This Notice applies (unless a different Notice is displayed) to the processing of personal information collected by us in the usual course of business, including when you:
"You" may, depending on the context, be: a visitor to one of our Sites, offices or social media pages; a recipient of our communications; a patient whose personal information is being hosted in our Services; or a Service User of one or more of our Services.
This Notice does not apply to the personal information that we process as data processors on behalf of our customers in the course of providing our Services.
We are Butterfly Network, a company headquartered in the United States. In support of our mission to democratize healthcare by making medical imaging accessible to everyone around the world, we have developed and provide a Device and related hosted, on demand Web-based application, application programming interfaces and platform services, which we offer to physicians or other authorized providers (our "customers"). You can find out more about us and our Services here.
The information we collect depends on the context of your interactions with Butterfly and the choices you make (including your privacy settings), the products and features you use, your location and applicable law.
In general, our Services are intended for use by Service Users. As a result, for much of the personal information (including patient personal information) we collect and process through the Services, we act as a data processor. This means, it is primarily our Service Users that control what personal information we collect through the Services and how we use it. Therefore, if you are a patient of one of our Service Users, and have privacy related questions or concerns about the privacy practices of or the choices the relevant Service User has made to share your information with us or any other third-party, you should contact the relevant Service User or review their or (where applicable) their organizations' privacy notices.
Butterfly is not responsible for the privacy or security practices of its Service Users, which may differ from those set out in this Notice.
Information you provide to us:
If you are a Service User you (or your team administrator) may provide certain personal information to us through the Services - for example, when you sign up for a Butterfly account to access and use the Services, when you consult with customer support or send us an email or communicate with us in any way (e.g., to make a support request).
The personal information we collect may include:
If you ever communicate directly with us, we will maintain a record of those communications and responses.
Information we collect automatically:
When you use or interact with the Services, we automatically collect or receive certain information through our Services (e.g., in log files) and through other technologies (such as cookies) about your device and usage of the Services. In some (but not all) countries, including countries in the European Economic Area ("EEA"), UK and Switzerland, this information is considered 'personal data' under data protection laws. For further information please review the section "Cookies and Similar Technologies" below.
The information we collect includes:
This information is used to:
Some of the data automatically collected within the Services, whether alone or in conjunction with other data, could be personally identifying. Please note that this data is primarily used for identifying the uniqueness of Service User logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the Services to our customers (where we act as a data processor).
Information we process about our Service Users' patients: We process certain personal information about our Service Users patients on behalf of our Service Users (where we act as a data processor). This personal information includes:
As described above, in most cases, we only process PHI on behalf of and as instructed by our Service Users (the data controllers of the personal information).
However, where permitted by the relevant Service User and applicable law, we may leverage certain patient data collected through the operation of the Services for our internal research and development purposes to develop and improve our Services (for which we will be a data controller). For these purposes, we only use PHI in a de-identified form that does not specifically identify any particular patient (for example, by reference to their name or other identification data). For example, we may leverage de-identified patient data to train our models and algorithms to improve the functionality of our Services. To the extent the de-identified patient data is considered personal information under applicable privacy and data protection law, we will ensure that such data is processed in compliance with such privacy and data protection laws (including seeking patient consent where legally required). Please review our Patient Privacy Notice for further information.
Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. The Services may make use of first or third-party cookies (whether session or persistent cookies) and similar technologies, for such things as session management, account access/authentication, to recognize returning Service Users, for storing and honoring Service User's preferences and settings, combating fraud, maintaining and monitoring the infrastructure of the Services, ensuring security protections, analyzing how our Services perform and other analytics purposes, and fulfilling other legitimate purposes as further described in this Notice (such as fixing issues with and improving our Services and related Service User experience). We also use analytics cookies to better understand how our Services are being used by tracking how you interact with the Services and where you click.
You can use controls in your internet browser to limit how the websites you visit are able to use cookies and to withdraw your consent by clearing or blocking cookies.
