Privacy Policy

1. Who We Are

This website, somasriharsha.com, is operated by Sri Harsha Soma, a physician, researcher, and entrepreneur based in the Atlanta, Georgia metropolitan area, United States. Throughout this policy, "we," "us," and "our" refer to Sri Harsha Soma.

For privacy-related inquiries, contact us at drsoma@somasriharsha.com.

2. Information We Collect

We collect a limited amount of personal information, only what is necessary to respond to inquiries and deliver our newsletter. We do not require account creation and do not collect information beyond what is described below.

2.1 Contact Form Submissions

When you submit a message through our contact form, we collect:

• First name and last name
• Email address
• Organization (optional)
• Selected topic of inquiry
• Your message content

2.2 Newsletter Subscriptions

When you subscribe to our email newsletter, we collect:

• First name and last name
• Email address

2.3 Automatically Collected Information

This website does not use analytics tracking, advertising pixels, or behavioral profiling cookies. However, certain technical information may be collected automatically by our hosting provider (Hostinger) as part of standard server operations, including IP addresses and access timestamps in server logs.

Additionally, this website loads fonts from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). When your browser requests these fonts, Google may receive your IP address and browser information. Google's use of this data is governed by Google's Privacy Policy.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Contact form data: To read and respond to your inquiry, and to maintain a record of correspondence.
• Newsletter subscriber data: To personalize and send periodic email newsletters covering topics in health sciences, clinical AI, research, health-tech ventures, and precision wellness.

We do not sell, rent, or trade your personal information to any third party. We do not use your information for automated decision-making or profiling.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following lawful bases as defined by the General Data Protection Regulation:

• Consent: When you voluntarily submit the contact form or subscribe to the newsletter, you provide consent for us to process your data for those stated purposes. You may withdraw consent at any time.
• Legitimate interest: We may process data to respond to direct inquiries and maintain communication records, where doing so does not override your fundamental rights and freedoms.

5. Third-Party Service Providers

We use a limited number of third-party service providers to operate this website and deliver our newsletter. These providers act as data processors on our behalf:

5.1 Google (Apps Script & Google Sheets)

Contact form submissions are transmitted to and stored using Google Apps Script and Google Sheets. Google processes this data under its Privacy Policy and Data Processing Terms.

5.2 Beehiiv

Our email newsletter is managed and delivered through Beehiiv (beehiiv.com). When you subscribe, your name and email address are stored and processed by Beehiiv. Beehiiv may collect additional technical data such as email open rates and link clicks for newsletter performance analytics. Beehiiv's data handling is governed by its Privacy Policy.

5.3 Hostinger

This website is hosted by Hostinger. Standard server access logs (IP addresses, timestamps, requested URLs) may be collected as part of hosting operations. See Hostinger's Privacy Policy.

5.4 Google Fonts

Web fonts are loaded from Google's servers. This results in your browser making requests to Google, which may log your IP address. See Google Fonts Privacy FAQ.

6. Cookies & Local Storage

This website does not set any first-party cookies. We do not use analytics cookies, advertising cookies, or tracking pixels.

We use browser localStorage solely for non-personal interface preferences (such as UI state). No personally identifiable information is stored in localStorage.

Third-party services embedded on this site (such as Beehiiv's newsletter widget) may set their own cookies. Please refer to the respective third-party privacy policies listed in Section 5 for details.

7. Email Newsletter

Our newsletter is delivered via Beehiiv and covers topics in health sciences, innovation, and related fields. By subscribing, you agree to receive periodic email communications from us.

Frequency

Newsletters are sent periodically. We do not send daily emails and will not spam your inbox.

Unsubscribing

Every newsletter email includes a clearly visible unsubscribe link. You may opt out at any time by clicking that link. Upon unsubscribing, your email address will be removed from our active mailing list. You may also request removal by emailing drsoma@somasriharsha.com.

