Welcome to HealthFirstAI. Your privacy is important to us. This Privacy Policy outlines how we collect, use, and protect your information when you use our services.
1. Information We Collect
We collect the following types of information:
Personal Information: Name, email address, and other details you provide when signing up.
Health Data: Medical reports, voice notes, and related information uploaded for AI analysis and documentation.
Usage Data: Information about how you interact with our platform, including log files and cookies.
2. How We Use Your Information
We use your information to:
Provide AI-driven health insights and generate clinical documents based on uploaded reports and voice notes.
Improve and personalize user experience.
Ensure compliance with legal and security requirements.
Communicate updates, notifications, and service-related messages.
Ensure platform security and prevent unauthorized access.
Provide customer support and technical assistance.
Comply with legal and regulatory requirements.
3. Data Storage & Security
Health data and documents are securely stored in encrypted cloud storage managed via Supabase.
User authentication and access are managed through secure, role-based access controls.
We employ encryption and strict access controls to protect your data, including compliance with Indian healthcare regulations.
4. Data Security
Encryption: All data is encrypted in transit and at rest using AES-256 encryption.
Access Controls: Role-based access with multi-factor authentication.
Regular Audits: Security assessments and penetration testing.
HIPAA Compliance: Full compliance with healthcare data protection regulations.
Data Minimization: We only collect data necessary for service provision.
5. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share data only in these circumstances:
With your explicit consent.
To comply with legal obligations or court orders.
With trusted service providers under strict confidentiality agreements.
In case of medical emergencies where patient safety is at risk.
6. Data Retention
We retain data for as long as necessary to provide services and comply with legal requirements:
Clinical Data: Retained according to medical record retention laws (typically 7-10 years).
Account Data: Retained while account is active plus 3 years.
Usage Data: Aggregated data may be retained indefinitely for service improvement.
7. Your Rights
You have the right to:
Access your personal data.
Correct inaccurate information.
Request data deletion (subject to legal retention requirements).
Data portability.
Withdraw consent where applicable.
8. Changes to This Policy
We may update this Privacy Policy periodically. Significant changes will be communicated via email or platform notifications at least 30 days before taking effect.
9. Contact Us
For privacy-related questions or to exercise your rights, contact us at: