This Privacy Policy describes how ENGAUGE LLC (“ENGAUGE,” “epiqar,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information in connection with www.epiqar.com and associated websites, applications, platforms, products, and services that link to this Privacy Policy (collectively, the “Services”).

This Privacy Policy also explains your rights and choices regarding your personal information, including certain rights available under applicable data protection and privacy laws.

For purposes of European Economic Area (“EEA”), Swiss, and United Kingdom (“UK”) data protection law, ENGAUGE LLC may act as a controller for certain personal information processed through the Services. In other contexts, including where our customers use epiqar in their own organizational environments, ENGAUGE may act as a processor or service provider on behalf of the customer.

Contacting us

What information we collect

We collect personal information that you provide directly, information collected automatically when you use the Services, and information we receive from customers, partners, and service providers.

Information you provide directly

Depending on how you interact with us, we may collect:

• name, business email address, phone number, job title, and organization details;
• account credentials, including usernames and passwords;
• mobile phone number used for multi-factor authentication;
• communications, inquiries, requests for demos, and related correspondence;
• other information you choose to provide through forms, email, chat, or other interactions.

Information collected automatically

When you access or use the Services, we may automatically collect technical and usage information, such as IP address, browser type, device information, referring URLs, pages viewed, features used, timestamps, and interactions with our Services or communications.

We may collect this information through server logs, cookies, local storage, and similar technologies. For more detail, please see our Cookies Policy.

Information related to the epiqar Deep Dive AI feature

When your organization uses epiqar Deep Dive AI, we may process:

• recorded surgical video and audio content uploaded to or captured through the epiqar platform;
• transcripts, timestamps, metadata, and derived indexing data associated with that content;
• search queries, prompts, and interaction logs related to Deep Dive AI usage.

Deep Dive AI content is processed within customer-specific environments and is not pooled across customers for shared model training. AI-generated insights are advisory only and must be reviewed by a qualified human professional before use. epiqar Deep Dive AI does not replace clinical judgement or professional responsibility.

How we use personal information

We may use personal information for the following purposes:

• to provide, operate, maintain, secure, and improve the Services;
• to create and manage accounts and enable authentication, authorization, and multi-factor authentication;
• to communicate with you about demos, inquiries, support, updates, and administrative matters;
• to analyze usage, troubleshoot issues, and improve performance, reliability, and user experience;
• to prevent fraud, misuse, unauthorized access, or violations of our agreements or applicable law;
• to provide sales, marketing, and business communications, subject to your choices and applicable law;
• to process employment-related inquiries or applications;
• to comply with legal, regulatory, contractual, and compliance obligations.

Legal bases for processing in the EEA, Switzerland, and the UK

Where applicable, we rely on one or more of the following legal bases:

• performance of a contract or taking steps prior to entering into a contract;
• our legitimate interests, where those interests are not overridden by your rights and freedoms;
• compliance with a legal or regulatory obligation;
• consent, where required by law and where consent is the appropriate legal basis.

Illustrative categories and legal bases

When we share personal information

We do not sell your personal information. We may disclose personal information in the following circumstances:

• to customers and organizations that use epiqar where that disclosure is necessary to provide the Services;
• to service providers and subprocessors who support hosting, communications, infrastructure, analytics, security, and operations;
• in connection with mergers, acquisitions, financing, restructuring, bankruptcy, or similar business transactions;
• to protect our rights, safety, systems, property, users, or others;
• to comply with law, regulation, legal process, or lawful governmental requests.

Communications and marketing choices

You may opt out of marketing emails by using the unsubscribe link in the message or by contacting us at info@eng.us. Even if you opt out of marketing communications, we may still send you transactional, service-related, security, or administrative communications.

If you have provided a mobile number, we may use it for account security or limited service-related communications, including multi-factor authentication and reminders you have requested or agreed to receive.

Your privacy rights

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain personal information, and to withdraw consent where processing is based on consent.

To exercise your rights, contact us at info@eng.us. We may need to verify your identity before fulfilling your request.

EEA, Swiss, and UK rights

• right of access;
• right to rectification;
• right to erasure in certain circumstances;
• right to restriction of processing in certain circumstances;
• right to data portability where applicable;
• right to object, including objection to direct marketing;
• rights relating to certain automated decision-making, where applicable.

US state privacy rights

Residents of certain US states, including California and other states with applicable privacy laws, may have additional rights, such as rights to access, correct, delete, or obtain a copy of personal information, and rights to opt out of certain processing activities, subject to applicable exemptions and limits.

Children’s privacy

The Services are not directed to children under 18, and we do not knowingly collect personal information from children under 18 without appropriate authorization where required by law. If you believe we may have collected such information, please contact us at info@eng.us.

How long we keep personal information

We retain personal information for as long as necessary for the purposes described in this Privacy Policy, including to provide the Services, comply with law, resolve disputes, enforce agreements, maintain security, and support legitimate business operations.

• account and contact information is generally retained for the duration of the relationship and a reasonable period thereafter;
• usage and activity data is retained according to operational, security, analytics, and legal needs;
• communications and inquiry records are retained as reasonably necessary for follow-up, support, and business recordkeeping;
• surgical content and related customer data are retained according to customer configuration, contractual terms, and applicable law.

Aggregated or de-identified information that no longer identifies an individual may be retained for longer periods, including to improve and operate the Services.

International transfers

We may process personal information in the United States, the European Union, the United Kingdom, and other jurisdictions where we or our service providers operate.

Where required by applicable law, we use appropriate safeguards for international data transfers, such as contractual measures, transfer assessments, and other supplementary technical and organizational protections.

Where applicable, we may rely on the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and/or the Swiss-U.S. Data Privacy Framework only to the extent ENGAUGE LLC is an active participant and the relevant transfer and data types are covered by that certification status.

HIPAA and healthcare-related data

epiqar is designed to support compliance with healthcare privacy and security requirements where applicable. If your organization is a HIPAA-covered entity or business associate and your use of epiqar involves Protected Health Information (“PHI”), your relationship with ENGAUGE LLC as a business associate is governed by a separate Business Associate Agreement (“BAA”), where applicable.

For more information about HIPAA-related arrangements or to request a BAA, contact info@eng.us.

California notices

ENGAUGE LLC does not sell your personal information. We also do not knowingly share personal information for cross-context behavioral advertising in a manner that would require an opt-out under applicable law, except to the extent such laws may apply to specific technologies or configurations used on the site.

We do not currently respond to browser “Do Not Track” signals because there is no universally accepted standard for doing so. If that changes and we adopt a standard response, we may update this Privacy Policy accordingly.

Security

We use commercially reasonable technical, administrative, and organizational measures designed to protect personal information against unauthorized access, disclosure, alteration, misuse, and loss. However, no internet transmission or storage system can be guaranteed to be completely secure.

Links to third-party sites

The Services may contain links to websites, products, or services operated by third parties. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy notices before providing personal information.

Complaints and supervisory authorities

If you are located in the EEA, Switzerland, or the UK, you may have the right to lodge a complaint with your local supervisory authority. Information about EEA data protection authorities can be found through the European Data Protection Board member directory.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above. If we make material changes, we will use reasonable efforts to provide appropriate notice where required by law.