Xestro Privacy Policy

Thank you for visiting our Xestro website.

Xestro provides healthcare users (‘Users’) like you with a secure web & mobile phone app-based ‘platform’ to store and manage their health-related information (‘Health Data’) and to connect to healthcare providers and organisations.

We also provide healthcare providers and organisations with a secure web-based platform to manage their organisations and to collect and record, store and transmit data.

To use our Services, you must create and maintain a Xestro Account.

You can use Xestro not only to manage your own healthcare records and communications but also to:

  1. Manage the healthcare needs of your ‘dependents’ such as your children or elderly relatives for whom you have healthcare responsibility
  2. Manage your work-related Xestro account if you are a staff member at a healthcare practice that uses Xestro.

The privacy policy that you are reading now specifically and only relates to your interaction with Xestro via this website (in the xestro.com domain). Additional privacy policies will relate to your activities in the my.xestro.com domain and when you connect to us via our Xestro apps.

When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and put you in control.

This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.

This website allows you to connect to us via a ‘contact form’ and via ‘chat’. Regardless of which way you contact us via this website, all communications between you and us will be encrypted and handled securely. Using the contact form and ‘chat’ you will provide us with personally identifiable information such as your name, telephone number, address and email. Unless required by law, we will never provide any third party with any identifiable information that you provide us with.

If you have any questions about this Privacy Policy, you can contact us.

Your apps, browsers & devices

We collect information about the apps, browsers, and devices you use to access Xestro services, which helps us provide features like automatic hints about how to get the most out of your Xestro services.

The information we collect includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number.

We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request.

We collect this information when a Xestro service on your device contacts our servers. If you’re using an Android device with Xestro apps, your device periodically contacts Xestro servers to provide information about your device and connection to our services.

This information includes things like your device type, carrier name & crash reports.

Your activity

We collect information about your activity in our services, which we use to do things like recommend add-on services that may help you to use our services better.

We collect information about your location when you use our services, which helps us offer personal features like setting your time-zone and announcing your arrival at a Xestro connected healthcare organisation. Your location can be determined with varying degrees of accuracy by: GPS IP address Sensor data from your device Information about things near your device, such as Wi-Fi access points, cell towers, and Bluetooth-enabled devices. The types of location data we collect depend in part on your device and account settings.

We use various technologies to collect and store information, including cookies, local storage, such as browser web storage or application data caches, databases, and server logs.

We use the information we collect from all our services to maintain & improve our services.

We use your information to ensure our services are working as intended, such as tracking outages or troubleshooting issues that you report to us. We use this information to make improvements to our services and to develop new ones.

We use the information we collect to customize our services for you, including providing recommendations, hints & personalized content.

We use data for analytics and measurement to understand how our services are used. For example, we analyze data to do things like optimize product design.

We use information we collect, like your email address, to interact with you directly. For example, we may send you a notification if we detect suspicious activity, like an attempt to sign in to your Xestro Account from an unusual location. Or we may let you know about upcoming changes or improvements to our services. And if you contact Xestro, we’ll keep a record of your request in order to help solve any issues you might be facing.

We use information to help improve the safety and reliability of our services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm Xestro, our users, or the public. We use different technologies to process your information for these purposes.

We use automated systems that analyze your content to help us detect abuse such as spam, malware, and illegal content.

We also use algorithms to recognize patterns in data.

We may combine the information we collect among our services and across your devices for the purposes described above.

There are privacy settings that give you choices regarding the information we collect and how it's used.

Keeping Your Information Secure

We build security into our services to protect your information.

All Xestro products are built with strong security features that continuously protect your information. The insights we gain from maintaining our services help us detect and automatically block security threats from ever reaching you. And if we do detect something risky that we think you should know about; we’ll notify you and help guide you through steps to stay better protected.

We work hard to protect you and Xestro from unauthorized access, alteration, disclosure, or destruction of information we hold, including:

  • We use encryption to keep your data private while in transit
  • We offer a range of security features, like 2 Step Verification to help you protect your account
  • We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems
  • We restrict access to personal information to Xestro employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Compliance and Cooperation with Regulators

We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it.

When we receive formal written complaints, we respond by contacting the person who made the complaint.

We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly.

About this Policy

This Privacy Policy applies specifically to your interactions with this website in the xestro.com domain.

This Privacy Policy does not apply to services that have separate privacy policies that do not incorporate this Privacy Policy (including those in the my.xestro.com domain).

This Privacy Policy does not apply to the information practices of our Third-Party Partners.

We change this Privacy Policy from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent.

We always indicate the date the last changes were published, and we offer access to archived versions for your review.

If changes are significant, we’ll provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).

Related Privacy Practices

The use of ‘cookies’ helps Xestro work optimally and efficiently. A ‘cookie’ is a small file containing a string of characters that is sent to your computer when you visit a website. Cookies help store user preferences and other information. Although you can configure your browser to refuse all cookies or to indicate when a cookie is being sent, for Xestro to operate optimally, there should be no restrictions of cookies on the xestro.com domain.

For your security and for Xestro optimization, we use ‘server logs’ and we track IP addresses. Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks. An IP address can often be used to identify the location from which a device is connecting to the Internet. Like most websites, our servers automatically record the page requests made when you visit our sites. These ‘server logs’ typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser.

Like other technology and communications companies, Xestro may receive requests from governments and courts around the world to disclose user data. Respect for the privacy and security of data you store with Xestro underpins our approach to complying with these legal requests. Our legal team reviews each and every request, regardless of type, and we frequently push back when a request appears to be overly broad or doesn’t follow the correct process.