Privacy Policy

2.1 Account Information

When you create an account, we collect:

• Name and professional credentials
• Email address and phone number
• Professional license information
• Practice or institution details
• Billing and payment information

2.2 Patient Data

Through your use of our clinical documentation features, we process:

• Patient demographics and identifiers
• Medical history and clinical notes
• Diagnostic information and treatment plans
• Any other Protected Health Information (PHI) you input

Important: We act as a Business Associate under HIPAA and process PHI solely to provide services to you as the Covered Entity.

2.3 Usage Information

We automatically collect:

• Device information (type, operating system, browser)
• IP addresses and general location data
• Usage patterns and feature interactions
• Log files and error reports
• Performance metrics and analytics data

3.1 To Provide Services

We use your information to:

• Deliver clinical documentation and reasoning support
• Generate AI-assisted clinical notes and summaries
• Provide differential diagnosis suggestions
• Enable medical information retrieval
• Maintain and improve our AI models and algorithms

3.2 Service Improvement

We analyze de-identified usage data to:

• Improve service performance and reliability
• Develop new features and capabilities
• Enhance AI model accuracy and safety
• Conduct research and quality improvement

3.3 Communications and Support

We use your contact information to provide customer support, send service updates, and communicate important notifications about your account or our services.

4.1 We Do Not Sell Your Data

We never sell your personal information or patient data to third parties.

4.2 Service Providers

We may share information with trusted service providers who assist us with:

• Cloud hosting and data storage
• Payment processing
• Customer support tools
• Analytics and monitoring services

All service providers are contractually bound to protect data confidentiality and comply with HIPAA requirements through Business Associate Agreements.

4.3 Legal Requirements

We may disclose information when required by law or to comply with legal process, respond to government requests, protect our rights, or prevent harm or fraud.

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Role-based access controls and multi-factor authentication
• 24/7 security monitoring and intrusion detection
• Regular security audits and penetration testing
• Automated encrypted backups with disaster recovery

In the event of a data breach affecting PHI, we will notify affected users within 72 hours and report to relevant authorities as required by law.

You are responsible for maintaining the confidentiality of your account credentials, using strong passwords, and enabling multi-factor authentication.

We retain information for as long as necessary to provide services and comply with legal obligations:

• Account Data: Duration of your subscription plus 7 years
• Patient Data: As directed by you or required by law
• Usage Logs: 90 days to 2 years for security and analytics
• Billing Records: 7 years for tax and accounting purposes

Upon account termination, we provide 30 days to export your data. After this period, we securely delete all patient data, though some account information may be retained for legal compliance.

You have the following rights regarding your information:

• Access: Request access to your personal information
• Portability: Export your data in a machine-readable format
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account or specific records
• Restriction: Object to or request restriction of certain processing activities

To exercise these rights, contact us at contact@humanaidoc.com. We will respond within 30 days.

Human AI Doc Technologies LLC acts as a Business Associate under HIPAA. We have executed Business Associate Agreements (BAAs) with our customers who are Covered Entities.

We implement all required HIPAA safeguards:

• Administrative: Privacy policies, workforce training, incident response procedures
• Physical: Secure data centers, access controls, device security
• Technical: Encryption, access logging, authentication, audit controls

As a Business Associate, we support your obligations to provide patients with access to their PHI, accounting of disclosures, and other HIPAA rights.

For users in the European Economic Area (EEA), UK, or Switzerland, we process personal data based on:

• Contract: To provide services under our agreement with you
• Legitimate Interests: To improve and secure our services
• Legal Obligation: To comply with applicable laws
• Consent: Where specifically obtained for certain activities

For account information, we are the Data Controller. For patient data, you are the Data Controller and we are the Data Processor.

EEA users have additional rights including the right to lodge a complaint with a supervisory authority, withdraw consent, and object to automated decision-making.

Human AI Doc Technologies LLC operates globally. Your information may be transferred to and processed in countries outside your jurisdiction.

For transfers from the EEA, we rely on Standard Contractual Clauses approved by the European Commission, adequacy decisions where applicable, and other approved transfer mechanisms.

Where required by law, we store data within specific geographic regions and comply with local data residency requirements.

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand usage patterns
• Performance Cookies: Monitor system performance and errors

You can control cookies through your browser settings. Note that disabling essential cookies may affect functionality. We use Google Analytics with IP anonymization and have disabled data sharing with Google.

Our services are designed for use by healthcare professionals, not children. We do not knowingly collect personal information from individuals under 18 years of age for account creation purposes.

Patient data may include information about pediatric patients, which is processed in accordance with HIPAA and applicable laws under your direction as the healthcare provider.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through prominent notice in the application at least 30 days before changes take effect.

Continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EEA users, you also have the right to lodge a complaint with your local data protection authority.