Privacy Policy

Effective Date: April 29, 2025

Case Health AI, Inc. (“Case Health AI,” “we,” “our,” or “us”) respects your privacy and is committed to protecting personal, organizational, and health-related information entrusted to us through our platform, products, and APIs. This Privacy Policy outlines how we collect, use, disclose, store, and protect information across all interactions with our systems. This Policy applies to our enterprise clients, their authorized users, and the data subjects whose information is processed through our infrastructure.

1. Scope and Acceptance

By accessing or using Case Health AI’s platform or APIs, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, do not use our services. This Privacy Policy is incorporated into our Terms of Service and any applicable Business Associate Agreement (BAA) or Master Service Agreement (MSA).

2. Types of Information Collected

A. Business and Account Information

• Organization and user names, contact details
• Payment and billing information
• API credentials and usage data
• Support communications and feedback

B. Protected Health Information (PHI)

Case Health AI acts as a Business Associate under HIPAA and may receive, process, or store PHI on behalf of covered entities. Examples include:

• Patient demographics and insurance details
• Clinical documentation, prescriptions, and prior auth forms
• Provider identifiers and communication logs

C. Technical and Usage Data

• IP address and browser/device metadata
• Server and audit logs
• Error reports and usage diagnostics

We do not sell or license any personal, clinical, or business data to third parties.

3. Legal Basis for Processing

We process data under one or more of the following legal bases:

• Performance of a contract or business associate agreement
• Compliance with applicable laws and regulations (e.g., HIPAA)
• Legitimate interests in maintaining, securing, and improving our platform
• User or client consent, where applicable

4. Use of Information

• To deliver, monitor, and enhance our software and services
• To support and train our AI agents as directed by our clients
• To comply with regulatory requirements and respond to legal inquiries
• To enforce our Terms, policies, and legal rights
• To protect the security and integrity of our systems

5. Disclosures to Third Parties

We may disclose information:

• To trusted subprocessors (e.g., hosting, analytics, security) under binding agreements and confidentiality obligations
• As required by law, subpoena, or regulatory authority
• With client authorization or at client direction
• In connection with mergers, acquisitions, or asset transfers

6. Data Security

We implement robust technical and organizational safeguards including but not limited to:

• Encryption at rest and in transit (TLS 1.2+)
• Role-based access controls (RBAC)
• Zero-trust security model with audit logging
• Regular third-party penetration testing

While we follow industry best practices, no system is fully secure. Therefore, we disclaim liability for unauthorized access unless caused by our gross negligence or willful misconduct.

7. Data Retention and Ownership

Clients retain ownership of their data. We retain processed data only as long as required to fulfill contractual obligations, comply with legal requirements, or upon written instruction from clients.

8. Limitation of Liability

To the maximum extent permitted by law, Case Health AI shall not be held liable for indirect, incidental, or consequential damages arising from use or inability to use our services, including data loss or business interruption. Clients are responsible for securing their own systems and ensuring appropriate use of our APIs and AI outputs.

9. Individual Rights and Patient Data

We do not directly interface with patients. If you are an individual seeking to access or modify your data, please contact your healthcare provider. We act solely as a processor or business associate on behalf of our clients.

10. International Data Transfers

All data is stored and processed within the United States unless otherwise contractually agreed upon with appropriate safeguards.

11. Policy Updates

We may revise this Privacy Policy periodically. Material updates will be communicated via email or platform notice. Continued use of our services after updates constitutes acceptance of the revised terms.

12. Contact Information

If you have any questions or concerns, please contact:

Case Health AI, Inc.
Email: mas@casehealth.ai