1. Data We Collect

• Personal Health Information (PHI): Information provided by your clinician or entered by you, such as name, age, symptom self-assessments, and raw EEG data files.
• Usage Data: Information about how you interact with our platform (login times, assessment duration).

2. How We Use Your Information (The "Treatment" Purpose)

We use PHI solely to provide the Cogniscan Service to your healthcare provider. This includes analyzing your EEG and assessment data to generate clinical reports. We process this data under the strict requirements of HIPAA and our Business Associate Agreement (BAA) with your provider.

3. Research and Artificial Intelligence

• De-Identification: We may create de-identified data sets by removing all direct identifiers (such as your name, date of birth, and IP address) from your PHI in accordance with the HIPAA Safe Harbor method or Expert Determination method.
• Use of De-Identified Data: Once data is de-identified, it is no longer considered PHI. Cogniscan retains the right to use, reproduce, sell, and analyze this de-identified data for any business purpose, including but not limited to:
  • Publishing aggregate public health trends.
  • Training, validating, and improving our artificial intelligence and machine learning models (e.g., refining diagnostic algorithms).
  • Internal research and development of new diagnostic tools.

4. Data Security

We utilize industry-standard encryption (AES-256) for data at rest and in transit. Our infrastructure is hosted on Google Cloud Platform, a HIPAA-compliant environment.