Privacy Policy

1. Introduction and Scope

This Privacy Policy explains how we collect, use, share, and protect information when you use HAI. It applies to all users — Physician Users and Patient Users. We comply with HIPAA, the EU General Data Protection Regulation (GDPR), and other applicable data protection laws.

3. Information We Collect

From Physician Users

Name, email, password (bcrypt-hashed), medical license number, specialty, institution affiliation, clinical inputs during diagnostic sessions, and usage patterns.

From Patient Users

Name, email, password (bcrypt-hashed), date of birth, gender, blood type, allergies, medications, medical conditions, family history, lifestyle factors, case sharing records, and profile suggestions.

Automatically

HIPAA audit logs (HTTP method, URL path, timestamp, case ID — we never log request bodies, response bodies, or query parameters), authentication events, and basic technical data (browser type, IP address).

4. How We Use Your Information

• Providing diagnostic decision support through the Virtual Doctor Panel
• Maintaining patient health profiles across sessions
• Enabling secure case sharing between patients and physicians
• Operating clinical safety and risk monitoring
• HIPAA audit compliance
• De-identified analytics only for system improvement — we never use identifiable patient data for training or research without explicit consent
• Account authentication and administration

5. Legal Basis for Processing

US (HIPAA): Treatment, Payment, and Health Care Operations; HIPAA Authorization where required; Business Associate Agreements with individual Physician Users.

EU (GDPR): Contract performance, legitimate interest, consent (withdrawable at any time), legal obligation, and explicit consent for health data under Article 9.

6. Data Sharing and Third Parties

LLM Providers

During diagnostic sessions, clinical data is sent to the configured LLM provider (Anthropic/Claude, OpenAI, Mistral, or self-hosted Ollama). Only data necessary for the active session is transmitted over encrypted channels. We select providers that contractually commit to not using API inputs for model training.

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or PHI to any third party. This is absolute and without exception.

Other Disclosures

Only in response to valid legal process, to prevent imminent harm, in connection with business transfers (subject to this policy), or to hosting/infrastructure providers under contractual data protection obligations.

7. Data Retention

• Active sessions: Duration of session plus configurable post-session period
• Closed sessions: De-identified for quality improvement, or deleted on request
• HIPAA audit logs: Minimum 6 years
• Case sharing tokens: Auto-expire (default: 72 hours)
• Accounts: Active account plus 30 days post-termination for data export

8. Data Security

• TLS 1.2+ encryption in transit, AES-256 at rest
• JWT authentication with configurable expiration
• Bcrypt password hashing — passwords never stored in plaintext
• Role-based access control (RBAC)
• HIPAA audit middleware that never logs request/response bodies
• Breach notification per HIPAA (60 days) and GDPR (72 hours)

9. Your Rights

All users: Access, correction, deletion, data portability, withdraw consent, lodge complaint.

HIPAA (US): Access to PHI, amendment, accounting of disclosures, restriction requests, confidential communications.

GDPR (EU/UK): Right to erasure, restriction, objection, data portability, and not to be subject to solely automated decision-making (HAI outputs are always reviewed by a physician).

10. International Data Transfers

HAI is hosted in the United States. For EEA/UK/Swiss users, we rely on Standard Contractual Clauses and supplementary technical measures to ensure adequate data protection for cross-border transfers.

11. Children's Privacy

HAI is not intended for users under 18. Patient Users under 18 may only use the Service with a parent or guardian who creates and manages the account.

12. AI and LLM Disclosures

HAI uses large language models for diagnostic reasoning. Clinical inputs are combined with intelligence stack outputs and sent to the configured LLM provider. The LLM generates specialist perspectives (Virtual Doctor Panel), which are parsed and validated by HAI before physician review. We do not use your identifiable data to train AI models. LLM providers are contractually required not to use API inputs for their own training. The full reasoning trace is logged and available for audit.

13. Cookies and Tracking

We use only strictly necessary cookies: session authentication and CSRF protection. We do not use third-party tracking, advertising cookies, social media widgets, or cross-site tracking.

14. Changes to This Policy

Material changes will be communicated with at least 15 days' notice via email and an updated effective date. Continued use after changes constitutes acknowledgment.

15. Contact Information

For privacy inquiries, to exercise your rights, or to submit a complaint, contact us at [Privacy Contact Email]. You may also file a complaint with the U.S. Department of Health and Human Services (Office for Civil Rights), your local EU data protection authority, or the UK Information Commissioner's Office.