NEUROPACE® nSIGHT Platform
Last Revision: June 29, 2023
More specifically, this policy describes the types of information we may collect from you or that you may provide when you sign on with your account to use the website nsight.neuropace.com (our “website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
- On nsight.neuropace.com.
- In any email or other electronic message (such as a text) between us and you regarding the website.
It does not apply to information collected by:
- NeuroPace off-line or through any other means, including as a result of your use of an account on the Patient Data Management System (PDMS) component of the NeuroPace® RNS® System, your use of neuropace.com, or any other website operated by NeuroPace or any third party; or
- Any third party, including any third party that is a source of information for the information you can access on this website (e.g., a patient’s seizure diary/log entries) with whom you may have a relationship independent of your relationship with NeuroPace.
Residents of the European Union
NeuroPace does not currently maintain that it complies with the General Data Protection Regulation (GDPR) with respect to “personal data” (as the term “personal data” is defined by that regulation). If you are a subject of the European Union that the GDPR protects (for example, a resident of a country in the EU), do not use this website.
Information We Collect About You and How We Collect It
We either have or collect certain information about you as a user of nSight.neuropace.com, including information:
- That we have about you because you have an account on the PDMS and by which you may be personally identified, such as your name, the institution or epilepsy center with which you are affiliated and the address and telephone number for you at that institution or epilepsy center, one or more email addresses (“personal information”);
- That is about you but does not identify you individually (for example, that you are an RNS® Clinician using nSight.neuropace.com from the southwest and/or you are treating patients with temporal lobe epilepsy) but not that you are Dr. Jones; and/or
- About your internet connection (for example, when you use the website, your internet protocol (IP) address when doing so); as well as the equipment you use to access the website, and details about how often you use it and how you interact with any interactive features (e.g., generating reports) while you are using it.
We may collect this information:
- Directly from you when you provide it to us, for example, when you sign up for a PDMS account; and
- Automatically as you navigate through the site. Information collected automatically may include usage details, and IP addresses.
Information You Provide to Us.
The information we collect on or as a result of your use of our website may include:
- Records and copies of any correspondence (including emails and texts), if you contact us.
- Details of transactions (such as viewing screens or generating reports) that you carry out when interacting.
Other than instructions as to which screens to view or which reports to select, nSight.neuropace.com is not currently configured to accept contributions from you (e.g., feedback, survey responses) that would be posted on the website or transmitted through the website to us or to any third parties.
Information We Collect Through Automatic Data Collection Technologies.
As you navigate through and interact with our website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our website, including web logs and other communication data and the resources that you access and use on nSight.neuropace.com.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties (for example, Seizure Tracker™, the app patients can use to log their seizures and share the information with their physicians, caregivers, and other third parties). The information we collect automatically helps us to improve our website and to deliver a better and more personalized service, including by enabling us to:
- Estimate how many users we have as well as usage patterns.
- Store information about your preferences, allowing us to customize our website according to your individual interests.
- Speed up your use of the Services NeuroPace makes available via nSight.neuropace.com.
- Recognize you when you return to our website.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
- To present our nSight.neuropace.com and its contents to you.
- To provide you with information, products, or services that you request from us.
- To fulfill any other purpose for which you provide it.
- To provide you with notices about your registration for the website, including expiration (termination of your account on the PDMS may result in cancellation of your registration to use NSight.neuropace.com).
- To notify you about changes to nSight.neuropace.com (such as new features of the website when those features are introduced), or any products or services we offer or provide though the website.
- To allow you to participate in interactive features on the website.
- In any other way we may describe to you at the time you provide the information.
- For any other purpose with your consent.
Disclosure of Your Information
We may disclose aggregated information about our users and information that does not identify you as an individual (e.g., as Dr. Jones) without restriction.
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of NeuroPace, Inc.’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by NeuroPace, Inc. about our website users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate in order to protect the rights, property, or safety of NeuroPace, Inc., our customers, patients, or others.
