Skip to main content
Basion

PRIVACY POLICY

Last updated April 2026

This Privacy Notice for March Global Inc (doing business as Basion) (“we,” “us,” or “our”), describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:

  • Visit our website at https://basion.ai or any website of ours that links to this Privacy Notice
  • Engage with us in other related ways, including any marketing or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at service@basion.ai.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Caregivers may also share information about Patients in their care, including health information. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? Yes. The Services involve processing of sensitive personal information including health and genetic information, and information revealing race or ethnic origin, with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.

Do we collect any information from third parties? We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

Do we use your information for advertising? No. We do not use your personal information for advertising, and we do not permit third-party advertising on our Services.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties, including service providers and contractors who help us operate the Services. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Patients (and their authorized representatives) have rights with respect to their information regardless of whether the account is held by a Caregiver. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.

TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  5. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
  6. HOW LONG DO WE KEEP YOUR INFORMATION?
  7. HOW DO WE KEEP YOUR INFORMATION SAFE?
  8. DO WE COLLECT INFORMATION FROM MINORS?
  9. WHAT ARE YOUR PRIVACY RIGHTS?
  10. CONTROLS FOR DO-NOT-TRACK FEATURES
  11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  12. CAREGIVERS AND PATIENT INFORMATION
  13. HEALTH INFORMATION AND HIPAA
  14. INTERNATIONAL SERVICE PROVIDERS AND DATA PROCESSING
  15. DO WE MAKE UPDATES TO THIS NOTICE?
  16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us, including information that Caregivers provide about Patients in their care.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • Names
  • Email addresses
  • Usernames
  • Passwords
  • Contact preferences
  • Patient information that the Caregiver provides on behalf of a Patient, including the Patient’s name, date of birth, diagnoses, symptoms, treatments, healthcare provider information, conversation history with our Services, and other health information

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

  • Health data (of the Caregiver and, more commonly, of the Patient)
  • Genetic data
  • Information revealing race or ethnic origin
  • Information about a Patient’s sex life or sexual orientation, where shared in the course of receiving Services

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
  • Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We do not process your information for advertising or for sale to third parties.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
  • To deliver and facilitate delivery of services to the user. We may process Caregiver and Patient information to provide navigation, educational, and support services on behalf of the Patient.
  • To respond to user inquiries and offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
  • To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.
  • To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
  • To evaluate and improve our Services. We may process your information when we believe it is necessary to identify usage trends and to evaluate and improve our Services and your experience.
  • To comply with our legal obligations. We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.

We do not process your personal information for advertising purposes, and we do not sell your personal information.

3. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information with service providers who help us operate the Services, with AI Service Providers as described below, and in connection with business transfers. We do not sell your personal information.

We may share your personal information in the following situations:

  • Service Providers and Contractors. We may share your personal information with service providers, contractors, and other third parties who perform services on our behalf, including hosting and infrastructure providers, software platforms that support our operations, and engineering and technical support personnel. We require all such service providers and contractors to enter into written agreements that obligate them to protect your information consistent with this Privacy Notice and applicable law, including, where applicable, a Business Associate Agreement that meets the requirements of HIPAA. See Section 14 for additional information about international service providers.
  • AI Service Providers. We share information with AI Service Providers as described in Section 5.
  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • With Your Consent. We may share your personal information with other third parties when you direct us to do so or otherwise consent to the sharing.
  • Legal Obligations. We may disclose your personal information where required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We use cookies and similar tracking technologies for security, basic site functions, and limited analytics on our public marketing pages. We do not use tracking technologies for advertising and do not permit third-party advertising on our Services.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. These technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We do not use online tracking technologies for advertising purposes, and we do not permit third-party advertising on our Services.

Google Analytics

We use Google Analytics on our public marketing pages (such as our homepage, disease library, and blog) to understand how visitors use those pages. We do not run Google Analytics or other third-party tracking on pages where Caregivers access their accounts, manage Patient information, or otherwise interact with health information. To opt out of being tracked by Google Analytics on our public pages, visit https://tools.google.com/dlpage/gaoptout. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.

5. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

In Short: We offer products, features, and tools powered by artificial intelligence and machine learning. We use AI Service Providers under written agreements that protect your information.

As part of our Services, we offer products, features, and tools powered by artificial intelligence, machine learning, or similar technologies (collectively, “AI Products”). These tools are designed to enhance your experience and provide you with insights and navigation support.

Use of AI Technologies

We provide the AI Products through third-party service providers (“AI Service Providers”), including Anthropic and Google Cloud AI. As outlined in this Privacy Notice, your input, output, and personal information will be shared with and processed by these AI Service Providers to enable your use of our AI Products. You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.

