8. YOUR RIGHTS

You have the right to:
- Access your personal information
- Request correction of inaccurate data
- Request deletion of your data (subject to legal obligations)
- Withdraw consent for data processing
- Export your data in a portable format
- File a complaint with relevant authorities

To exercise these rights, contact us at lkbrown@brownhealth.org.

9. INTELLECTUAL PROPERTY

The App and its content are owned by Rhode Island Hospital and protected by copyright and other intellectual property laws. You may not copy, modify, distribute, or create derivative works without written permission.

10. DISCLAIMER OF WARRANTIES

THE APP IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. WE DO NOT WARRANT THAT:
- The App will be uninterrupted or error-free
- Defects will be corrected
- The App is free of viruses or harmful components
- Results obtained from the App will be accurate or reliable

11. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY LAW, RHODE ISLAND HOSPITAL SHALL NOT BE LIABLE FOR:
- Indirect, incidental, special, or consequential damages
- Loss of profits, data, or business opportunities
- Any damages arising from use or inability to use the App

Some jurisdictions do not allow limitation of liability, so these limitations may not apply to you.

12. INDEMNIFICATION

You agree to indemnify and hold harmless Rhode Island Hospital from any claims, losses, damages, or expenses arising from:
- Your use of the App
- Your violation of these Terms
- Your violation of any rights of others

13. MODIFICATIONS TO THE APP

We reserve the right to:
- Modify or discontinue the App at any time
- Change features or functionality
- Update these Terms of Service

We will notify you of significant changes via email or in-app notification.

14. TERMINATION

We may terminate or suspend your access to the App:
- For violation of these Terms
- For suspected fraudulent or illegal activity
- At our discretion with or without notice

Upon termination, your right to use the App immediately ceases.

15. GOVERNING LAW

These Terms are governed by the laws of Rhode Island, USA, without regard to conflict of law principles. Any disputes will be resolved in the courts of Rhode Island.

16. DISPUTE RESOLUTION

Any disputes will be resolved through binding arbitration in Rhode Island.

17. ENTIRE AGREEMENT

These Terms constitute the entire agreement between you and Rhode Island Hospital regarding the App and supersede all prior agreements.

18. SEVERABILITY

If any provision of these Terms is found invalid or unenforceable, the remaining provisions will remain in full effect.

19. CONTACT INFORMATION

For questions about these Terms, contact us at:
Email: lkbrown@brownhealth.org
Address: 1 Hoppin St., Coro West, Suite 204, Providence RI 02903
Phone: 401-444-7573

===================
PRIVACY POLICY
===================

Last Updated: March 9, 2026

1. INTRODUCTION

Rhode Island Hosital ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use COMBEXHealthApp.

2. INFORMATION WE COLLECT

2.1 Personal Information
We collect:
- Name (first and last)
- Email address
- Study identification number
- Site Name
- Date of account creation

2.2 Assessment Data
We collect:
- Assessment responses
- Assessment scores
- Date and time of assessment completion
- Number of assessments completed

2.3 Device and Technical Information
We automatically collect:
- Device identifier (generated internally within the App)
- Device name (as reported by the device)
- Device type (as reported by the device)
- IP address
- Login and logout timestamps

2.4 Usage Information
We collect:
- Records of each application page accessed
- Timestamp of each page access
- We do not track feature usage metrics or time spent in the App beyond page access timestamps.

3. HOW WE COLLECT INFORMATION

3.1 Information You Provide
You directly provide information when you:
- Create an account
- Complete assessments
- Update your profile
- Contact us for support

3.2 Automatically Collected Information
We automatically collect technical and usage information through:
- Device-generated identifiers
- Server log files
- Application access logs

4. HOW WE USE YOUR INFORMATION

We use your information to:
- Provide and maintain the App
- Process and store your assessment responses
- Authenticate your identity and maintain account security
- Analyze usage patterns and improve the App
- Communicate with you about the App
- Comply with legal obligations
- Conduct research and analysis 
- Troubleshoot technical issues
- Enforce our Terms of Service

5. LEGAL BASIS FOR PROCESSING (GDPR)

If you are in the European Economic Area, our legal basis for processing your information includes:
- Consent: You have given clear consent for specific purposes
- Contract: Processing is necessary to fulfill our contract with you
- Legal obligation: Processing is necessary to comply with the law
- Legitimate interests: Processing is necessary for our legitimate interests

6. HOW WE SHARE YOUR INFORMATION

6.1 We DO NOT sell your personal information.

6.2 We may share your information with:
- Service providers who assist with App operations (hosting, analytics)
- Research collaborators ["in de-identified form"]
- Legal authorities when required by law
- Business partners with your consent

6.3 Third-Party Service Providers
We use the following third-party services:
- Cloud hosting and secure data storage: Amazon Web Services (AWS)
- Analytics: We do not use third-party analytics providers. Usage data is collected and analyzed internally.
- Email communications are not conducted through the App.

These providers are contractually obligated to protect your information.

7. DATA SECURITY

We implement appropriate security measures including:
- Encryption of data in transit (SSL/TLS)
- Encrypted storage of authentication credentials
- Secure database access controls
- Regular security assessments
- Employee training on data protection
- Access logs and monitoring

Despite our efforts, no security measures are 100% effective. We cannot guarantee absolute security.

8. DATA RETENTION

We retain your information for:
- Account data: Duration of the study
- Assessment data: Duration of the study
- Log files: 90 days

After the retention period, data is securely deleted or anonymized.

9. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights:

9.1 Access and Portability
- Request a copy of your personal information
- Receive your data in a portable format

9.2 Correction
- Request correction of inaccurate information

9.3 Deletion ("Right to be Forgotten")
- Request deletion of your information (subject to legal obligations)

9.4 Restriction
- Request restriction of processing under certain circumstances

9.5 Objection
- Object to processing based on legitimate interests

9.6 Withdraw Consent
- Withdraw consent at any time (doesn't affect prior processing)

To exercise these rights, contact us at lkbrown@brownhealth.org.

10. CHILDREN'S PRIVACY

The App is not intended for children under age 15. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it immediately.

If you believe a child has provided information to us, contact us at lkbrown@brownhealth.org.

11. INTERNATIONAL DATA TRANSFERS

If you access the App from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the App, you consent to this transfer.

12. TRACKING TECHNOLOGIES

COMBEXHealthApp is a standalone mobile application and does not use browser cookies or similar browser-based tracking technologies.

We collect limited technical and usage data as described above through application-generated identifiers and server log files.

13. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights:
- Right to know what personal information is collected
- Right to know if information is sold or disclosed
- Right to opt-out of sale (we do not sell information)
- Right to deletion
- Right to non-discrimination

To exercise these rights, contact us at lkbrown@brownhealth.org or call 401-444-7573.

14. EUROPEAN PRIVACY RIGHTS (GDPR)

If you are in the EEA or UK, you have additional rights under GDPR:
- Right to access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. We will notify you of significant changes by:
- Email notification
- In-app notification
- Posting the updated policy with a new "Last Updated" date

Your continued use after changes constitutes acceptance of the updated policy.

16. CONTACT US

For privacy-related questions or to exercise your rights:

Email: lkbrown@brownhealth.org
Address: 1 Hoppin St., Coro West, Suite 204, Providence RI 02903
Phone: 401-444-7573

===================
HIPAA NOTICE OF PRIVACY PRACTICES
===================

Effective Date: March 6, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

1. OUR COMMITMENT TO PRIVACY

Rhode Island Hospital is committed to protecting the privacy of your health information as required by the Health Insurance Portability and Accountability Act (HIPAA).

2. WHAT IS PROTECTED HEALTH INFORMATION (PHI)?

PHI is information about you, including demographic information, that may identify you and relates to:
- Your past, present, or future physical or mental health condition
- Health care services provided to you
- Payment for health care services

3. HOW WE MAY USE AND DISCLOSE YOUR PHI

3.1 For Treatment
We may use and disclose your PHI to provide, coordinate, or manage your health care and related services.

3.2 For Research 
We may use and disclose your PHI for research purposes when authorized by you or as permitted by law.

3.3 As Required by Law
We will disclose your PHI when required by federal, state, or local law.

3.4 To Avert a Serious Threat
We may use and disclose your PHI when necessary to prevent a serious threat to your health or safety, or the health or safety of others.

4. USES AND DISCLOSURES REQUIRING YOUR AUTHORIZATION

Other uses and disclosures of your PHI will be made only with your written authorization. You may revoke your authorization at any time by providing written notice.

5. YOUR RIGHTS REGARDING YOUR PHI

5.1 Right to Inspect and Copy
You have the right to inspect and obtain a copy of your PHI. To request access, contact lkbrown@brownhealth.org.

5.2 Right to Amend
If you believe your PHI is incorrect or incomplete, you may request an amendment. To request an amendment, contact lkbrown@brownhealth.org / 401-444-7573.

5.3 Right to an Accounting of Disclosures
You have the right to request a list of certain disclosures we have made of your PHI. To request an accounting, contact lkbrown@brownhealth.org / 401-444-7573.

5.4 Right to Request Restrictions
You have the right to request restrictions on how we use or disclose your PHI. We are not required to agree to your request but will consider it carefully.

5.5 Right to Request Confidential Communications
You have the right to request that we communicate with you about your PHI in a certain way or at a certain location.

5.6 Right to a Paper Copy of This Notice
You have the right to receive a paper copy of this notice upon request.

6. CHANGES TO THIS NOTICE

We reserve the right to change this notice. Any changes will apply to PHI we already have as well as any information we receive in the future.

7. COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with:

Rhode Island Hospital
Email: lkbrown@brownhealth.org
Address: 1 Hoppin St., Coro West, Suite 204, Providence RI 02903
Phone: 401-444-7573

OR

U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
1-877-696-6775
www.hhs.gov/ocr/privacy/hipaa/complaints/

You will not be retaliated against for filing a complaint.

===================
DATA BREACH NOTIFICATION
===================

In the event of a data breach affecting your personal information, we will:
1. Investigate the breach within 24 hours
2. Notify affected users within [TIME PERIOD - e.g., "72 hours" for GDPR]
3. Report to relevant authorities as required by law
4. Take steps to prevent future breaches
5. Offer assistance such as credit monitoring [IF APPLICABLE]

===================
CONSENT AND ACKNOWLEDGMENT
===================

By using COMBEXHealthApp, you acknowledge that you have read, understood, and agree to be bound by:
- These Terms of Service
- Our Privacy Policy
- Our HIPAA Notice of Privacy Practices 

If you do not agree to these terms, please do not use the App.

===================
QUESTIONS OR CONCERNS
===================

If you have questions about these legal terms or how we handle your information:

Email: lkbrown@brownhealth.org
Address: 1 Hoppin St., Coro West, Suite 204, Providence RI 02903
Phone: 401-444-7573

===================
ACKNOWLEDGMENT
===================

I acknowledge that I have read and understood the above Legal Information, including the Terms of Service, Privacy Policy, and HIPAA Notice of Privacy Practices.