Choices About How We Use and Disclose Your Information
We do not sell your information to third parties or otherwise disclose it to any third party so that the third party can target marketing or other advertising to you. You can choose not to allow us to continue to use and disclose your information as described herein by choosing not to use the website. You can advise us that you want us to cancel your registration to use this website by contacting us at email@example.com or 1.866.726.3876.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us either directly as a result of your use of the website, indirectly because we have certain information in your profile for your PDMS account, or indirectly based on how you interactive with the website (for example, which reports you ask to view for which patients) is stored on our secure servers behind firewalls. Any data at rest and data in transit associated with your interactions with the nSight Platform are and will be encrypted.
The safety and security of your information also depends on you. This website requires login credentials that are unique to the individual for access, and you are responsible for keeping your username and password confidential and not sharing those credentials with any other person.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained or provided on website.
Note: The data made available to you via the website may include the individually identifiable health information of patients. Once we make this information available to you, you assume complete responsibility for how it is used or further disclosed thereafter, including but not limited to ensuring any uses or further disclosures you make of it are consistent and in compliance with the requirements of any and all applicable federal and state laws (for example, HIPAA and the state privacy laws).
NeuroPace Privacy Notice for California Residents (“CCPA Notice”)
Effective Date: June 29, 2023
This CCPA Notice for California Residents supplements the above information and applies solely to registered users who reside in the State of California (hereinafter “California residents” or “you”). We adopt this CCPA Notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this CCPA Notice.
The nSight Platform website collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (hereinafter “personal information”).
In particular, by reason of your use of the website we may have or may have collected from you the following categories of personal information over the last 12 months either directly from you or indirectly from you (for example, by observing your actions on our website):
|A. Identifiers||Any information you provided to NeuroPace when NeuroPace gave you an account on the RNS® System PDMS (“Patient Data Management System”), such as, your name, the username and password you choose or we assign in connection with your registration for the website; one or more email addresses (e.g., a primary and secondary email addresses); the institution or epilepsy center with which you are affiliated or employed; a telephone number for you|
|F. Internet or other similar network activity||information about your use of the nSight Platform, such as how often you use the website and which reports you view or select and for which patients|
Use of Personal Information
We may use or disclose the personal information we have or collect for one or more of the following purposes:
- To fulfill or meet the purpose you provided the personal information. For example (1) so we can identify you as the person who is using the website to view reports for a patient or patients; or (2) so we can respond to your inquiry about how we are using your information.
- To maintain your registration for/account on the website
- To process your requests, such as to select reports you request
- To provide you with technical support in connection with your use of the website
- For research and product development, including to develop and improve our website and other services and products
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations
- As described to you when collecting your personal information or as otherwise set forth in the CCPA
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which personal information held by us about this website or otherwise about the clinician users of the RNS System is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you with notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose. When we disclosure personal information for a business purpose, we enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not to use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales. Currently, we share your personal information with following categories of third parties: None.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, NeuroPace has not disclosed your personal information for a business purpose.
Sales of Personal Information
In the preceding twelve (12) months, NeuroPace has not sold any personal information about you.
Your Rights and Choices
The CCPA provides consumers who are California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you
- The categories of sources for the personal information we collected about you
- Our business or commercial purpose for collecting that personal information
- The categories of third parties with whom we share that personal information
- The specific pieces of personal information we collected about you (also called a data portability request)
- If we disclosed your personal information for a business purpose, a list identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers, if any, to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers, if any, to:
- Complete a transaction for which we collected the personal information, provide a service or good that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug services and products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us either by:
- Emailing us at firstname.lastname@example.org
- Calling us at 1.866.726.3876
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include: your valid document(s) that identify you as a resident of California.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or your authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance, specifically, PDF files.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services
- Charge you different prices or rates for services or goods, including through granting discounts or other benefits, or imposing penalties
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for services or goods or a different level or quality of services or goods.
Changes to Our Privacy Notice
We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this CCPA Notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.
If you have any questions or comments about this notice, the ways in which NeuroPace collects and uses your information described here, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at: