our privacy policy

*

our privacy policy *

September 4, 2024

Effective: This Privacy Policy is effective as of the date of your first use of the Services.

PLEASE READ THIS POLICY CAREFULLY BEFORE USING THE SERVICES.

You must be 18 years of age or older to use the Services. It is expressly prohibited for

minors under the age of 18 to create or use a CrossMed account.

Your privacy is important to us, and we are committed to protecting it through our

compliance with this privacy policy (“Policy”). We do not collect the data you share with us

when you access or use our services, the CrossMed mobile or our Crossfire’s Business

Solutions corporate websites located at www.crossfirebiz.com (such services, Crossfire and

the Crossfire Websites are collectively referred to as the “Services”). Personal data

(hereinafter “Personal Data”) means any information relating to an identified or

identifiable natural person. Unless defined where used, capitalized terms used herein shall

have the meanings given in the Terms of Use.

The information provided does not apply to third-party online websites, pages or services

that can be accessed via hyperlinks through the Services. Clicking on those hyperlinks may

allow third parties to collect or share data about you. We do not control these third-party

websites and are not responsible for their privacy policies. When you leave our Services,

we encourage you to read the privacy policy of every website or mobile application you

visit. This version maintains the original structure and intent while substituting the

company name as requested.

  1. Data Collection Explanation:
    The CrossMed app collects facial blood flow data from a 30-second facial image scan, but the image scans remain on the user's device and are not stored by the app or DeepAffex.

  2. Data Processing and Retention:
    Collected facial blood flow data is sent to DeepAffex for wellness measurement processing and is deleted immediately after. And, wellness measurement results are retained only as long as required to fulfill contractual obligations with B2B customers.

  3. Disclosure of Third-Party Data Processing:
    Data is hosted on Amazon Web Services (AWS) and processed in compliance with HIPAA regulations. Also, Twilio Inc. and MaxMind Inc. as service providers for email and geolocation services. Crossfire"s CrossMed app is currently compliant with HIPAA (Health Insurance Portability and Accountability Act) along with other regulations like AICPA SOC 2®, PIPEDA, and EU GDPR

  4. Quote on Facial Data Processing:
    "Facial blood flow data is collected through supported mobile device cameras and processed for wellness measurements. No facial images or videos are stored or transmitted. Blood flow data is processed and deleted upon completion.