Privacy Policy

This Privacy Policy tells you how Expper Technologies, Inc. (“we”, “our”, “us”) collects, uses and shares information we collect from Client Users through our Robin the Robot technology (both hardware and software) (“Robin”) and our website https://robinrobot.co (“Site”), effective as of the date posted above. The Site is provided solely to support the use of Robin in accordance with our Terms of Use. Through Robin and the Site we collect and use individually-identifiable personal information to provide Robin Services and de-identified information for the purposes of artificial intelligence training of Robin and for improving Robin and Robin Services. By interacting with Robin and using Robin to access the Site you agree that we may use and disclose your information according to the terms of this Policy.

Robin records and collects information about Client Users’ interactions with Robin and our technicians. Expper provides a mental health specialist who has the ability to see through Robin’s camera and hear through Robin’s microphone and who may control certain aspects of Robin’s interaction with the Client User. These health specialists do not make a record of what they see or hear, but Robin may store a record of how it interacts with the Client User including the audio and video from the Client’s interactions. The data, audio and video files are encrypted and stored on the Robin the Robot device with which the Client User interacts (“Device”). That information is transmitted from the Device to our cloud storage provider, where it is de-identified in accordance with the standards that apply under the Standards for the Privacy of Individually Identifiable Health Information adopted by the United States Department of Health & Human Services under the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA Rules”).

We use individually-identifiable information we receive through Client Users’ interactions with Robin to provide Robin Services in accordance with our Terms of Use. We use the information that Robin records to create de-identified information, and then erase that information from our information system. We use the de-identified information for our general commercial purposes such as to improve our product and to grow our business. This includes artificial intelligence training of Robin.

We do not use cookies or similar technology to collect information about Site usage. We do not allow third parties to place cookies through the Site to collect information about a consumer’s online activities over time and across different websites when he or she uses our website.

We do not use technology that recognizes a “do-not-track” signal from your web browser.

This Site is not designed nor intended to be attractive to use by children under the age of 13. We do not knowingly collect information from children under the age of 13 without first receiving verified parental consent from the child’s parent or legal guardian which is obtained in person and in writing before the child interacts with the device.

Because no personal information is collected through the Site, we do not provide a mechanism for accessing information or other choices.

We may reveal information collected through Client Users’ use of Robin and Robin Services to unaffiliated third parties: (1) if the Client User requests or authorizes it; (2) if the information is provided to help complete a transaction for the Client or the Client User; (3) if the information is provided to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce our Terms of Use or other agreements, or to protect our rights, property or safety or the rights, property or safety of users or others (e.g., to a consumer reporting agency for fraud protection etc.); (4) if the disclosure is done as part of a purchase, transfer or sale of services or assets (e.g., in the event that substantially all of our assets are acquired by another party, customer information may be one of the transferred assets); (5) if the information is provided to our agents, outside vendors or service providers to perform functions on our behalf (e.g., analyzing data, providing marketing assistance, providing customer service, processing orders, etc.); or (6) as otherwise described in this Privacy Policy.

We may share information with our affiliated companies

We do not share information with third parties for their marketing purposes.

We use reasonable technical, administrative and physical measures to protect information contained in our system (including both each Device and the website) against unauthorized access, destruction, misuse, loss or alteration. We use standard encryption technology to protect information being transferred to our system, but no method of electronic transmission or storage is 100% secure.

Our system is maintained on servers located in the United States, and information submitted through the VPN connection is stored on our servers or cloud services within the United States. If you are using Robin device from outside the United States, please be advised that information is transferred to our U.S. servers and cloud services. Disclosing your personal information to us pursuant to this Privacy Policy is at your own risk. We strive to comply with laws of jurisdictions in which we maintain operations but we make no representations that the practices described in this Privacy Policy are compliant with laws outside those jurisdictions that apply to the collection, security, use and disclosure of personal information.

Your California Privacy Rights We do not share personal information with third parties for their direct marketing use. California Consumer Privacy Act Notice At this time we are not required to comply with the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA). We will update this Privacy Policy when we qualify for coverage under the CCPA.

We are currently not subject to the Colorado Privacy Act, the Connecticut Personal Data Privacy Act, Florida Digital Bill of Rights, the Montana Consumer Data Privacy Act, the Oregon Consumer Privacy Act, the Texas Data Privacy and Security Act, the Utah Consumer Privacy Act, or the Virginia Consumer Data Protection Act. If we become subject to any of these laws in the future we will update this Privacy Policy accordingly.

We do not transfer personal information for monetary consideration. If you would like to tell us not to sell your information in the future please email us at [email protected] with your name, postal address, telephone number and email address with “Nevada do not sell” in the subject line.

