Privacy Policy

Last updated January 17, 2025 

INTRODUCTION:
Protecting the privacy of our licensed Organizations, their AuthorizedUsers, their patients, visitors to the Website, and our employees is important to Sway Medical, Inc., (“Sway” or “We” or “Us”). Sway utilizes administrative and technical measures to comply with the Health Insurance Portability andAccountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) regulating the security and privacy of protected health information in the United States. This Privacy Policy outlines our general policy regarding data security and privacy, including the types of information we gather, how we use it and the notice and choice affected individuals have regarding our use of, and their ability to correct, that information. This Privacy Policy applies to all personally identifiable information received by Sway whether in electronic, paper or verbal form from its Customers, Users, and visitors to this Website. 

By visiting or using the www.swaymedical.com website and domain name, any other internally linked web pages, features, content, or any other services We offer from time to time by or in connection therewith(collectively, the "Website"), You acknowledge that you understand, agree, and consent to the practices and policies outlined in this PrivacyPolicy.

 If You are an Authorized User as that term is defined below, you also agree that you have read and understood the terms of the Sway license agreement entered into between Sway and Your Organization (the“License”) and that You further agree to be bound by the terms of that License as if it were fully incorporated herein by reference.  In the event that there is a conflict between the terms of this Privacy Policy and the terms of the License, the terms of theLicense shall control. 

DEFINITIONS:
Protected Health Information (PHI)
: PHI is health information, including demographic information, created or received by Sway which relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual and that identifies or can be used to identify the individual.

Personally Identifiable Information”, “Personal Information”, or“PII” means any data element that: (1) is recorded in any form; (2) is about, or pertains to a specific individual; and (3) can be linked to that individual whether through the information or the collection of the information and other, publicly available, information on the individual. 

Organization means an entity that has licensed SwaySoftware from Sway and uses it to measure balance, cognition, and/or function of a subject. 

Sway Software means the Sway Mobile Application along with any associated media, databases, printed and online documentation.  Sway Software also includes the Website, Sway’s web-based portal, and other computer code which might be developed by Sway for use by Your Organization from time to time. Sway Software also includes all versions, updates, enhancements, extensions and corrections to each of the foregoing. 

Sway Mobile Application means the Sway software application that runs on a hand-held mobile device such as a smart phone or tablet computer and collects PHI from a subject selected by an Organization. 

Authorized User means an individual, employee, agent, contractor, service provider, or other related party of an Organization who has been trained in the use of the Sway Software and operates it to collect PHI from subjects with the permission of the Organization.

INFORMATION COVERED BY THIS PRIVACY POLICY
This Privacy Policy covers our treatment of Personal Information that we gather whenYou are accessing or using our Website or that is transmitted to us by AuthorizedUsers of the Sway Software. This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

Sway does not knowingly collect or solicit Personal Information from anyone under the age of 13 or knowingly allow such persons to register as a User. If you are under 13 and have not provided permission to the Organization administering the Sway Software, please do not attempt to register to use the Sway Software or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 may provide any personal information to Sway without providing consent to the Organization. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13 without parental consent, please contact us at privacy@swaymedical.com with the email subject line “CHILD DATA REMOVAL REQUEST”.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

This Privacy Policy does not address the privacy practices of Sway’s licensed Organizations or Authorized Users, on whose behalf we act as an independent contractor and recipient of subject PHI and PII data collected by an Authorized User and transmitted to Sway by theSway Software. We have no control over the Organizations’ Authorized Users or any other entities privacy practices.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services. You are advised to review the privacy policies the other websites you visit to understand such website operators’ practices, and direct any questions or concerns that you have to the appropriate website operator contact.

Cookies
“Cookies” are small files that contain information that might include a unique identification number or value, which are stored on Your computer's hard drive as a result of You accessing our Website. Unless You have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as You visit our Website.  Cookies We transfer to Your computer through your browser allow Us to recognize Your browser and tell Us how and when pages in Our site are visited and by how many people. In this way, unless You deactivate or delete the cookies We set, You will be recognized each time you return to the Website.  You may be able to change the preferences on Your browser to prevent or limit your computer’s acceptance of cookies, but this may prevent You from taking full advantage of our Website’s features.  
 
A cookie can be a “persistent” or “session” cookie. 

A “persistent” cookie will remain for a period of time set for that cookie or until it is deleted by you. A “session-based” cookie is allocated only for the duration of your visit to our website and automatically expires when you closedown your browser. We use both Session and Persistent Cookies  and other Tracking Technologies for the purposes set out below: 
CookiesPolicy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

FunctionalityCookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use theWebsite. 

