1. Overview

Aortic Sciences is committed to protecting the privacy of Authorized Users and their patients. This Privacy Policy describes how we collect, use, store, and protect information submitted through the Platform.

2. De-Identified Data Only

The Platform is designed to operate exclusively with de-identified patient data. Authorized Users are strictly prohibited from entering any Protected Health Information ("PHI") as defined under HIPAA, including but not limited to:

• Patient names, dates of birth, Social Security numbers, or other direct identifiers;
• Medical record numbers, health plan beneficiary numbers, or account numbers;
• Geographic subdivisions smaller than state;
• Any other identifier that could be used to identify an individual patient.

By using the Platform, you represent and warrant that all data entered has been de-identified in accordance with 45 C.F.R. § 164.514(b) (HIPAA Safe Harbor method) or an equivalent standard.

3. Information We Collect

We collect and store the following categories of information:

• Account information: name, professional credentials, email address, hospital or institutional affiliation, and specialty for Authorized Users;
• De-identified clinical parameters: aortic measurements, patient demographics (age, sex, height), risk factors, and calculated outputs — all without any direct patient identifiers;
• Usage data: login timestamps, device information, and report generation activity for audit and security purposes.

4. How We Use Your Information

Information collected through the Platform is used solely for the following purposes:

• Providing and operating the Platform for licensed clinical consultations;
• Maintaining audit logs for quality assurance and compliance;
• Improving the Platform's functionality and user experience;
• Communicating with Authorized Users regarding their accounts;
• Anonymized, aggregate analysis of de-identified clinical data for research and methodology improvement — no individual patient can be identified from such analysis.

5. Data Security

Aortic Sciences implements commercially reasonable technical and organizational security measures to protect your information against unauthorized access, disclosure, alteration, or destruction. These measures include encrypted data transmission (TLS), access controls, and audit logging.

No method of electronic transmission or storage is 100% secure. You acknowledge that your use of the Platform involves inherent security risks.

6. Data Retention

We retain de-identified clinical report data and account information for as long as your account remains active and as necessary to provide our services. You may request deletion of your account and associated data by contacting us at the address below.

7. Geographic Scope

This Platform is currently intended for use within the United States only. Users outside the United States access it at their own risk. We make no representation that this Privacy Policy complies with the laws of any jurisdiction outside the United States, including but not limited to the European Union General Data Protection Regulation (GDPR).

8. Contact

For questions regarding this Privacy Policy, please contact:

Aortic Sciences
Email: legal@aorticsciences.com
Website: www.aorticsciences.com