We may amend this Privacy Policy from time to time. The Policy in effect at the time you use the Site governs how we may use your information. If we make material changes we will post the revised Policy and the revised effective date on this Site. Please check back here from time to time to review any changes.

Depending on the circumstances, we may be the business associate of a Client that enters into the Robin Subscription Agreement. The Business Associate Agreement attached to this Privacy Policy applies in those circumstances.

This Site is owned and operated by Expper Technologies, Inc. You can contact us at 326 Mira Loma Ave, Glendale, CA, 91204; [email protected]; (818) 858 2021.

Expper may be a Client’s business associate under the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”), and as implemented by guidance and regulations, including without limitation 45 C.F.R. Parts 160, 162 and 164 (collectively “the HIPAA Rules”), if the Client is a covered entity and Expper creates, receives, maintains, or transmits Client Users’ protected health information in the course of providing services to the Client that are subject to the Expper Terms of Use. Expper does not undertake to determine, and has not determined that, any given Client is a covered entity or that Expper is that Client’s business associate. However, this Business Associate Agreement supplements and serves as an addendum to the Expper Privacy Policy, and applies to the contractual relationship that exists between Expper and any Client that is a HIPAA covered entity.

Terms used in this Business Associate Agreement have the meanings given them in the HIPAA Rules. Any reference to “protected health information” refers only to protected health information that Expper creates, receives, maintains, or transmits in the course of providing services to the Client that are subject to the Expper Terms of Use. The term “protected health information” does not refer to any information that Expper may create, receive, maintain, transmit, use, or disclose in other circumstances, such as when an individual accesses Expper’s website or other services other than as a Client User.

