QUASAR Nexus
Skip to main content

Privacy Policy

Introduction and Scope

QUASAR Nexus LLC ("we," "us," or "our") is committed to protecting the privacy of individuals using our AI-native healthcare solutions platform. This Privacy Policy describes how we collect, use, and safeguard personal data, including patient health information, in compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the U.S. Health Insurance Portability and Accountability Act (HIPAA), and other applicable international data protection laws. It applies to all users of our services globally, including healthcare providers, patients, and other clients, and covers data processed through our AI-driven healthcare platform. Our practices adhere to core data protection principles such as lawfulness, fairness, transparency, purpose limitation, and data minimization. By using QUASAR Nexus, you consent to the practices described in this policy.

Definitions

Personal Data:
Any information relating to an identified or identifiable individual (data subject). This includes identifiers like name, contact details, identification numbers, IP addresses, as well as health and genetic information that can identify a person. Under GDPR, health data is classified as a special category of personal data requiring enhanced protection. Under CCPA, "personal information" includes information that identifies, relates to, or could reasonably be linked with a particular California consumer or household.
Protected Health Information (PHI):
A subset of personal data, PHI refers to individually identifiable health information (e.g. medical records, lab results) that is held or transmitted by a HIPAA-covered entity or its Business Associate, subject to the HIPAA Privacy Rule.
QUASAR Nexus Platform:
Our suite of AI-driven healthcare software and services (including any websites, cloud services, or applications) that processes personal and health data.
User:
Anyone who uses our platform, including healthcare professionals (acting as data controllers for patient data) and patients or data subjects whose information is processed.

Information We Collect

We collect and process personal data only as necessary to provide and improve our AI-native healthcare services, in accordance with data protection law requirements of adequacy and relevance. The types of data we may collect include:

  • Identification and Contact Data: Name, email address, phone number, job title, and organization, used for account creation, authentication, and communication.
  • Health and Medical Data: Patient health records, medical images, test results, treatment histories, symptoms, or other clinical information that our platform analyzes. We treat all such data as PHI under HIPAA when provided by covered healthcare entities, applying strict safeguards.
  • Usage Data: Platform usage logs, device identifiers, IP addresses, and cookies or similar tracking data (where permitted). This helps us secure the platform, detect fraud, and improve user experience. Any cookies or tracking will be used in compliance with ePrivacy requirements and, where required, with user consent (e.g. cookie consent banners in the EU).
  • AI Model Data: When users input data (such as patient information or prompts) for analysis by our AI algorithms, we process that input to generate results (the Output). We may also collect feedback on AI outputs (e.g. corrections or confirmations by users) to improve our algorithms.

We do not knowingly collect personal data from children under 13 (or applicable minimum age in certain jurisdictions) without verifiable parental consent. Our services are intended for use by adult professionals and authorized patients; if you believe a child's data has been provided to us improperly, please contact us and we will promptly delete it.

How We Use Personal Data

We use personal and health data solely for specified, explicit, and legitimate purposes. The primary purposes for which QUASAR Nexus processes data include:

  • Service Delivery: To provide our core healthcare AI services – for example, analyzing patient data to assist in diagnosis or treatment recommendations, or generating predictive health insights. Any AI-powered decision support we provide is subject to professional oversight; we ensure transparency by disclosing when outputs are AI-generated and not human medical advice.
  • Platform Operations: To maintain and secure our platform, including troubleshooting, data analytics, and improvement of algorithms. We implementprivacy-by-design and privacy-by-default practices, meaning we strive to minimize personal data usage and employ techniques like pseudonymization where feasible. For instance, our system may mask direct identifiers when processing health data, and use coded IDs for patients during analysis.
  • Improvement of AI Models: With appropriate legal basis, we may use data (often in aggregated or de-identified form) to train and refine our AI algorithms and machine learning models. For example, we might analyze anonymized patient outcomes data to improve prediction accuracy or bias mitigation in our algorithms. We only use personal health data for such secondary purposes in compliance with applicable laws: under GDPR, we rely on explicit consent or a statutory research exception; under HIPAA, we ensure data is de-identified or use is permitted by a Business Associate Agreement. Users' input data (prompts) may be analyzed to enhance our services, but enterprise customers can opt-out of having their data used for model improvement, consistent with industry practice.
  • Communication and Support: To send service updates, respond to inquiries, provide customer support, and send necessary security or privacy notices. We may also send marketing communications about new features or products only if you have opted-in where required by law. You can unsubscribe from marketing at any time.
  • Compliance and Legal Obligations: To comply with applicable laws, regulations, and court orders, and to enforce our agreements or protect our legal rights. For example, we maintain records of consent and processing activities as required by GDPR, and we may disclose data to authorities if legally compelled (after verifying the request's validity).

