Leger Privacy Policy

Last Update: Feb 11, 2025

Introduction

Welcome to Leger ("Leger," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our application and services (collectively, the "Services"). By accessing or using our Services, you agree to the terms of this Privacy Policy.

User Information We Collect (see also: PHI)

We collect various types of user information to provide and improve our Services to you.

  • Personal Information: Includes your name, email address, and other contact details you provide during registration or while using our Services.
  • Usage Information: Information about how you use the Services, such as access times, features used, and other interaction data.
  • Device Information: Information about the device you use to access our Services, including IP address, browser type, operating system, and device identifiers.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to collect information about your browsing activities over time and across different websites following your use of our Services.

How We Use Your Information

We use the collected information for various purposes, including:

  • To Provide and Maintain our Services: Ensuring the functionality, security, and performance of the Services.
  • To Improve User Experience: Analyzing usage patterns to enhance and personalize your experience.
  • To Communicate with You: Sending updates, newsletters, marketing materials, and responding to your inquiries.
  • To Ensure Compliance and Security: Monitoring for fraud, unauthorized access, and ensuring compliance with legal obligations.
  • For Research and Development: Conducting research to develop new products or services and improve existing ones.

Legal Basis for Processing Data and Personally Identifiable Health Information (PHI)

Under applicable data protection laws, including HIPAA, we process your personal and health-related data based on the following legal bases:

  • Consent: When you provide explicit consent for specific data processing activities.
  • Contractual Necessity: To fulfill our contractual obligations to you.
  • Legal Obligations: To comply with applicable laws and regulations.

Data Sharing and Disclosure

We may share user and health-related information in the following circumstances:

  • With Service Providers: Third-party vendors (e.g. OpenAI) and service providers who perform services on our behalf, such as data storage, payment processing, AI summarization and transcription, and email delivery. Please note that after processing is complete, these providers are contractually obligated to delete or anonymize your data. With regards to HIPAA, we act as a Business Associate and are required to have a Business Associate Agreement (BAA) in place with these providers.
  • For Legal Reasons: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be securely transferred as part of that transaction.
  • With Your Consent: We may share your information with third parties when you have provided explicit consent.

Note: We do not sell, trade, or otherwise transfer your personal information to outside parties without your consent, except as described above.

Data Security

We implement a variety of security measures to maintain the safety of your data. These measures include:

  • Encryption: All sensitive data is encrypted both in transit and at rest using industry-standard encryption protocols.
  • Access Controls: Strict access controls are in place to ensure that only authorized personnel can access your information.
  • Compliance Certifications: Our technology stack and data handling practices comply with HIPAA standards.

Despite our efforts, no security system is impenetrable. We cannot guarantee the absolute security of your information, and you acknowledge that you provide your data at your own risk.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

When your data is no longer needed, we securely delete or anonymize it to prevent unauthorized access or use.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: You have the right to request access to the personal information we hold about you.
  • Correction: You can request that we correct any inaccurate or incomplete information.
  • Deletion: You may request the deletion of your personal information, subject to certain exceptions.
  • Restriction of Processing: You can request that we restrict the processing of your information under certain conditions.
  • Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format.
  • Objection: You can object to the processing of your information for certain purposes, such as direct marketing.
  • Withdraw Consent: If you have provided consent for specific data processing activities, you can withdraw that consent at any time.

To exercise any of these rights, please contact us using the contact information provided below. We will respond to your request in accordance with applicable laws.

Data Breach Notification

In the unlikely event of a data breach that compromises your personal information, we will promptly notify you and the relevant authorities in accordance with applicable laws and regulations. Our notification will include:

  • A description of the nature of the breach and the types of information involved.
  • The measures we have taken to address the breach and prevent future incidents.
  • Recommendations for steps you can take to protect yourself from potential harm.

We take data breaches very seriously and will take all necessary steps to mitigate any potential damage.

Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated or controlled by us. We are not responsible for the privacy practices or the content of these third-party sites. We encourage you to read the privacy policies of each website you visit.

Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal or medical information from children under 18. If we become aware that we have inadvertently received personal or medical information from a child under 18, we will take steps to delete such information as soon as possible.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last Update" date above. Your continued use of the Services after such changes constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Brentmoor, Inc. DBA Leger
Email: support@leger.app

Delaware Privacy Rights

Depending on your state of residence, you have specific rights regarding your personal information under state laws. These include the right to:

  • Know: What personal information we collect, use, share, or sell.
  • Access: Your personal information that we collected from you and information about our data practices.
  • Delete: Remove your personal information that we collected from you (with some exceptions).
  • Opt-Out: Stop selling your personal information to third parties.

To exercise any of these rights, please contact us using the contact information provided above. We will not discriminate against you for exercising your rights.

International Users

Our Services are intended for users located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using our Services, you consent to the transfer of your information to the United States.

Consent to Automated Decision-Making

We may use automated decision-making processes, including profiling, to analyze your data and provide certain features or services. These processes are designed to enhance your user experience and improve our Services. However, you have the right to opt-out of such automated decision-making processes where applicable.

Dispute Resolution

Any disputes arising out of or related to this Privacy Policy or the Services will be resolved in accordance with the dispute resolution procedures outlined in our Terms of Service.

Acknowledgment

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.