Legal

Privacy Policy

HumanAI:Doc Legal TeamLast updated: January 15, 2026

At HumanAI:Doc, we are committed to protecting the privacy and security of your information and the patient data you process through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Services.

1. Introduction

HumanAI:Doc Inc. ("HumanAI:Doc," "we," "us," or "our") operates a clinical documentation and reasoning support platform. This Privacy Policy applies to healthcare professionals and organizations that use our Services.

1.1 Scope

This policy covers:

  • Personal information of healthcare professionals who use our platform
  • Protected Health Information (PHI) processed through our Services
  • Technical information collected during use of our platform

1.2 Our Commitment

We are committed to compliance with applicable privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and other relevant data protection regulations.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and professional credentials
  • Email address and phone number
  • Professional license information
  • Practice or institution details
  • Billing and payment information

2.2 Patient Data

Through your use of our clinical documentation features, we process:

  • Patient demographics and identifiers
  • Medical history and clinical notes
  • Diagnostic information and treatment plans
  • Any other Protected Health Information (PHI) you input into the system

Important: We act as a Business Associate under HIPAA and process PHI solely to provide Services to you as the Covered Entity.

2.3 Usage Information

We automatically collect:

  • Device information (type, operating system, browser)
  • IP addresses and location data
  • Usage patterns and feature interactions
  • Log files and error reports
  • Performance metrics and analytics data

2.4 Communications

We collect information when you:

  • Contact our support team
  • Participate in surveys or feedback requests
  • Subscribe to newsletters or updates

3. How We Use Information

3.1 To Provide Services

We use your information to:

  • Deliver clinical documentation and reasoning support
  • Generate AI-assisted clinical notes and summaries
  • Provide differential diagnosis suggestions
  • Enable medical information retrieval
  • Maintain and improve our AI models and algorithms

3.2 Account Management

We use your information to create and manage your account, process payments, provide support, and send service updates.

3.3 Improvement and Analytics

We analyze de-identified usage data to improve service performance, develop new features, enhance AI model accuracy, and conduct research.

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We never sell your personal information or patient data to third parties.

4.2 Service Providers

We may share information with trusted service providers who assist us with cloud hosting, payment processing, customer support, and analytics. All service providers are contractually bound to protect data confidentiality and comply with HIPAA through Business Associate Agreements.

4.3 Legal Requirements

We may disclose information when required by law or to comply with legal process, respond to government requests, protect against legal liability, or prevent harm.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures, including:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access and multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Auditing: Regular security audits and penetration testing
  • Backup: Automated encrypted backups with disaster recovery

5.2 Data Breach Response

In the event of a data breach affecting PHI, we will notify affected users within 72 hours, report to relevant authorities, take immediate steps to contain the breach, and provide support to affected parties.

6. Data Retention

6.1 Retention Periods

  • Account Data: Duration of subscription plus 7 years
  • Patient Data: As directed by you or required by law
  • Usage Logs: 90 days to 2 years
  • Billing Records: 7 years

6.2 Data Deletion

Upon account termination, we provide 30 days to export data. After 30 days, we securely delete all patient data. Account information may be retained for legal compliance.

7. Your Rights

You have the right to:

  • Access and receive copies of your data
  • Correct inaccurate information
  • Request deletion of your account and data
  • Object to certain processing activities
  • Export your data in machine-readable format

To exercise these rights, contact us at privacy@humanaidoc.com. We will respond within 30 days.

8. HIPAA Compliance

8.1 Business Associate Status

HumanAI:Doc acts as a Business Associate under HIPAA. We execute Business Associate Agreements (BAAs) with our customers who are Covered Entities.

8.2 PHI Protection

We implement all required HIPAA safeguards:

  • Administrative: Privacy policies, workforce training, incident response
  • Physical: Secure data centers, access controls, device security
  • Technical: Encryption, access logging, authentication, audit controls

9. GDPR Compliance

9.1 Legal Basis for Processing

For users in the EEA, UK, or Switzerland, we process data based on:

  • Contract: To provide Services under our agreement
  • Legitimate Interests: To improve and secure our Services
  • Legal Obligation: To comply with applicable laws
  • Consent: For certain activities

9.2 Data Controller and Processor

For account information, we are the Data Controller. For patient data, you are the Data Controller and we are the Data Processor.

10. International Data Transfers

HumanAI:Doc operates globally. Your information may be transferred to and processed in countries outside your jurisdiction. For transfers from the EEA, we rely on Standard Contractual Clauses approved by the European Commission.

11. Cookies and Tracking Technologies

We use essential cookies for authentication, functional cookies for preferences, analytics cookies for usage patterns, and performance cookies for monitoring. You can control cookies through your browser settings.

12. Children's Privacy

HumanAI:Doc is designed for use by healthcare professionals. We do not knowingly collect personal information from individuals under 18 years of age for account creation. Patient data may include information about pediatric patients, which is processed in accordance with HIPAA.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email, prominent notice in the application, and updating the "Last updated" date. Continued use after changes constitutes acceptance.

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Privacy Office

  • Email: privacy@humanaidoc.com
  • Data Protection Officer: dpo@humanaidoc.com
  • HIPAA Privacy Officer: hipaa@humanaidoc.com
  • Mail: HumanAI:Doc Inc., Ghana & Delaware, United States

For EEA users, you also have the right to lodge a complaint with your local data protection authority.

This Privacy Policy was last updated on January 15, 2026. We encourage you to review this policy periodically to stay informed about how we protect your information.