Privacy Policy

Effective Date: February 1, 2026
Last Updated: February 1, 2026

1. Information We Collect

1.1 Information You Provide Directly

• Account Information: When you create an account or authenticate, we collect your email address, name, organization details, and authentication credentials.
• Healthcare Claims Data: Documents and data you upload through the extension for fraud detection analysis, including claim forms, invoices, medical records, and related healthcare documentation.
• Communication Data: Information you provide when contacting our support team, including your name, email address, and the content of your messages.

1.2 Information Collected Automatically

• Diagnostic Data: Minimal error logs and crash reports necessary for troubleshooting critical technical issues and maintaining service reliability.
• Session Data: We use local storage and session tokens to maintain your authenticated session and remember your preferences within the extension.

Note: We do not collect detailed usage analytics, browsing behavior, device fingerprints, IP addresses, or other tracking information beyond what is strictly necessary to provide the service.

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, operate, and maintain the ResultShield Lite™ extension and fraud detection services.
• Claims Analysis: To process uploaded healthcare claims data using AI-powered algorithms to detect potential fraud, waste, and abuse.
• Authentication and Security: To verify your identity, secure your account, and prevent unauthorized access.
• Service Improvement: To identify and fix critical bugs, address technical issues, and maintain system stability.
• Communication: To respond to your inquiries, provide customer support, and send important service updates or security notifications.
• Compliance: To comply with legal obligations, enforce our Terms & Conditions, and protect our rights and the rights of our users.

What We Don't Do: We do not use your information for advertising, marketing to third parties, behavioral tracking, or building user profiles for purposes unrelated to fraud detection.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing is necessary to perform our contract with you (providing the extension services).
• Legitimate Interests: We have legitimate interests in improving our services, preventing fraud, and ensuring security.
• Legal Compliance: Processing is necessary to comply with applicable laws and regulations.
• Consent: Where required by law, we obtain your explicit consent before processing certain types of data.

4. How We Share Your Information

4.1 We Do Not Sell Your Data

ResultShield Lite™ does not sell, rent, or trade your personal information or healthcare claims data to third parties for marketing purposes.

4.2 Service Providers

We maintain a minimal data sharing approach. In limited circumstances, we may share information with essential service providers who assist in operating our core infrastructure:

• Cloud hosting providers: To securely store and process your claims data on protected servers
• Security services: To maintain encryption and protect against unauthorized access

Any service providers we work with are contractually obligated to protect your information, use it only for the specific purposes we authorize, and maintain the same level of data protection outlined in this policy.

Important: We do not share your data with analytics companies, advertising networks, data brokers, or other third parties for their own purposes.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, warrants)
• Requests from government authorities or law enforcement
• Situations involving potential threats to public safety or security
• Protection of our legal rights and property

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

4.5 With Your Consent

In rare circumstances where sharing your information with third parties may be beneficial (such as integration with your existing systems or specialized services you request), we will always obtain your explicit consent before doing so. You have full control over these decisions.

5. Data Security

We implement comprehensive technical and organizational security measures to protect your information from unauthorized access, disclosure, alteration, or destruction:

• Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using industry-standard encryption algorithms.
• Access Controls: Strict access controls ensure only authorized personnel can access sensitive data on a need-to-know basis.
• Secure Infrastructure: Our systems are hosted on secure, SOC 2 compliant cloud infrastructure with regular security audits.
• Monitoring: Continuous monitoring and logging of system activities to detect and respond to security incidents.
• Regular Updates: We regularly update our security practices and software to address emerging threats.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining reasonable safeguards.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Account Data: Retained while your account is active and for a reasonable period thereafter to comply with legal obligations.
• Claims Data: Retained for the duration necessary to provide fraud detection services and as required by applicable healthcare regulations.
• Diagnostic Data: Minimal error logs retained only as long as necessary to resolve technical issues, typically 30-90 days.
• Backup Data: May be retained in backup systems for disaster recovery purposes for up to 90 days.

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 General Rights

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to certain types of data processing, including processing for direct marketing.
• Restriction: Request restriction of processing under certain circumstances.

7.2 GDPR Rights (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

7.3 CCPA Rights (California Residents)

California residents have specific rights under the California Consumer Privacy Act (CCPA), including:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to deletion of personal information
• Right to non-discrimination for exercising CCPA rights

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at admin@ayothealthsolutions.ke. We will respond to your request within 3 business days (or as required by applicable law).

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer data internationally, we implement appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection
• Other legally approved transfer mechanisms

9. Children's Privacy

ResultShield Lite™ is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information promptly.

10. Third-Party Links and Services

Our extension may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those external sites or services. We encourage you to review the privacy policies of any third-party services you access.

11. Healthcare Data Compliance

While ResultShield Lite™ processes healthcare claims data, we are committed to maintaining compliance with applicable healthcare privacy regulations:

• HIPAA Considerations: If you are a covered entity or business associate under HIPAA, you are responsible for ensuring that your use of ResultShield Lite™ complies with HIPAA requirements. We can enter into a Business Associate Agreement (BAA) upon request.
• Data Minimization: We process only the healthcare data necessary to provide fraud detection services.
• Purpose Limitation: Healthcare claims data is used solely for fraud detection and analysis purposes.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you through the extension or via email if you have an account
• Obtain your consent if required by applicable law for material changes

We encourage you to review this Privacy Policy periodically. Your continued use of ResultShield Lite™ after changes are posted constitutes your acceptance of the updated policy.

13. User Control and Account Management

You have control over your use of ResultShield Lite™:

• Uninstall: You may discontinue use at any time by removing the extension from your Chrome browser.
• Account Deletion: You may request deletion of your account and associated data by contacting us.
• Data Export: You may request an export of your data in a portable format.
• Preferences: You can manage certain preferences within the extension settings.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Dispute Resolution

If you have a complaint about our privacy practices, please contact us first so we can attempt to resolve the issue. If you are not satisfied with our response, you may:

• Lodge a complaint with your local data protection authority (for EEA, UK, or Swiss residents)
• Contact the California Attorney General (for California residents)
• Pursue other legal remedies available under applicable law