Pixels and Web Beacons
Type: Tracking Technologies
Administered by: Us
Purpose: Tracking technologies such as pixels or web beacons may be used to improve our Website and digital content. Pixels are small electronic files that allow Us to understand how users interact with Our digital content, such as tracking page visits, ad performance, or email engagement. These technologies may also enable third-party service providers to deliver targeted advertisements or analyze website traffic. By using our Website, You consent to the use of such tracking technologies as described in this policy. You can manage Your preferences or opt-out through Your browser settings or third-party opt-out tools. 
Use of Your Personal Information
Sway may use Personal Information for the following purposes:
To provide and maintain our Service, including to monitor the usage of our Website.
To manage Your Account if You are a Registered User. The Personal Information You provide can give You access to different functionalities of the Website and theSway Software that are available to You as a registered user.
To personalize and improve our services to You:  to allow You to set up a user account and profile, to fulfill your requests for certain services, to analyze how You utilize the Website, and as otherwise set forth in this PrivacyPolicy.
For the performance of a contract: to allow you access to the products, items, or services You or your Organization have licensed.
To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
To manage Your requests: To attend and manage Your requests to Us.
For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Us about our Service users is among the assets transferred.
For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.


Retention of Your Personal Information

Sway will retain Your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We may also keep a record of your past transactions with Sway.  We will retain and use Your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. 

Sway will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Information
Your information, including Personal Information, is processed at Sway’s operating offices and in any other places where the parties involved in the processing are located. This means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction. 

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer. 

Sway will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information. 

Delete Your Personal Information
You have the right to delete or request that We assist in deleting the Personal Information thatWe have collected about You. 

Our Service may give You the ability to delete certain information about You from within the Service. 

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. If You are unable to update, amend, or delete your data within the system, contact your system administrator to request these changes. If you are unable to contact your system administrator, You may contact to facilitate access to, corrections, or deletion of any personal information that You have provided. 

In order to request access to, correct, or delete any personal information that You have provided to US, send email to privacy@swaymedical.com with the email subject line “DATA ACCESS REQUEST”.

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so and changes to any data may require authorization from your system administrator. 

SECURITY OF YOUR PERSONAL INFORMATION

We take commercially reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of all of our data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store personal data. 

We take special precautions to protect your information, including your PersonalInformation. When you submit sensitive information via the website, your information is protected both online and offline.  Wherever we collect sensitive information (such as PHI) via the Website or Sway Software, that information is encrypted and transmitted to us in a secure way.  

Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The servers in which we store personally identifiable information are kept in a secure environment and accounts that that have access to such information are protected by passwords and utilizable only by employees with whose job description requires it.  

All information gathered on our Website is securely stored within our controlled databases. The databases are stored on servers secured behind a firewall; access to the servers is password-protected and is strictly limited. However, as effective as our security measures are, no security system is impenetrable.In spite of our best commercial efforts, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By accessing our website and using our service, you acknowledge that you understand and agree to assume these risks.  However, we believe that our security measures are consistent with or exceed industry norms for this sort of business. 

Your account is protected by a password for your privacy and security. You need to prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your account.  

Finally, we cannot guarantee that information you send to us will not be intercepted while being transmitted to us over the Internet.

Disclosure of Your Personal Information

BusinessTransactions
If Sway is involved in a merger, acquisition or asset sale, Your Personal Information maybe transferred. We will provide notice before Your Personal Information is transferred and becomes subject to a different Privacy Policy.

Law enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements
The Company may disclose Your Personal Information in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Company
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of Users of theService or the public
- Protect against legal liability

Security of Your Personal InformationThe security of Your Personal Information is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure.While We strive to use commercially acceptable means to protect Your Personal Information,We cannot guarantee its absolute security. 

Security Standards
Our products support patient privacy and provider security through the following product features: SSL Encryption System-User Identifiers MultipleUser Access Levels Data Access Tracking/ Alerts Secure Data Storage Compliant with SOC2 Type II standards. As part of our commitment to product security and customer service, Sway supplies our customers with information to help assess and address the vulnerabilities and risks associated with products that maintain or transmit ePHI. Specifically, Sway is using the ManufacturerDisclosure Statement for Medical Device Security (MDS2) to provideHIPAA-related security information about its products. Access Sway MDS2form here. 

Changes to this Privacy Policy
We may updateOur Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. The Last Updated data above will reflect the date of the most recent change to this Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.  You are bound by any changes in the PrivacyPolicy when you use the Website after such changes have been first posted.

CONCERNS ABOUT THIS POLICY

Any complaints, concerns, or questions with regards to the content, interpretation, or breach of the terms of this PrivacyPolicy should be immediately directed to privacy@swaymedical.com with the email subject “PRIVACY POLICY CONCERN”.

If you feel that we are not abiding by thisPrivacy Policy you should immediately contact us via telephone at 855-SWAY-MED (855-792-9633) Option 2 (or via email at privacy@swaymedical.com with the email subject “PRIVACY POLICY ISSUE” 

CONTACT INFORMATION:

Questions, comments or complaints regarding the Sway Privacy and SecurityPolicy or data collection and processing practices can be mailed or emailed to:Sway Medical, Inc.

Attn: Security and Privacy Officer
32 S. Lewis Ave. Tulsa, Ok 74104 
USA 

Or sent via email to
privacy@swaymedical.com
with the subject line “Attention Security and Privacy Officer”.