We will not use personal data in a manner that is incompatible with these purposes without obtaining additional consent. In particular, we do not sell personal informationas defined under CCPA (we don't disclose personal data to third parties for monetary or other valuable consideration for their own marketing use). If this ever changes, we would implement a "Do Not Sell or Share My Personal Information" opt-out as required.

Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or other regions with similar laws, we process personal data only under a valid legal basis as defined in GDPR Article 6 and, for special categories like health data, Article 9:

  • Explicit Consent: In many cases, especially for processing health information, we obtain your explicit consent (or ensure that our client, such as your healthcare provider, has obtained it). For example, a patient using our platform may provide explicit opt-in consent for our AI to analyze their health data for specific purposes. Such consent can be withdrawn at any time, which we will honor for future processing.
  • Performance of a Contract: We process basic personal data (like account information and any data you input) as necessary to perform our contract with you or the organization you represent. For instance, when a healthcare provider signs up to use QUASAR Nexus, we process patient data they upload as part of delivering the agreed service.
  • Legal Obligation: In some cases, we must process or retain certain data to comply with legal obligations, such as maintaining transaction records for accounting or responding to lawful government requests.
  • Vital Interests: In rare emergency situations involving life or health, we may process personal data to protect someone's vital interests if they are incapable of giving consent (GDPR Art. 6(d) and Art. 9(2)(c)), such as averting an imminent threat to a patient's life.
  • Public Interest in Healthcare: Where applicable, we might process health data for public interest reasons in healthcare or epidemiological research, under GDPR Art. 9(2)(i), but only in strict compliance with local laws and ethical guidelines.
  • Legitimate Interests: We may process data as necessary for our legitimate interests, only if those interests are not overridden by individuals' rights. For example, it's our legitimate interest to use minimal user data to secure our platform (preventing fraud or cyberattacks). When relying on this basis, we perform a balancing test and implement safeguards (like data minimization and encryption) to protect your privacy. We do not use health data under legitimate interests where law requires consent or another specific basis.

User Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data, including the right to access, correct, delete, restrict, or object to our processing of your data, and the right to data portability. You may also have the right to withdraw consent at any time where we rely on your consent to process your data. For more information or to exercise your rights, please contact us at innovate@quasar.nexus.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, resolve disputes, enforce our agreements, and as otherwise permitted by law.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, alteration, or disclosure. These measures include encryption, access controls, regular security assessments, and staff training. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

International Transfers

Your personal data may be transferred to and processed in countries outside of your country of residence, including the United States, where data protection laws may differ. When we transfer personal data internationally, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms, to ensure your data is protected in accordance with applicable law.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and improve our services. Where required by law, we obtain your consent before placing non-essential cookies. You can manage your cookie preferences through your browser settings or our cookie consent banner. For more information, please see our Cookie Policy.

Contact Us

Website:

https://www.quasar.nexus

General Contact Email:

innovate@quasar.nexus

Mailing Address:

QUASAR Nexus LLC

254 Chapman Rd,

Ste 208 #20782,

Newark, Delaware 19702 US

We are committed to resolving any privacy issue promptly and transparently. If you contact us with a privacy-related request or complaint, we will respond as soon as possible – typically within 30 days. If you feel we have not adequately addressed your concern, you have the right to escalate to a supervisory authority as noted above. Thank you for trusting QUASAR Nexus with your healthcare data. We take that responsibility seriously and work every day to maintain your confidence through robust privacy and security protections.

Last Updated: April 27, 2024

Privacy Policy updated April 27, 2024