Privacy Policy

Last Updated: February 2025

Back to Home
Suntop Healthcare Corp. ("Suntop", "we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, visit our website, or interact with our healthcare technology platforms.

Scope and Applicability

This Privacy Policy applies to all individuals who visit our website or use our digital platforms, receive healthcare services through facilities using our technology, interact with our patient care and monitoring systems, communicate with our customer service or support teams, or apply for employment or business partnerships with us.

Types of Information We Collect

We collect several categories of information to provide and improve our services. This includes personal identifiers such as name, email address, phone number, mailing address, date of birth, and government-issued ID numbers. We also collect protected health information (PHI), including medical history, treatment records, lab results, diagnostic information, medication lists, vital signs, and dialysis treatment data. Additionally, we gather account information (username, password, preferences, and authentication credentials), device information (IP address, browser type, operating system, and device identifiers), usage data (pages visited, features used, time spent on platform, and interaction patterns), communication records (emails, chat logs, phone recordings where permitted, and support tickets), and payment information (billing address, payment method details, and transaction history processed through secure third-party payment processors).

How We Collect Information

We collect information through various methods: directly from you when you create an account, fill out forms, or communicate with us; automatically through cookies, web beacons, and similar tracking technologies; from healthcare providers and facilities that use our platforms; from third-party service providers and business partners; and through IoT medical devices integrated with our systems.

How We Use Your Information

We use the information we collect for providing, maintaining, and improving our healthcare technology services; processing and managing patient treatment records and clinical workflows; enabling AI-assisted clinical decision support features; communicating with you about services, updates, alerts, and support; personalizing your experience and providing relevant content; conducting research and analytics to improve patient outcomes; complying with legal obligations, healthcare regulations, and industry standards; preventing fraud, ensuring security, and protecting our legal rights; and processing payments and managing billing relationships.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Essential cookies are required for basic website functionality and security. Performance cookies help us understand how visitors interact with our website. Functional cookies remember your preferences and settings. Analytics cookies collect anonymized data for statistical analysis. You can manage cookie preferences through your browser settings, though disabling certain cookies may limit functionality.

Information Sharing and Disclosure

We may share your information with healthcare providers and facilities for treatment coordination; with service providers who perform services on our behalf under strict confidentiality agreements; with business partners for integrated healthcare solutions; as required by law, court order, or government regulation; to protect our rights, property, or safety, or that of our users; in connection with a merger, acquisition, or sale of assets with appropriate safeguards; and with your explicit consent for any other purpose.

Third-Party Services

Our services may integrate with third-party platforms including analytics providers such as Google Analytics for website traffic analysis, cloud infrastructure providers for data storage and processing, payment processors for secure transaction handling, and communication platforms for customer support. These third parties have their own privacy policies, and we encourage you to review them.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses approved by relevant authorities, data processing agreements with appropriate security provisions, compliance with applicable cross-border data transfer regulations, and encryption and security measures for data in transit.

Data Security

We implement comprehensive security measures to protect your information, including AES-256 encryption for data at rest and TLS 1.3 for data in transit, multi-factor authentication and role-based access controls, regular security assessments, penetration testing, and vulnerability scans, 24/7 security monitoring and incident response capabilities, employee security training and background checks, physical security controls at data center facilities, and regular backup procedures and disaster recovery planning.

Data Retention

We retain your information according to specific guidelines. Active account data is retained while your account is active and for a reasonable period thereafter. Medical records are retained in accordance with applicable healthcare regulations, typically 6-10 years after the last treatment. Transaction records are retained for 7 years for financial and tax compliance. Aggregated and anonymized analytics data may be retained indefinitely. Upon request, we will delete or anonymize your data, subject to legal retention requirements.

HIPAA Notice (United States)

For users in the United States, we comply with the Health Insurance Portability and Accountability Act (HIPAA). We maintain appropriate administrative, physical, and technical safeguards for protected health information (PHI). We enter into Business Associate Agreements (BAAs) with covered entities and provide breach notification as required by HIPAA and state laws. Patients have rights to access, amend, and receive an accounting of disclosures of their PHI. For a complete Notice of Privacy Practices, please contact us.

California Privacy Rights (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act and California Privacy Rights Act. These include the Right to Know (request information about the categories and specific pieces of personal information we have collected), Right to Delete (request deletion of your personal information, subject to certain exceptions), Right to Correct (request correction of inaccurate personal information), Right to Opt-Out (opt out of the sale or sharing of personal information—note that we do not sell personal information), and Right to Non-Discrimination (we will not discriminate against you for exercising your privacy rights). To exercise these rights, contact us at privacy@suntopai.com.

European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under GDPR including: Right of Access to obtain confirmation of whether we process your data and access to that data; Right to Rectification to request correction of inaccurate or incomplete data; Right to Erasure to request deletion of your data in certain circumstances; Right to Restrict Processing to request limitation of processing in certain circumstances; Right to Data Portability to receive your data in a structured, commonly used format; Right to Object to processing based on legitimate interests or for direct marketing; Right to Withdraw Consent at any time where processing is based on consent; and Right to Lodge a Complaint with a supervisory authority.

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children without parental consent. If we learn we have collected information from a child without verification of parental consent, we will delete it. Healthcare services for minors are provided through their parents or legal guardians, who may contact us to review, delete, or stop collection of their child's information.

Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected individuals within the timeframes required by applicable law (typically 72 hours for GDPR, 60 days for HIPAA). The notification will include the nature of the breach, types of data affected, and steps we are taking. We will provide guidance on steps you can take to protect yourself. We maintain comprehensive incident response procedures and regularly test our response capabilities.

Policy Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent notice on our website. The "Last Updated" date at the top indicates when the policy was last revised. Your continued use of our services after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us by email at privacy@suntopai.com, or reach our Data Protection Officer at dpo@suntopai.com. You may also write to Suntop Healthcare Corp., Privacy Team, at our corporate address. For HIPAA-related inquiries, please email hipaa@suntopai.com. We will respond to your request within 30 days or as required by applicable law.

Have questions? Contact us for more information.

Contact