Privacy Policy

Semler Scientific, Inc. respects each person’s right to individual privacy. We will collect and use information through our Web site only in the ways disclosed in this statement. This statement applies solely to information collected at Semler Scientific, Inc.’s web site.

Semler Scientific, Inc. collects information through our Web site at several points. We do not collect personally identifiable information about visitors.

Semler Scientific, Inc. does not actively market to minors, and we never knowingly ask a minor to divulge personal information.

We collect the following general data that is not personally identifiable information: host IP address, browsing software identification and version, referring site, search keyword(s), and site content viewed. We collect this information through automatic logging files.

We do not employ cookies. A cookie is a small text file that some web servers place on a user’s computer hard drive to be a unique identifier.

The information collected by Semler Scientific, Inc. will be used for maintaining the site and improving the quality and accessibility of our services.

The information we collect will not be used to create customer profiles based on browsing or purchasing history. We will not supplement information collected at our web site with data from other sources. We do not share data with third parties.

We offer links to other web sites. Please note: When you click on links to other web sites, we encourage you to read their privacy policies. Their standards may differ from ours.

External links to other sites outside of the Semlerscientific.com domain are being provided as a convenience and for informational purposes only; they do not constitute an endorsement or an approval by Semler Scientific of any of the products, services or opinions of the external entity. Semler Scientific bears no responsibility for the accuracy, legality, or content of the external site or for that of subsequent links. You will be subject to the destination site’s privacy policy when you follow the link.

Contact the external site for answers to questions regarding its content, terms, and/or policies.

If our policy on information collection or uses changes, will advise you by posting a notice on our web site.

If problems arise, users may contact Semler Scientific, Inc. by any method listed at the Web site under “Contact”. We are committed to resolving disputes within 15 working days.

Vulnerability Disclosure Policy

Semler Scientific is committed to the security and protection of our products, services, customer data, and infrastructure. We recognize the value of engaging with external security researchers in identifying and mitigating security vulnerabilities.

We will appreciate a responsible submission if you believe you’ve found a security vulnerability in a Sigma Computing product. You can submit a detailed description of the issue to us, including the steps that we can take to reproduce the issue and/or a proof-of-concept (“Report”).

We ask that reporters honor responsible disclosure principles and processes while engaging with us in order for Semler Scientific to evaluate, respond to, or remediate any confirmed security vulnerabilities before public or third-party disclosure.

Responsible Reporting and Disclosure

Semler Scientific believes in responsible reporting and disclosure, and we ask the following:

  • Comply with all applicable laws.
  • Do not violate the privacy of other users, destroy data, or disrupt services.
  • Promptly report the nature of the vulnerability to us and provide as much detail as possible so we can reproduce the vulnerability.
  • Report the details of the security vulnerability to us without sharing any information of the vulnerability publicly.
  • Do not disrupt or degrade Semler Scientific’s products or services.
  • Do not access, modify, destroy, or violate the privacy of any Semler Scientific customer or data.
  • Avoid the degradation of user experience, disruption to production systems, and any access, copying, destruction, or manipulation of data.

Once you have established that a vulnerability exists or encountered any of the sensitive data outlined below, you must stop your test and notify us immediately. You will NOT be executing, or attempting to execute, a denial-of-service attack.

Please provide Semler Scientific reasonable time to fix any reported issue before such information is shared with a third-party or disclosed publicly.

Scope

This policy applies to all the products, services, and infrastructure developed, managed, and maintained by Semler Scientific.

Out of Scope Vulnerabilities

Certain vulnerabilities are considered out of scope and include the following:

  • Physical testing
  • Social engineering attacks, including those targeting our employees, contractors, or vendors (eg, attempts to steal cookies, or fake login pages used to obtain credentials)
  • Denial-of-service attacks
  • User interface or bugs
  • Network vulnerabilities (eg, account takeover, spam, clickjacking, fingerprinting)
  • Phishing
  • Resource exhaustion attacks

Reporting a Security Vulnerability

When reporting a potential vulnerability, please include a detailed summary of the vulnerability, including the target, steps, tools, and artifacts used during discovery (screen captures welcome). Please submit your report to: itsecurity@semlerscientific.com.

Semler Scientific will:

  1. Attempt to acknowledge receipt of your report within 2 business days
  2. Provide you with an estimated timetable for resolution of the vulnerability
  3. Notify you when the vulnerability is fixed
  4. With your permission, publicly acknowledge your responsible disclosure

Without limitation, email communication between you and Semler Scientific, including emails you send to Semler Scientific reporting a potential security vulnerability, should not contain any of your proprietary information. The contents of all email communication you send to Semler Scientific shall be considered non-proprietary. Semler Scientific, or any of its affiliates, may use such communication or material for any purpose whatsoever, including, but not limited to, reproduction, disclosure, transmission, publication, broadcast, and further posting.

*Please note, Semler Scientific does not operate a public bug bounty program and we make no offer of reward or compensation in exchange for submitting potential issues.

Questions

For any questions on the policy and for further help, please write to us at security@semlerscientific.com.

Semler Scientific reserves the right to update the policy at any time