Legal
Privacy Policy
This Privacy Policy explains how Tangible Spin LLP ("TVshuru Health", "we", "our", "us") handles information in connection with the TVshuru Health interactive patient-care platform and the health.tvshuru.com website. Healthcare data is governed primarily by our agreements with the hospitals we serve; this policy summarizes our practices in plain language. It is not legal advice.
1. Two different kinds of data
TVshuru Health handles two very different categories of information, under different rules:
- Patient information inside a hospital deployment (PHI). When TVshuru Health runs at a hospital, it may process protected health information (PHI) — such as a patient's name, room, care team, and the education or requests shown at the bedside — on behalf of the hospital. Here the hospital is the covered entity and TVshuru Health acts as its Business Associate under HIPAA.
- Website and enquiry information. When you browse health.tvshuru.com or submit the "Book a demo" form, we process ordinary business-contact information (for example, your name, work email, organization, and message).
2. Patient information (our role as a Business Associate)
For patient-facing deployments, we operate under a Business Associate Agreement (BAA) with each hospital and the HIPAA Privacy, Security, and Breach Notification Rules. In that role:
- We use and disclose PHI only as permitted by the BAA and only to provide and support the service — never to sell it or for our own marketing.
- Each hospital's data is logically segregated from every other hospital's.
- Personalized content and any patient inputs are cleared from the room between admissions.
- PHI is encrypted in transit and at rest, with role-based access controls and audit logging.
- Patients who wish to exercise rights over their health information (access, amendment, restriction, accounting of disclosures) should contact the hospital as the covered entity; we support the hospital in fulfilling those requests.
Details of our security program are on the Data & Security page.
3. Website and enquiry information
When you contact us or submit a form, we collect the details you provide (name, work email, organization, role, approximate bed count, and your message) and basic technical data (such as the page you submitted from and your referrer). We use this only to respond to you, to provide information you request about TVshuru Health, and to keep records of our business communications. We do not sell this information, and we do not use it to build advertising profiles.
4. Cookies and analytics
The health.tvshuru.com marketing site is intentionally lightweight. We do not use advertising trackers. Any analytics we use are limited to understanding aggregate site usage; where required, we will present a cookie notice and honor your choices.
5. Sharing and subprocessors
We share information only with service providers that help us operate (for example, hosting and communications tools), each bound by appropriate confidentiality and, where PHI is involved, HIPAA obligations. A current list of subprocessors used in patient deployments is available to contracted hospitals on request. We may disclose information if required by law.
6. Retention
Patient information is retained only as directed by the hospital and the BAA, and cleared from rooms between admissions. Website enquiry information is retained for as long as needed to respond and to maintain our business records, then deleted or anonymized.
7. Security
We use administrative, physical, and technical safeguards appropriate to a healthcare environment, including encryption, access controls, monitoring, and staff training. No system is perfectly secure, but we design and test TVshuru Health to reduce risk. Report a concern to security@tangiblespin.com.
8. Children
TVshuru Health may be deployed on pediatric wards, where it processes children's information strictly on behalf of, and under the direction of, the treating hospital as covered entity. The marketing website is not directed to children.
9. International
TVshuru Health is offered to healthcare providers in the regions where we operate. Where a deployment or enquiry involves data protected by additional laws (such as the GDPR or India's DPDP Act), we handle that data in accordance with the applicable law and our agreement with the relevant organization.
10. Changes
We may update this policy from time to time. Material changes will be posted here with a new "Last updated" date.
11. Contact
Questions or requests: privacy@tangiblespin.com. If your question concerns patient information at a specific hospital, please also contact that hospital, which is the data controller / covered entity for its patients.