SophiaHealth.ai, (“SophiaHealth.ai,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data, including protected health information (PHI) as required by the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy will inform you how we handle and look after your personal information, including PHI, when you use our AI-based system and will tell you about your privacy rights and how the law protects you.

This Privacy Policy sets out how we collect, use, process, store, and disclose your personal information on https://www.sophiahealth.ai/ and any associated subdomains (the “Website”) and the transcription and documentation software including our mobile applications or audio capture program integrations (collectively, the “Services”).

By accessing and using our Services, you freely and expressly consent to the collection, use, processing, storage, and disclosure of your personal information as set out in this Privacy Policy and our Terms of Service.

1. Personal and Protected Health Information We Collect

Information You Provide Directly to Us:

• Account Creation: When you register to use our Services (“Customer(s)”), we collect contact details such as your name, email address, phone number, and professional information such as company and title. ‍
• Inquiries and Correspondence: We may collect information from your inquiries into our services, or how you otherwise indicate you may be interested in our services, which may include signing up for email communications or providing us with your name, work email, phone number, company name, position title, website, social media links, and time zone. ‍
• Payment Information: We may collect data necessary to process your subscription, such as your credit card number or other financial instrument used to make a payment.

Information We Automatically Collect Through Our Website:

• Metadata and Analytics: We may collect Metadata and analytics of your use of our Services, including IP address, device information, date/time of visits, new or returning visits, products viewed, page response times, URL clickstreams, how long you stay on our pages, and what you do on those pages.

Information from Third Parties:

• Demographic or Other Third Party Information: We may collect information from third-party data brokers, including firmographic and demographic information about our current or prospective customers. This may include attempts to identify business visitors to our websites. ‍
• Social Media Activity: When you interact with our accounts on a social media platform such as LinkedIn, we may collect certain information that you or the platform makes available to us such as your social media account profile, social media ‘likes’, click-throughs to our Website, or custom interactions.

Information Processed Through Our Services, Including PHI:

• Data that you submit or authorize us to collect on your behalf from Electronic Health Record systems pertaining to your patients or customers, including contact or other information deemed to be ‘PHI’. ‍
• Transcriptions of conversations. ‍
• Generated notes from customer or patient sessions, such as ‘Subjective, Objective, Assessment, and Plan’ (“SOAP”) notes, summarizations of conversations and any associated documentation. ‍
• Referral letters from doctors or other medical professionals, clinical assessments, patient historical reports, or related information associated with electronic health records. ‍
• Information on how our users use our product and services to improve it, including all metadata associated with the software.

Upon request, we may ask you to uniquely record a session to test our transcription technology. If so, we will individually contact you to request permission. We will request that you seek approval from your customer or patient for this purpose.

Our Website and Services are designed for business professionals. We do not intentionally collect any personal information directly from minors under the age of 16. If you believe we have obtained personal information associated with children registering accounts with us, please contact us at privacy@sophiahealth.ai and we will delete it. For any patient-specific information, please contact the provider using our Services.

2. How We Use Your Personal and Protected Health Information

We use the personal information we collect to administer our Services for the following purposes:

• To process your subscription payments securely and efficiently.
• To administer our Services, including facilitating account creation and managing user accounts as well as providing our software or services.
• To operate our Services, including:
• Providing you with AI-assisted documentation and note services, including note types such as SOAP.
• Assisting with referral letters to other medical professionals.
• Storing any records or documents needed to operate your account.
• To improve the functionality and accuracy of our systems.
• To identify usage trends and otherwise measure all activities on the Services.
• For customer support, including via email.
• To communicate with you, including via our newsletter or to request feedback such as through surveys.
• To protect our Services and keep our Services safe and secure, including fraud monitoring and prevention.
• For other business and legal purposes, such as to collect amounts owing to us, and to maintain business records.
• With your consent, and/or express written consent under HIPAA for use of PHI.

3. How We Disclose Your Personal Information

We may disclose your information with our corporate affiliates, as well as vendors or service providers who:

• Help us communicate with you, including our use of email service providers.
• Manage and optimize our Website and Services (see ‘Cookies and other Tracking Technologies’ below).
• Provide cloud hosting.
• Help us provide customer support.
• With your consent, and/or express written consent under HIPAA for use of PHI.

In addition to the above, we may disclose your information for the following purposes:

• Legal and Compliance Purposes: We may share information with external parties when complying with legal process (e.g., subpoenas), to protect our intellectual property and other legal rights, to prevent fraud or imminent harm, and secure the use of our Services. We reserve the right to disclose information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a law enforcement order, such as a search warrant, judicial proceeding, or court order. We may also retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms of Service. ‍
• Business Transactions: In the event that SophiaHealth.ai goes through a business transaction, such as a merger, acquisition by another company, or sale of all or a portion of its assets, bankruptcy, or other corporate change, including, without limitation, during the course of any due diligence process, customer information, including Personal Information and Protected Health Information, will likely be among the assets shared and transferred. We will endeavor to notify any customers via email and/or a prominent notice on the Services of any completed change in ownership or materially different uses of personal information. This Privacy Policy will become binding upon the new owner of the information until amended.

4. Use and Disclosure of De-Identified Information

'De-identified' information is defined as information that has undergone a process of removing all personal identifiers that can reasonably identify specific individuals so that there is no reasonable likelihood of re-identification occurring. In the context of PHI, the de-identification process removes the 18 federally defined ‘HIPAA identifiers’ from healthcare data, making it impossible or highly unlikely to link the data back to a specific individual.

We may de-identify any collected personal or protected health information and use it for the following purposes:

• To conduct analysis on how our website, platform, and other services are being used to help us improve our services and provide benefits back to our users.
• To train our AI models to improve the efficiency and effectiveness of our software and services.

We may disclose de-identified personal or protected health information with select business partners for the following purposes:

• To develop or improve AI models, under strict confidentiality agreements for use of such de-identified information.
• For market research purposes when the de-identified information is used in the aggregate.

5. Your Privacy Choices

SophiaHealth.ai provides you with the ability to exercise the following choices with our use of your personal information:

• Access the personal information we maintain about you.
• Delete the personal information we maintain about you.
• Correct inaccurate personal information we maintain about you.
• Opt out of certain uses of your personal information, notably, you can unsubscribe to our email list by clicking the unsubscribe link at the bottom of marketing emails.

You can exercise these rights by contacting us at privacy@sophiahealth.ai.

You may review or change the information in your account or terminate your account at any time through the settings in your online account profile. Alternatively, you can contact us using the contact information provided. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements.

If you are a current or former customer, patient, or employee of one of our customers, and you would like to fulfill your rights to the personal information we maintain about you on behalf of our customer, including any information collected through our software or services, please contact a representative of that customer rather than email us with your request. We cannot provide personal information about a specific individual on behalf of a customer without their express written instructions.

6. Use of Cookies and Tracking Technologies

We may use cookies and similar tracking technologies like web beacons and pixels (“cookies”) to access or store information for functional and analytics purposes. We do not knowingly use cookies or web beacons to collect or use customer PHI for cross-contextual behavioral or targeted advertising purposes.

Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that because this opt-out is specific to the device or browser on which it is exercised, you will need to opt out on every browser and device that you use.

7. U.S. State-Specific Disclosure

Some U.S. states have enacted comprehensive privacy laws related to the ‘sale’ or ‘sharing’ of personal information for cross-contextual behavioral or targeted advertising purposes. SophiaHealth.ai discloses these third-party advertising services above, which may be deemed a ‘sale’ or ‘sharing’ of personal information with privacy choices enabled for you to opt out.

SophiaHealth.ai is deemed to be a ‘processor’ or ‘service provider’ when processing protected health information on behalf of our customers. As a result, we do not provide data privacy rights related to personal information that may be deemed ‘sensitive’ under state privacy laws. In order to exercise your rights related to SophiaHealth.ai’s use of PHI, please contact our customer directly.

8. Security

We have implemented appropriate security measures to prevent your personal data, including PHI, from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal data and PHI only to our internal staff, employees, and other third parties who have a business need to know. They will only process your personal data and PHI on our instructions, and they are subject to a duty of confidentiality.

9. Retention

We enable our customers to set specific retention schedules for any uploaded information using our software, which will modify the length of time SophiaHealth.ai stores personal and/or protected health information. If you choose the ‘Retain When Saved” feature, it will remove documentation including PHI from our systems within fourteen (14) days. However, we will retain your customer information for as long as your account or inquiry is active or as needed to provide you with the website or any requested services, and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your personal information, we may continue to retain and use de-identified, aggregate, or anonymous data previously collected and/or anonymize or aggregate your personal information.

10. Third-Party Links

Our Services may contain links to other websites or services. We do not exercise control over the information you provide, or is collected by these third-party websites. We encourage you to read the privacy policies or statements of the other websites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will communicate directly with you via email and/or post the updated Privacy Policy on this page with a “Last Updated” effective date of the revisions. We encourage you to look for updates and changes to this Privacy Policy by checking this page when you access our Services.

12. Contact Information

If you have any privacy-related questions, you can contact us at privacy@sophiahealth.ai

‍