Home

Privacy & Terms

Last Updated: October 28, 2024

Introduction

Welcome to Teddy Chat, a service operated by Toy Mint Corporation ("we," "us," "our"). This document outlines both our Privacy Policy and Terms of Use, detailing how we collect, use, and protect data, and the terms governing your use of the Teddy Chat platform in pediatric clinics. By using Teddy Chat, you agree to these terms. If you have any questions, please contact us.

Privacy Policy

1. Compliance with Laws

We adhere to all applicable privacy laws, including:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Children's Online Privacy Protection Act (COPPA)
  • General Data Protection Regulation (GDPR)
  • Relevant provincial and state laws

For compliance inquiries, please contact us at [email protected].

2. HIPAA Compliance Statement

Teddy Chat aligns with HIPAA standards by intentionally avoiding the collection, storage, or processing of Protected Health Information (PHI) and Personally Identifiable Information (PII). We have also implemented tools at the client level that filter out PII from user inputs. Even if users inadvertently input PHI or PII, our system is designed to prevent the collection of any PII, ensuring that only non-identifiable health information (HI) is processed.

We implement industry-standard security protocols, including AES-256 encryption and SSL/TLS data transmission, to protect all data exchanged on the platform. These measures ensure that Teddy Chat remains secure and privacy-compliant, supporting pediatric clinics in a safe, HIPAA-conscious environment.

We encourage users to avoid entering any personal or sensitive information. While our PII filtering tool serves as an additional safeguard, it is not a substitute for responsible user behavior.

3. HIPAA Compliance and Business Associate Agreements

Business Associate Role

Toy Mint Corporation recognizes that, under the Health Insurance Portability and Accountability Act (HIPAA), we may act as a Business Associate when providing services to covered entities such as pediatric clinics. As a Business Associate, we are committed to upholding the highest standards of privacy and security for Protected Health Information (PHI).

Business Associate Agreements

We have entered into Business Associate Agreements (BAAs) with our client pediatric clinics. These BAAs outline our responsibilities regarding the handling, use, and disclosure of any PHI, ensuring compliance with HIPAA regulations.

Our Commitments Under BAAs

  • Safeguarding PHI: We implement administrative, physical, and technical safeguards to protect PHI against unauthorized access, use, or disclosure.
  • Permitted Uses and Disclosures: PHI is used or disclosed only as permitted by the BAA or as required by law.
  • Subcontractor Compliance: Any subcontractors or agents who may have access to PHI are held to the same privacy and security standards and have signed agreements reflecting these obligations.
  • Breach Notification: We promptly report any unauthorized access, use, or disclosure of PHI to the covered entity, in compliance with breach notification requirements.
  • PHI Return or Destruction: Upon termination of services, we return or destroy all PHI received from the covered entity if feasible.

For more details about our HIPAA compliance and Business Associate Agreements, please contact us at [email protected].

4. Information We Collect

We do not collect Personally Identifiable Information (PII) or Protected Health Information (PHI) through Teddy Chat. The experience is designed to work without requiring PII. To ensure this:

  • PII Filtering Tool: We have implemented a tool at the client level that filters out any PII from user inputs. Even if a user inadvertently enters PII or PHI, the PII is filtered out, and only non-identifiable health information is processed.
  • Non-Personal Information: We collect non-personal information such as:
    • Interaction Logs: Data about user interactions to improve Teddy Chat.
    • Device and Usage Information: Browser type, operating system, etc.

5. How We Use Collected Information

The information we collect is used for:

  • Enhancing the Teddy Chat experience by analyzing general interaction patterns.
  • Maintaining the security and functionality of the chatbot.
  • Ensuring compliance with legal and regulatory standards for children's online services.
  • Interacting with the OpenAI API to deliver responses based on user inputs.

We do not use collected information for marketing or advertising purposes.

6. Data Security Overview

We implement industry-standard security measures to protect data. While no system is entirely secure, we strive to safeguard all information processed through Teddy Chat.

Encryption Standards

  • Data Storage: AES-256 encryption.
  • Data Transmission: SSL/TLS protocols.

Storage Protocols

  • Secure Infrastructure: Hosted on HIPAA-compliant platforms like Vercel and MongoDB Atlas.
  • Access Controls: Strictly limited to authorized personnel with background checks and training.

For security-related inquiries, contact [email protected].

7. Audits and Logs Documentation

  • Access Logs: Record of all user access events with timestamps.
  • Activity Logs: System actions, including data modifications.
  • Review and Retention: Logs are reviewed monthly and retained for at least one year.

