you linked to us (“referring page”), the name of the website you choose to visit immediately after ours (called the “exit page”), information about other websites you have recently visited and the web browser used (software used to browse the internet) including its type and language); and
Usage data – such as information about how you interact with our emails, Sites and other websites (such as the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage).
Information we collect from other sources: In order to enhance our ability to provide relevant marketing, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, as well as from other third parties. This information may include mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, social media URLs and custom profiles, for purposes of targeted advertising, event promotion and optimizing our Sites, Services and Marketing Activities.
Cookies and Similar Technologies (Marketing Activities)
HOW DO WE USE YOUR INFORMATION?
We use and process the personal information we collect receive (alone or in combination) for the purposes and on the legal bases identified below:
Where we need to collect and process personal information by law, or under a contract we have entered into with you, and you fail to provide the required personal information when requested, we may not be able to perform our contract with you.
SOCIAL MEDIA FEATURES
Our Sites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks and you click through to these from our website, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile. Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.
COLLECTION OF PERSONAL INFORMATION BY THIRD PARTIES
Some links on our Sites and in our Services may redirect you to third party resources, including websites and services that Butterfly does not operate. The privacy practices of these websites and services will be governed by their own policies.
In addition, our Sites use Google Maps features and content, such as the Place Autocomplete service which automatically populates your billing and/or shipping address if you order the iQ Device through our Sites. Further information on how Google uses your information collected through Google maps features and content can be found at https://policies.google.com/privacy.
WHO DO WE SHARE YOUR INFORMATION WITH?
We do not sell or share your personal information with third parties except as outlined below. We may disclose your personal information to the following categories of recipients:
INTERNATIONAL DATA TRANSFERS
The Sites and Services are provided and hosted in the United States. If you are using the Sites or Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by Butterfly Network in our facilities and by those third parties with whom we may share your personal information, in the United States, Australia, Canada, European Union and other locations where we have offices. These countries may have data protection laws that are different to the laws of your country. Regardless of where your data is located, we:(a) treat all personal information in accordance with applicable law; and (b) take reasonable steps to ensure the security of personal information.
If you are resident in or a visitor from the EEA, UK or Switzerland, we will protect your personal information when it is transferred outside of the EEA, UK or Switzerland by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or otherwise implementing appropriate safeguards to protect your personal information, including through the use of Standard Contractual Clauses, complying with the Privacy Shield Framework for transfers of personal information from EEA, UK and Switzerland to US (see below) or another lawful transfer mechanism approved by the European Commission.
If you require further information about our international transfers of personal information, please contact us using the contract details in the “Contact Information” section further below.
Butterfly Network, Inc. has certified its compliance with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce with respect to personal information concerning individuals from the EEA, UK and Switzerland. Please see our Privacy Shield Notice to learn more.
If there is any conflict between the terms in this Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.
YOUR PRIVACY RIGHTS
Where we are acting as a data controller, and depending on your location and subject to applicable law, you may have the following rights with regard to the personal information we control about you.
CALIFORNIA PRIVACY RIGHTS
If you are resident in California, please refer to our California Consumer Privacy Act Notice (“CCPA Notice”) [link] for information about how we use your personal information and about your California privacy rights.
HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We retain your personal information where we have an ongoing legitimate business need to do so and for a period of time consistent with the original purpose as described in this Notice. We determine the appropriate retention period for personal information on the basis of the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information.
You must have reached the age of majority to register as a member of or be permitted use of the Site or Services. Any information we receive from people we believe to be under this age will be purged from our database. We do not knowingly collect personal information from children under the age of 13 or have any reasonable grounds to believe that children under the age of 13 are accessing our Website or using our Service.
If you believe that a child under 13 may have provided us personal information, please contact us at firstname.lastname@example.org.
SECURITY OF THE SITE AND SERVICES
We take the security of your personal information very seriously. We use reasonable and appropriate administrative, physical, and technical safeguards to secure the personal information we process. Despite these safeguards and our additional efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third-parties will not be able to defeat our security, and improperly collect, access, steal, or modify your Personal Information.
The security of your use of any Butterfly App relies on your protection of your mobile device. You may not share your instance of the mobile application with anyone. If you believe that an unauthorized access to your instance of the mobile application has occurred please report it immediately at email@example.com. You must promptly notify us if you become aware that any information provided by or submitted to the mobile application is lost, stolen, or used without permission.
If you are a Service User, the security of the user profile you create to interact with the Services relies on your protection of your login credentials. You are responsible for maintaining the security of your login credentials, including your password and for any and all activities that occur under your account. You may not share your password with anyone. We will never ask you to send your password or other sensitive information to us in an email, though we may ask you to enter this type of information on a Butterfly website, or mobile application interface.
Any email or other communication purporting to be from us requesting your password or asking you to provide sensitive account information via email, should be treated as unauthorized and suspicious and should be reported to us immediately by emailing firstname.lastname@example.org. If you believe someone else has obtained access to your password, please change it immediately and report it immediately by emailing email@example.com.
WILL WE CHANGE THIS PRIVACY NOTICE?
Each time you use our Site or Services, the current version of the Notice will apply. When you use our Site or any of our Services, you should check the date of this Notice (which appears at the top of this Notice) and review any changes since the last version.
If we make material changes to this Notice, we will notify you either by prominently posting a notice of such changes prior to implementing the changes or by directly sending you a notification. We encourage you to review this Notice frequently to be informed of how Butterfly is protecting your information.
This Notice is accessible within our App under My Account Settings -> Privacy Notice and available at https://www.butterflynetwork.com/privacy-policy.
To contact us with your questions or comments regarding this Notice or the information collection and dissemination practices of this website, please email us at firstname.lastname@example.org. Alternatively, you can contact us in writing at: 530 Old Whitfield St, Guilford, CT 06437 ATT: Data Protection Officer.