Where AI Service Providers process Protected Health Information on our behalf, we require a Business Associate Agreement to be in place that governs such processing consistent with HIPAA. We do not use Protected Health Information to train, fine-tune, evaluate, or improve any artificial intelligence or machine learning model except as expressly permitted by HIPAA, by an applicable Business Associate Agreement, or with the explicit consent of the Caregiver or Patient.

Our AI Products

Our AI Products are designed to provide insights, navigation, and educational support for Caregivers and Patients managing genetic and rare diseases.

6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as your account is active, plus a limited period afterward, and longer where required by law.

We will keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. We retain Caregiver and Patient information for as long as the Caregiver has an active account with us, in order to provide continuity of service and to maintain the longitudinal record that supports the Patient’s care over time.

When a Caregiver requests deletion of their account, we will delete the Caregiver’s personal information and the Patient information in their account within ninety (90) days of the request, except for (a) information we are required to retain by law, and (b) information we have already shared with third parties under appropriate agreements where deletion by those parties is governed by separate retention obligations.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process, including encryption of data in transit and at rest, role-based access controls, and audit logging. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: The Services are designed for use by adult Caregivers, who may share information about Patients in their care, including minor children, where the Caregiver has legal authority to do so.

We do not knowingly allow children under 18 years of age to create accounts or use the Services directly. The Services are designed for use by adult Caregivers, as described in Section 12. A Caregiver may share information about a Patient in their care, including a minor child, where the Caregiver is the parent, legal guardian, or otherwise has legal authority to consent to the processing of the Patient’s information.

We do not market the Services to children. If you become aware that a minor has created an account directly without the involvement of a parent or guardian, please contact us at service@basion.ai and we will deactivate the account and take reasonable measures to promptly delete any information collected from the minor.

9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You may review, change, or terminate your account at any time, depending on your country, province, or state of residence. Patients have rights with respect to their information regardless of whether the account is held by a Caregiver.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below or updating your preferences.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Log in to your account settings and update your user account.
  • Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases as described in Section 6. We may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements.

Patient Rights

A Patient (or the Patient’s authorized legal representative) has the right to request access to, correction of, or deletion of the Patient’s information held in any Caregiver account, regardless of whether the Caregiver is the account holder. Requests may be made by contacting us at service@basion.ai.

Cookies and similar technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

If you have questions or comments about your privacy rights, you may email us at service@basion.ai.

10. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

11. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. More information is provided below.

Categories of Personal Information We Collect

The table below shows the categories of personal information we have collected in the past twelve (12) months. The table includes illustrative examples of each category and does not reflect the personal information we collect from you. For a comprehensive inventory of all personal information we process, please refer to the section “WHAT INFORMATION DO WE COLLECT?”

CategoryExamplesCollected
A. IdentifiersContact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account nameYES
B. Personal information as defined in the California Customer Records statuteName, contact information, education, employment, employment history, and financial informationYES
C. Protected classification characteristics under state or federal lawGender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic dataYES
D. Commercial informationTransaction information, purchase history, financial details, and payment informationNO
E. Biometric informationFingerprints and voiceprintsNO
F. Internet or other similar network activityBrowsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisementsYES
G. Geolocation dataDevice locationNO
H. Audio, electronic, sensory, or similar informationImages and audio, video or call recordings created in connection with our business activitiesNO
I. Professional or employment-related informationBusiness contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with usNO
J. Education InformationStudent records and directory informationNO
K. Inferences drawn from collected personal informationInferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristicsYES
L. Sensitive personal InformationAccount login information, genetic data, health data, and racial or ethnic originYES

We only collect sensitive personal information, as defined by applicable privacy laws or the purposes allowed by law or with your consent. Sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes. You may have the right to limit the use or disclosure of your sensitive personal information. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

  • Receiving help through our customer support channels
  • Participation in customer surveys
  • Facilitation in the delivery of our Services and to respond to your inquiries

We will use and retain the collected personal information as needed to provide the Services or for:

  • Category A — As long as the user has an account with us
  • Category B — As long as the user has an account with us
  • Category C — As long as the user has an account with us
  • Category F — As long as the user has an account with us
  • Category K — As long as the user has an account with us
  • Category L — As long as the user has an account with us

Sources of Personal Information

Learn more about the sources of personal information we collect in “WHAT INFORMATION DO WE COLLECT?”

How We Use and Share Personal Information

Learn more about how we use your personal information in the section, “HOW DO WE PROCESS YOUR INFORMATION?”

Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information in the section, “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of your personal information.

We have not sold or shared personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.