To assist Clients that are covered entities to comply with their HIPAA obligations, and in order to comply with any obligations that Expper may have under the HIPAA Rules, Expper agrees with each Client, respectively, to the extent that Client is a covered entity and that Expper creates, receives, maintains, or transmits protected health information in the course of providing services to the Client subject to the Expper Terms of Use: Expper will perform and comply with all the applicable obligations and requirements imposed upon business associates under the HIPAA Rules. Expper may use and disclose protected health information only as necessary for the purpose of providing services to the Client subject to the Expper Terms of Use, or as otherwise permitted by the HIPAA Rules or this Business Associate Agreement, or as required by law [45 C.F.R. §§ 164.502(a)(3) & 164.504(e)(2)(i) and 45 C.F.R. § 164.504(e)(2)(ii)(A)]. In addition, Expper may use and disclose protected health information for Expper’s proper management and administration [45 C.F.R. § 164.504(e)(2)(i)(A) & 45 C.F.R. § 164.504(e)(4)(i)(A)] and to carry out Expper’s legal responsibilities [45 C.F.R. § 164.504(e)(4)(i)(B)] , as long as, in the case of a disclosure for these purposes, either: The disclosure is required by law [45 C.F.R. § 164.504(e)(4)(ii)(A)]; or Expper obtains reasonable assurances from the person to whom Expper discloses the protected health information that it will be held confidentially and used or further disclosed only as required by law or for the purposes for which it was disclosed to such person [45 C.F.R. § 164.504(e)(4)(ii)(B)(1)], and that the person will notify Expper of any instances of which it is aware in which the confidentiality of the information has been breached [45 C.F.R. § 164.504(e)(4)(ii)(B)(2)]. Except as otherwise provided by this Business Associate Agreement, Expper will not make any use or disclosure of protected health information that the Client would not be permitted to make under the HIPAA Rules [45 C.F.R. §§ 164.502(a)(3) & 164.504(e)(2)(i)]. Expper may use protected health information to perform data aggregation services relating to the health care operations of the Client [45 C.F.R. § 164.504(e)(2)(i)(B)]. Expper may use protected health information to create de-identified data in accordance with 45 C.F.R. §§ 164.514(a), 164.514(b), and 164.514(c), and that de-identified data will not be protected health information [45 C.F.R. § 164.502(d)(2)]. If Expper engages a subcontractor in connection providing services to the Client that are subject to the Expper Terms of Use, Expper may disclose protected health information to that subcontractor only if Expper obtains satisfactory assurances that the subcontractor will appropriately safeguard that information [45 C.F.R. § 164.308(b)(2)]. Expper will enter into a Business Associate Agreement with any subcontractor that creates, receives, maintains, or transmits protected health information on Expper’s behalf, under which that subcontractor will agree to comply with the applicable requirements of the HIPAA Rules [45 C.F.R. § 164.314(a)(2)(i)(B)] and agree to the restrictions and conditions that apply to Expper with respect to that information [45 C.F.R. § 164.504(e)(2)(ii)(D)]. Expper will: Use appropriate administrative, physical, and technical safeguards and comply, where applicable, with 45 C.F.R. Part 164, Subpart C with respect to electronic protected health information, to protect the privacy of protected health information and prevent use or disclosure of protected health information other than as permitted by this Business Associate Agreement [45 C.F.R. §§ 164.308(b)(1), 164.314(a)(2)(i)(A) & 164.504(e)(2)(ii)(B)]. If Expper becomes responsible to carry out any of the Client’s obligations under the HIPAA Rules, carry out those obligations in accordance with the HIPAA requirements that would apply to the Client [45 C.F.R. § 164.504(e)(2)(ii)(H)]. Upon the Client’s request, make available to the Client any protected health information that Expper maintains in a designated record set, as necessary to enable the Client to comply with its obligations to provide individual access to and copies of that protected health information [45 C.F.R. §§ 164.502(a)(4)(ii) & 164.504(e)(2)(ii)(E)]. Upon the Client’s request, make available to the Client any protected health information that Expper maintains in a designated record set, as necessary to enable the Client to comply with its obligations to amend protected health information, and incorporate any amendments as the Client may instruct [45 C.F.R. § 164.504(e)(2)(ii)(F)]. Report to the Client, upon the Client’s request, all disclosures of protected health information by Expper or a subcontractor of Expper, as necessary to enable the Client to comply with its obligation to account for uses and disclosures of protected health information. Expper will report only those uses and disclosures for which the Client would be required to provide an accounting [45 C.F.R. § 164.504(e)(2)(ii)(G)]. Make Expper’s internal practices, books, and records relating to the use and disclosure of protected health information available to the Secretary of the United States Department of Health and Human Services (“Secretary”), for purposes of determining the Client’s compliance with applicable legal obligations [45 C.F.R. § 164.504(e)(2)(ii)(I)]. Expper will also disclose protected health information when required by the Secretary under 45 C.F.R. Part 160, Subpart C, to investigate or determine our compliance with the HIPAA Rules [45 C.F.R. § 164.502(a)(4)(i)]. Upon termination of the Client’s Lease, as described in the Client’s Robin Subscription Agreement, return or destroy all protected health information that Expper or a subcontractor of Expper maintains in any form and retain no copies of such information or, if return or destruction is not feasible, extend the protections of this Business Associate Agreement to such information and limit further use and disclosure of the information to those purposes that make the return or destruction of the information infeasible [45 C.F.R. § 164.504(e)(2)(ii)(J)]. Expper will give the Client written notice of any use or disclosure of protected health information not permitted by this Business Associate Agreement, or any security incident involving electronic protected health information (other than an unsuccessful security incident), of which Expper becomes aware, including any breach of unsecured protected health information [45 C.F.R. §§ 164.314(a)(2)(i)(C), 164.504(e)(2)(ii)(C), & 164.410]. In the event of a breach of unsecured protected health information, Expper will report that breach to the Client without unreasonable delay and in no event later than sixty (60) calendar days from the date of discovery of the breach, to the extent possible, and provide the identification of each individual whose unsecured protected health information has been, or is reasonably believed by Expper to have been, accessed, acquired, used, or disclosed during the breach [45 C.F.R. § 164.410(c)(1)]. In addition, Expper will provide to the Client any other available information that the Client is required to provide to an individual under 45 C.F.R. § 164.404(c) with that report or promptly thereafter as information becomes available [45 C.F.R. § 164.410(c)(2)]. The Client will remain responsible for providing notification to individuals whose unsecured protected health information has been disclosed, as well as the Secretary, and the media, as required by the HIPAA Rules. Notice given by Expper in accordance with this paragraph will also satisfy Expper’s obligations to report the ongoing existence and occurrence of unsuccessful security incidents, for which no additional notice will be required. For purposes of this Business Associate Agreement, unsuccessful security incidents include, without limitation, activity such as pings and other broadcast attacks on Expper’s firewall, port scans, unsuccessful log-on attempts, denial of service attacks, and any combination of the above, so long as no such incident results in unauthorized access, use or disclosure of electronic protected health information or interference with system operations in Expper’s information system. The Client may its Robin Subscription Agreement and the Lease described therein if the Client determines that Expper has violated a material term of this Business Associate Agreement and failed to cure that breach within a reasonable period of time after the Client has notified Expper of the violation [45 C.F.R. § 164.504(e)(iii)]. Nothing express or implied in this Business Associate Agreement is intended to, or does, confer upon any Client User or any other person or entity any rights, remedies, obligations, or liabilities whatsoever.