HIPAA Compliant

Privacy Policy

Your privacy and the security of your health data are our top priorities. Learn how we protect your information.

AES-256
Encryption
SOC 2
Certified
HIPAA
Compliant

Your Data is Protected

Industry-leading security measures to keep your health information safe

HIPAA Compliant

Full compliance with healthcare privacy regulations

End-to-End Encryption

AES-256 encryption for all data at rest and in transit

Access Controls

Role-based access with multi-factor authentication

Regular Audits

SOC 2 Type II certified with annual assessments

Table of Contents

1 Introduction 2 Information We Collect 3 How We Use Information 4 Health Data Protection 5 Information Sharing 6 Data Security 7 Your Rights 8 Contact Us

Introduction

Our commitment to protecting your privacy

NorCemic Inc. ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the SmartCemic QESA Pro device and associated services.

HIPAA Compliance: As a healthcare technology provider, we comply with the Health Insurance Portability and Accountability Act (HIPAA) and implement appropriate safeguards to protect your Protected Health Information (PHI).

By using SmartCemic QESA Pro, you consent to the data practices described in this policy. We encourage you to read this policy carefully and contact us if you have any questions.

Information We Collect

Types of data we gather to provide our services

Personal Information

  • Name, email address, and contact information
  • Date of birth, gender, and demographic information
  • Account credentials and authentication data
  • Payment and billing information

Health Information

  • Biomarker measurements (glucose, ketones, cholesterol, etc.)
  • Skin tone calibration data (Monk Scale)
  • Health history and medication information you provide
  • Measurement timestamps and trends

Technical Information

  • Device identifiers and serial numbers
  • App usage data and feature interactions
  • IP address, browser type, and operating system
  • Error logs and diagnostic information

Data Retention Schedule

Data Type Retention Period
Health Measurements Account + 7 years
Account Information Account + 2 years
Payment Data 7 years (tax)
Technical Logs 90 days

How We Use Information

Purposes for processing your data

We use your information to provide, maintain, and improve our services:

  • Service Delivery: Process biomarker measurements and provide health insights
  • Personalization: Calibrate readings based on your skin tone and personal profile
  • Communication: Send important updates, alerts, and support responses
  • Improvement: Analyze usage patterns to enhance our algorithms and features
  • Safety: Detect and prevent fraud, security threats, and technical issues
  • Compliance: Meet legal, regulatory, and healthcare requirements

Health Data Protection

Special safeguards for your sensitive health information

Your health data receives the highest level of protection:

AES-256 Encryption

All health data encrypted at rest and in transit

TLS 1.3

Secure communication protocols for all data

Access Controls

Role-based access with MFA required

Audit Trails

Complete logging of all data access

Data Isolation

Logically separated from other users

Secure Backups

Encrypted, geographically distributed

We Never Sell Your Health Data. Your biomarker readings and health information are used solely to provide you with our services. We do not sell, rent, or trade your personal health information.

Information Sharing

When and how we may share your data

We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize sharing with healthcare providers or third parties
  • Service Providers: Trusted partners who assist in operating our services (under strict confidentiality agreements)
  • Legal Compliance: When required by law, court order, or government regulation
  • Safety: To protect the rights, safety, or property of our users or others
  • Research: De-identified, aggregated data for medical research (with your consent)

We Never Sell Your Data: NorCemic Inc. does not sell, rent, or trade your personal or health information to third parties for marketing purposes.

Data Security

Comprehensive measures to protect your information

We implement comprehensive security measures to protect your data:

  • SOC 2 Type II: Annual third-party security audits
  • Penetration Testing: Regular security assessments by certified professionals
  • Employee Training: All staff undergo HIPAA and security awareness training
  • Incident Response: 24/7 security monitoring and incident response procedures
  • Backup Systems: Encrypted backups with geographically distributed storage

Your Rights

Control over your personal information

You have the following rights regarding your personal and health information:

Right to Access

Request a copy of all personal data we hold about you

Right to Correction

Request correction of inaccurate or incomplete data

Right to Deletion

Request deletion of your data (subject to legal requirements)

Right to Export

Export your data in JSON, CSV, or FHIR R4 format

To exercise any of these rights, please contact us at admin@norcemic.com. We will respond within 30 days.

Questions About Privacy?

Contact our Privacy Team for any questions or concerns about your data.

Email

admin@norcemic.com

Phone

+1 (480) 675-7832

Location

Phoenix, Arizona, USA