8. Incident Response Plan

  • Identification: Immediate upon detection.
  • Containment: Within 1-2 hours.
  • Notification: Affected parties are informed within 24 hours, complying with legal requirements.
  • Investigation and Resolution: Prompt actions to resolve the issue.
  • Post-Incident Review: Strengthening future response protocols.

9. Use of OpenAI API and Data Processing Addendum

Teddy Chat utilizes the OpenAI API to process user inputs:

  • Data Processing Addendum (DPA): We have signed a Data Processing Addendum (DPA) with OpenAI. This legally binding agreement outlines data protection obligations and ensures that any data processed by OpenAI is handled in compliance with applicable data protection laws, including GDPR and other relevant regulations.
  • Data Minimization and Anonymization: Our PII filtering tool ensures that no PII or PHI is transmitted to OpenAI. Only non-identifiable data is processed by OpenAI's API.
  • OpenAI's Privacy Practices: For more information about how OpenAI handles data, please review their Privacy Policy and the Data Processing Addendum.

10. Children's Privacy

COPPA Compliance

Since Teddy Chat is used by children under 13, we comply with the Children's Online Privacy Protection Act (COPPA):

  • No Collection of PII: We do not collect PII from children under 13 due to our PII filtering tool.
  • Parental Consent Not Required: As we do not collect PII, verifiable parental consent is not required.
  • Parental Guidance: We encourage parents and guardians to supervise their children's use of Teddy Chat to ensure appropriate use.

11. Third-Party Sharing

  • No Marketing Use: We do not share data with third parties for marketing.
  • Service Providers: User interactions are processed by OpenAI under strict privacy practices and our DPA.

For concerns about third-party data processing, contact [email protected].

12. Changes to This Privacy Policy

  • Significant Updates: Communicated directly via email or in-app notifications.
  • Notice Period: Users will be notified at least 30 days before changes take effect.

Terms of Use

1. Eligibility

You affirm that you are:

  • Over 18 years of age, or
  • A healthcare provider, or
  • A parent or guardian consenting to your child's use of Teddy Chat.

2. Children's Use

  • Intended Users: Teddy Chat is designed for use by children in pediatric clinic settings.
  • Parental Supervision: We encourage parents and guardians to supervise their children's interactions with Teddy Chat.

3. General Use

  • Purpose: Teddy Chat offers health-related tips and information in pediatric settings.
  • Not Medical Advice: Not a substitute for professional medical consultation.
  • Consult Professionals: Always seek advice from qualified healthcare providers.

4. Use of OpenAI API

  • Data Processing: Interactions processed via OpenAI API.
  • Privacy Measures: No PII or PHI is transmitted due to our PII filtering tool.
  • Quality Enhancement: Non-identifiable data may be used to improve services.

5. Content Restrictions

  • Kid-Friendly Use: Service intended for appropriate content.
  • Prohibited Actions: You agree not to input inappropriate or prohibited content.
  • No Personal Information: Users should not attempt to share PII or PHI.

6. Intellectual Property

  • Ownership: All content is property of Toy Mint Corporation or its suppliers.
  • Protection: Protected by copyright and trademark laws.
  • Restrictions: Unauthorized use is prohibited.

7. Limitation of Liability

  • Maximum Extent: Liability limited as permitted by law.
  • No Indirect Damages: Not responsible for indirect or consequential damages arising from use.

8. Indemnification

You agree to indemnify Toy Mint Corporation against any claims or damages resulting from:

  • Your Use: Misuse of the platform.
  • Violation: Breach of these Terms of Use.

9. Termination

  • Rights Reserved: We may terminate access for violations.
  • Immediate Effect: Termination may occur without prior notice.

10. Modifications to Terms

  • Right to Modify: Terms may be updated.
  • Notification: Significant changes communicated via email or in-app notifications.
  • Acceptance: Continued use signifies acceptance of new terms.

11. Governing Law and Dispute Resolution

  • Jurisdiction: These Terms of Use and any disputes arising out of or relating to them are governed by the laws of the Province of British Columbia, Canada, without regard to its conflict of law principles.
  • Compliance with Local Laws: While the governing law is that of British Columbia, Canada, we comply with applicable laws in other jurisdictions where we operate, to the extent required.
  • International Users: If you access Teddy Chat from locations outside Canada, you are responsible for compliance with local laws if and to the extent local laws are applicable.
  • Dispute Resolution: Any disputes will be resolved under these governing laws.

Contact Us

Toy Mint Corporation
Email: [email protected]
Legal notices: [email protected]

Please review these policies carefully. Your continued use of Teddy Chat signifies your understanding and acceptance of these terms.