CAN-SPAM Compliance

In accordance with the CAN-SPAM Act, all newsletter emails will:

• Accurately identify the sender
• Include a valid physical mailing address or registered agent
• Not use deceptive subject lines
• Clearly identify the message as a newsletter or promotional communication where applicable
• Provide a clear mechanism to opt out of future emails
• Honor opt-out requests within 10 business days

We do not share, sell, or transfer your email address to third parties for their own marketing purposes after you opt out.

8. Data Retention

• Contact form submissions: Retained for as long as necessary to respond to your inquiry and maintain correspondence records, typically no longer than 24 months from the date of submission, unless ongoing communication requires otherwise.
• Newsletter email addresses: Retained for as long as you remain subscribed. Upon unsubscribing, your email address is removed from our active mailing list. Beehiiv may retain anonymized or aggregated data per its own retention policies.
• Server logs: Managed and retained by Hostinger per its data retention policies.

You may request deletion of your data at any time by contacting us (see Section 16).

9. Your Privacy Rights

Depending on your location, you may have some or all of the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten").
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request your data in a structured, machine-readable format.
• Right to object: Object to our processing of your data under certain circumstances.
• Right to withdraw consent: Withdraw previously given consent at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, email us at drsoma@somasriharsha.com. We will respond to verified requests within 30 days (or within the timeframe required by applicable law).

If you believe your privacy rights have been violated, you have the right to lodge a complaint with a supervisory authority in your jurisdiction. For EEA residents, a list of data protection authorities is available at edpb.europa.eu.

10. California Privacy Rights (CalOPPA / CCPA)

If you are a California resident, the California Online Privacy Protection Act (CalOPPA) and the California Consumer Privacy Act (CCPA) grant you additional rights:

• Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to opt-out of sale: We do not sell your personal information. No opt-out is necessary.
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.

CalOPPA also requires us to disclose how we respond to "Do Not Track" (DNT) browser signals. Because this website does not use tracking technologies, we do not track your activity across other websites and therefore DNT signals do not change our website's behavior.

To submit a request, email drsoma@somasriharsha.com with "California Privacy Request" in the subject line.

11. Canadian Privacy Rights (PIPEDA)

If you are a Canadian resident, the Personal Information Protection and Electronic Documents Act (PIPEDA) provides you with rights regarding your personal information, including the right to:

• Know what personal information we hold about you and why
• Access your personal information
• Challenge the accuracy and completeness of your data and have it corrected
• Withdraw consent for data collection (subject to legal or contractual restrictions)
• File a complaint with the Office of the Privacy Commissioner of Canada

We collect personal information only with your knowledge and consent. We collect only information necessary for the purposes identified and use it only for those purposes.

12. Children's Privacy

This website and newsletter are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal data from a child under 16, we will promptly delete that information. If you believe a child has provided us with personal data, please contact us at drsoma@somasriharsha.com.

13. Data Security

We take reasonable administrative and technical measures to protect your personal information against unauthorized access, loss, alteration, or destruction. These measures include:

• HTTPS encryption for all data transmitted between your browser and this website
• Access to stored contact form data restricted to the site owner
• Use of established, reputable third-party processors (Google, Beehiiv, Hostinger) that maintain their own security programs

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

14. International Data Transfers

This website is operated from the United States. If you access this website from outside the United States, your information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate.

If you are located in the EEA, UK, or Switzerland, please be aware that U.S. data protection laws may differ from those in your jurisdiction. By using this website and submitting your information, you acknowledge this transfer. Where required, our third-party processors use appropriate safeguards (such as Standard Contractual Clauses) to protect transferred data.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service providers. When we do:

• The "Effective Date" at the top of this page will be updated.
• For material changes, we will make reasonable efforts to notify newsletter subscribers via email.
• Continued use of the website or newsletter after changes are posted constitutes acceptance of the updated policy.

We encourage you to review this page periodically.

16. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or how your data is handled, please contact:

We aim to respond to all privacy-related inquiries within 30 days.