Google Analytics: We use cookies served by Google Analytics to collect limited data directly from end-user browsers to enable us to better understand your use of the Services, including making use of the demographics and interests reports services of Google Analytics. Further information on how Google collects and uses this data can be found here. You can opt-out of all Google supported analytics within the Services by visiting this page.
Hotjar: We use Hotjar in order to better understand our Service End Users needs and to optimize this service and experience. For further details, please see Hotjar’s privacy policy. You can opt-out of all Hotjar supported analytics and data collection within the Services by visiting this page.
Our Site offers various ways to contact us, such as through form submissions, email or phone, to inquire about our company and Services. For example, when expressing an interest in obtaining information about us or our Services, subscribing to marketing or otherwise contacting us, we will collect personal information from you. We may also collect information from you in person at a tradeshow or event or via a phone call with one of our sales representatives or if you visit our offices (where you may be required to register as a visitor and provide us with certain information).
The personal information we collect may include:
Personal information may also be provided to us on your behalf by another Service User (such as the ultimate customer). If you ever communicate directly with us, we will maintain a record of those communications and responses.
When you visit our Sites or interact with our emails, like most websites, we use cookies and similar technologies such as web beacons, tags and JavaScript, alone or in conjunction with cookies, to automatically collect certain technical information from your browser or device. In some countries, including Switzerland and countries in the European Economic Area ("EEA"), this information is considered 'personal data' under data protection laws.
The information we collect may include:
Device data - such as your IP address, your operating system, your browser, device information, unique device identifiers, mobile network information, request information (speed, frequency, the site from which you linked to us (“referring page”), the name of the website you choose to visit immediately after ours (called the “exit page”), information about other websites you have recently visited and the web browser used (software used to browse the internet) including its type and language); and
Usage data – such as information about how you interact with our emails, Sites and other websites (such as the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage).
This information is used to analyze overall trends, to help us provide, improve and personalize our Marketing Activities, Sites and to guarantee their security and continued proper functioning. For further information about our use of cookies and similar tracking technologies in connection with our Marketing Activities please see the section "Cookies and Similar Technologies (Marketing Activities)" below and read our Cookie Notice.
Information we collect from other sources: In order to enhance our ability to provide relevant marketing, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, as well as from other third parties. This information may include mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, social media URLs and custom profiles, for purposes of targeted advertising, event promotion and optimizing our Sites, Services and Marketing Activities.
In connection with our Marketing Activities, Butterfly Network uses cookies and similar technologies such as tags and pixels. For further information about our use of cookies or other similar technologies, your choices regarding the use of cookies, and how you can block certain cookies in connection with our Marketing Activities, please read our Cookie Notice
We use and process the personal information we collect (alone or in combination) for the purposes and on the legal bases identified below:
Where we need to collect and process personal information by law, or under a contract we have entered into with you, and you fail to provide the required personal information when requested, we may not be able to perform our contract with you.
Our Sites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). You may be given the option by such Social Media Features to post information about your activities on a website to a profile page of yours that is provided by a third-party social media network in order to share with others within your network. Social Media Features are either hosted by the respective social media network or hosted directly on our website. To the extent the Social Media Features are hosted by the respective social media networks and you click through to these from our website, the latter may receive information showing that you have visited our website. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile. Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.
Some links on our Sites and in our Services may redirect you to third-party resources, including websites and services that Butterfly does not operate. The privacy practices of these websites and services will be governed by their own policies.
We make no representation or warranty as to the privacy policies of any third parties, including the providers of third-party applications. If you are submitting information to any such third-party through our Sites or Services, you should review and understand that party’s applicable policies, including their privacy policy, before providing your information to the third-party. For example, it is possible that your payment information (such as credit card or debit card information) may be collected and stored by third-party payment vendors.
In addition, our Sites use Google Maps features and content, such as the Place Autocomplete service which automatically populates your billing and/or shipping address if you order the Device through our Sites. Further information on how Google uses your information collected through Google maps features and content can be found at https://policies.google.com/privacy.