Your Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:

  • Right to know whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request the deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to non-discrimination for exercising your rights
  • Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”)

Depending upon the state where you live, you may also have the following rights:

  • Right to access the categories of personal data being processed (as permitted by applicable law, including the privacy law in Minnesota)
  • Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in California, Delaware, and Maryland)
  • Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in Minnesota and Oregon)
  • Right to obtain a list of third parties to which we have sold personal data (as permitted by applicable law, including the privacy law in Connecticut)
  • Right to review, understand, question, and depending on where you live, correct how personal data has been profiled (as permitted by applicable law, including the privacy law in Connecticut and Minnesota)
  • Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including the privacy law in California)
  • Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including the privacy law in Florida)

How to Exercise Your Rights

To exercise these rights, you can contact us by submitting a data subject access request, by emailing us at service@basion.ai, or by referring to the contact details at the bottom of this document.

Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.

Request Verification

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.

Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at service@basion.ai. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.

California “Shine The Light” Law

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”

12. CAREGIVERS AND PATIENT INFORMATION

Basion is designed primarily for use by caregivers and patient advocates who manage health information on behalf of a patient (the “Patient”), including parents and legal guardians of minor children, healthcare powers of attorney for adults who lack capacity, and other individuals with legal authority to act on a Patient’s behalf. We refer to these users as “Caregivers.”

When a Caregiver creates an account and uses the Services, the Caregiver is the account holder and primary user. The Caregiver may share information about a Patient — including the Patient’s identity, diagnoses, symptoms, treatments, conversations with healthcare providers, and other health information — with the Services for the purpose of receiving navigation, educational, and support services on behalf of the Patient.

By creating an account and sharing Patient information, the Caregiver represents and warrants that they have the legal authority to do so and to consent to our processing of the Patient’s information as described in this Privacy Notice. If a Caregiver loses such authority — for example, because a minor reaches the age of majority, or a healthcare power of attorney is revoked — the Caregiver agrees to notify us promptly and to stop sharing Patient information.

A Patient (or their authorized representative) has the right to request access to, correction of, or deletion of their information at any time, regardless of whether the account is held by a Caregiver. Requests may be made by contacting us at service@basion.ai.

In limited cases, an adult Patient may use the Services directly as their own account holder. In that case, references in this Privacy Notice to “Caregiver” should be read to include the Patient acting on their own behalf.

13. HEALTH INFORMATION AND HIPAA

Basion processes health information that may include Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). We treat all health information shared with us with the level of care appropriate for PHI, regardless of whether HIPAA technically applies to a given interaction.

To the extent we act as a Business Associate of a HIPAA Covered Entity, our handling of PHI is governed by the applicable Business Associate Agreement between us and that Covered Entity, in addition to this Privacy Notice. To the extent we act as a Covered Entity in our own right, our handling of PHI is governed by our Notice of Privacy Practices, which is available upon request and which controls in the event of any conflict with this Privacy Notice with respect to PHI.

We do not use or disclose PHI for marketing or advertising purposes, and we do not sell PHI. We do not use PHI to train, fine-tune, evaluate, or improve any artificial intelligence or machine learning model except as expressly permitted by HIPAA, by the applicable Business Associate Agreement, or with the explicit consent of the Caregiver or Patient.

We require any service provider, contractor, or other third party that creates, receives, maintains, or transmits PHI on our behalf to enter into a written agreement that obligates them to protect PHI consistent with HIPAA and with this Privacy Notice.

14. INTERNATIONAL SERVICE PROVIDERS AND DATA PROCESSING

Our infrastructure, including all systems where Patient information and PHI are stored, is located in the United States. From time to time, we engage service providers, contractors, and other personnel located outside the United States to support our operations, including engineering, technical support, research, and product development.

When a service provider located outside the United States accesses Patient information or PHI in the course of providing services to us, they do so by connecting remotely to our United States-based systems. Patient information and PHI are not transferred to or stored on infrastructure outside the United States, except where we expressly disclose otherwise.

Any service provider located outside the United States who has access to Patient information or PHI is bound by a written agreement that requires them to (a) protect such information consistent with HIPAA and applicable United States privacy laws, (b) comply with any additional data protection laws that apply to them in their location, including the General Data Protection Regulation (GDPR) where applicable, and (c) not transmit such information to any other person or jurisdiction without our prior written consent.

By using the Services, the Caregiver consents to the processing of Patient information and PHI by our service providers as described in this clause, including by service providers located outside the United States.

15. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated “Last updated” date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at service@basion.ai or contact us by post at:

March Global Inc (d/b/a Basion)
2261 Market Street STE 22009
San Francisco, CA 94114
United States

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please fill out and submit a data subject access request, or email us at service@basion.ai.