Privacy Policy

1. Information We Collect

1.1 Personal Information

We may collect personally identifiable information that you voluntarily provide to us when you register for the Service, express interest in obtaining information about us or our products, or otherwise contact us. This includes:

• Name, email address, phone number, and business address
• Job title, employer/organization name, and professional credentials
• National Provider Identifier (NPI) and other professional identifiers
• Billing information and account credentials
• Any other information you choose to provide

1.2 Protected Health Information (PHI)

In the course of providing our Service, we may access, receive, maintain, or transmit Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI processed through our platform may include:

• Patient demographic information
• Medical records, diagnoses, and treatment information
• Health insurance and claims data
• Benefits eligibility and coverage information
• Electronic remittance advice (ERA) data
• Medical necessity documentation
• Provider and facility information associated with patient care

PHI is handled in strict compliance with HIPAA and applicable state and federal regulations. Our HIPAA Notice of Privacy Practices provides additional detail on how we handle PHI.

1.3 Automatically Collected Information

When you access the Service, we may automatically collect certain information, including:

• Device and browser information (type, version, operating system)
• IP address and general geographic location
• Pages visited, time spent, click patterns, and referral URLs
• Log data and usage statistics
• Cookies and similar tracking technologies (see our Cookie Policy)

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve the Service, including claim denial prevention, revenue cycle management, benefits eligibility verification, coverage discovery, claim status tracking, and ERA management
• To process transactions and send related information, including billing confirmations and invoices
• To create and manage your account and authenticate your identity
• To communicate with you regarding updates, security alerts, and support messages
• To comply with legal obligations, including HIPAA, and respond to lawful requests from public authorities
• To detect, prevent, and address technical issues, fraud, or security breaches
• To conduct analytics and research to improve our Service and develop new features
• To enforce our Terms of Service and other agreements

3. HIPAA Compliance

As a HIPAA-covered entity, AidiN Health maintains comprehensive policies and procedures to protect the privacy and security of PHI in accordance with the HIPAA Privacy Rule (45 CFR Part 164, Subpart E), the HIPAA Security Rule (45 CFR Part 164, Subpart C), and the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D).

Our HIPAA compliance program includes:

• Administrative, physical, and technical safeguards to protect PHI
• Workforce training on HIPAA privacy and security requirements
• Business Associate Agreements (BAAs) with all third parties that access PHI
• Regular risk assessments and security audits
• Incident response and breach notification procedures
• A designated Privacy Officer and Security Officer

For details about your rights concerning your PHI, please refer to our HIPAA Notice of Privacy Practices.

4. Disclosure of Your Information

4.1 Service Providers and Business Associates

We may share information with third-party vendors, consultants, and service providers who perform services on our behalf. Any third party that accesses PHI on our behalf will be required to sign a Business Associate Agreement (BAA) and comply with HIPAA requirements.

4.2 Legal Requirements

We may disclose your information where required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency request).

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may disclose your information for any other purpose with your explicit consent.

4.5 De-Identified Data

We may use and disclose de-identified data (data from which all HIPAA identifiers have been removed in compliance with 45 CFR 164.514) for any purpose, including research, analytics, and product improvement.

5. Data Security

We implement industry-standard administrative, technical, and physical safeguards designed to protect personal information and PHI from unauthorized access, use, alteration, and destruction. These measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls and multi-factor authentication
• Regular vulnerability assessments and penetration testing
• Audit logging and monitoring of system access
• Secure data centers with physical access controls
• Employee background checks and ongoing security awareness training

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining appropriate safeguards.

6. Data Retention

We retain personal information and PHI for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with our legal and regulatory obligations (including HIPAA record retention requirements), resolve disputes, and enforce our agreements. When information is no longer needed, we will securely delete or de-identify it in accordance with our data retention policies and applicable law.

7. Your Rights and Choices

7.1 General Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to certain exceptions
• Data Portability: Request a copy of your data in a structured, machine-readable format
• Opt-Out: Opt out of certain data processing activities, including marketing communications
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time

7.2 HIPAA Rights

If you are an individual whose PHI is processed through our Service, you have additional rights under HIPAA, including the right to access, amend, and request an accounting of disclosures of your PHI. These rights are described in detail in our HIPAA Notice of Privacy Practices.

7.3 California Residents (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how we use it, the right to delete personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising your privacy rights. Note that HIPAA-regulated data may be exempt from certain CCPA/CPRA requirements.

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@aidin.health. We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing your request.

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@aidin.health.

9. International Data Transfers

Our Service is operated in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.

10. Third-Party Links

The Service may contain links to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on our website and updating the "Effective Date" above. For material changes affecting how we handle PHI, we will provide notice as required by HIPAA. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us