We do not sell or share your personal information with third parties except as outlined below. We may disclose your personal information to the following categories of recipients:
The Sites and Services are provided and hosted in the United States. If you are using the Sites or Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by Butterfly Network in our facilities and by those third parties with whom we may share your personal information, in the United States, Australia, Canada, European Union and other locations where we have offices. These countries may have data protection laws that are different to the laws of your country. Regardless of where your data is located, we:(a) treat all personal information in accordance with applicable law; and (b) take reasonable steps to ensure the security of personal information.
If you are resident in or a visitor from the EEA, UK or Switzerland, we will protect your personal information when it is transferred outside of the EEA, UK or Switzerland by processing it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or otherwise implementing appropriate safeguards to protect your personal information, including through the use of Standard Contractual Clauses, or another lawful transfer mechanism approved by the European Commission.
If you require further information about our international transfers of personal information, please contact us using the contract details in the “Contact Information” section further below.
Where we are acting as a data controller, and depending on your location and subject to applicable law, you may have the following rights with regard to the personal information we control about you.
If you are resident in California, please refer to our California Consumer Privacy Act Notice (“CCPA Notice”) here for information about how we use your personal information and about your California privacy rights.
We retain your personal information where we have an ongoing legitimate business need to do so and for a period of time consistent with the original purpose as described in this Notice. We determine the appropriate retention period for personal information on the basis of the amount, nature and sensitivity of your personal information processed, the potential risk of harm from unauthorized use or disclosure of your personal information and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiration of the applicable retention periods, we will either delete or anonymize your personal information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information.
You must have reached the age of majority to register as a member of or be permitted use of the Site or Services. Any information we receive from people we believe to be under this age will be purged from our database. We do not knowingly collect personal information from children under the age of 13 or have any reasonable grounds to believe that children under the age of 13 are accessing our Website or using our Service.
If you believe that a child under 13 may have provided us personal information, please contact us at support@butterflynetwork.com.
We take the security of your personal information very seriously. We use reasonable and appropriate administrative, physical, and technical safeguards to secure the personal information we process. Despite these safeguards and our additional efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third-parties will not be able to defeat our security, and improperly collect, access, steal, or modify your Personal Information.
The security of your use of any Butterfly App relies on your protection of your mobile device. You may not share your instance of the mobile application with anyone. If you believe that an unauthorized access to your instance of the mobile application has occurred please report it immediately by emailing support@butterflynetwork.com. You must promptly notify us if you become aware that any information provided by or submitted to the mobile application is lost, stolen, or used without permission.
If you are a Service User, the security of the user profile you create to interact with the Services relies on your protection of your login credentials. You are responsible for maintaining the security of your login credentials, including your password and for any and all activities that occur under your account. You may not share your password with anyone. We will never ask you to send your password or other sensitive information to us in an email, though we may ask you to enter this type of information on a Butterfly website, or mobile application interface.
Any email or other communication purporting to be from us requesting your password or asking you to provide sensitive account information via email, should be treated as unauthorized and suspicious and should be reported to us immediately by emailing support@butterflynetwork.com. If you believe someone else has obtained access to your password, please change it immediately and report it immediately by emailing support@butterflynetwork.com.
Each time you use our Site or Services, the current version of the Notice will apply. When you use our Site or any of our Services, you should check the date of this Notice (which appears at the top of this Notice) and review any changes since the last version.
If we make material changes to this Notice, we will notify you either by prominently posting a notice of such changes prior to implementing the changes or by directly sending you a notification. We encourage you to review this Notice frequently to be informed of how Butterfly is protecting your information.
This Notice is accessible within our App under My Account Settings -> Privacy Notice and available at https://www.butterflynetwork.com/privacy-policy.
To contact us with your questions or comments regarding this Notice or the information collection and dissemination practices of this website, please email us at support@butterflynetwork.com. Alternatively, you can contact us in writing at: 1600 District Ave, Burlington, MA 01803 ATT: Data Protection Officer.