Privacy Policy

PolicyHealth.AI ("we," "our," or "us") operates the website at https://policyhealth.ai and provides a hospital policy management platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.

PolicyHealth.AI is a policy and procedure management platform for healthcare organizations. We manage hospital policies and operational documents — not patient data. Our platform does not store, process, or transmit Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). Nonetheless, we are deeply committed to protecting the privacy and security of the information we do collect.

Please read this Privacy Policy carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.

We collect information in a few limited ways, described below.

Information You Provide to Us: When you fill out our contact form, request a demo, or express interest in a pilot program, we collect your name, email address, organization name, role or job title, interest type (demo request, pilot interest, or general inquiry), and message content. We do not require you to create an account to browse our website, and we do not collect sensitive personal information such as Social Security numbers, financial account details, or health information through our website.

Information Collected Automatically: When you visit our website, we may automatically collect certain technical information, including your IP address (which may be anonymized), browser type and version, operating system, referring URL and pages visited, time and date of your visit, time spent on pages, and general geographic location (city/region level, not precise location). This information is collected through cookies and analytics tools as described in Section 3 of this policy.

Information We Do Not Collect: To be clear about what we do not collect through our website or marketing platform — we do not collect Protected Health Information (PHI), patient data of any kind, Social Security numbers or government-issued identification numbers, payment card or financial account information (via the website), or biometric data.

We use the information we collect for the following purposes:

- Responding to your inquiries: When you submit a contact form, we use your name, email, and message to respond to your request, schedule a demo, or answer your questions. - Communicating with you: We may send follow-up emails related to your inquiry or to provide information you have requested about our Service. We will not add you to marketing email lists without your consent. - Improving our website: We use aggregated, anonymized analytics data to understand how visitors use our website, which pages are most visited, and how we can improve the user experience. - Maintaining security: We use technical data to monitor for malicious activity, prevent abuse of our contact form, and protect the integrity of our website. - Complying with legal obligations: We may use or disclose your information as necessary to comply with applicable laws, regulations, or legal processes.

We do not use your information for automated decision-making or profiling.

Our website uses cookies — small text files stored on your device — to support basic site functionality. These include essential cookies that are necessary for the website to function properly and analytics cookies that help us understand how visitors interact with our website.

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, disabling essential cookies may affect your ability to use certain features of our website.

We may use third-party analytics services such as PostHog or Google Analytics to collect and analyze usage data. These services may collect information such as pages visited, time on site, and general device and browser information. This data is used in aggregate to improve our website and is not used to personally identify individual visitors.

We do not use advertising cookies or tracking pixels for targeted advertising. We do not participate in cross-site behavioral advertising.

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.

We may share limited information with the following categories of third parties, solely to support our operations:

Service Providers: We may use third-party tools for email delivery, form processing, analytics, and website hosting. These providers are given access only to the information necessary to perform their function, and they are contractually obligated to protect your data and not use it for other purposes.

Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request.

Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

We regularly review our third-party providers to ensure they maintain adequate privacy and security practices.

We retain the personal information you provide through our contact form for as long as necessary to fulfill the purpose for which it was collected — typically to respond to your inquiry and maintain a record of our communication.

Contact form submissions are retained for up to 24 months from the date of submission, unless you request earlier deletion or we have an ongoing business relationship that requires longer retention. Analytics data is retained in aggregate form and is automatically purged according to our analytics provider's default retention settings. Server logs containing IP addresses and access information are retained for no more than 90 days.

When personal information is no longer needed, we securely delete or anonymize it. You may request deletion of your personal information at any time by contacting us at info@policyhealth.ai.

We take the security of your information seriously and implement reasonable administrative, technical, and physical safeguards to protect it. These measures include:

- Encryption in transit: All data transmitted between your browser and our website is encrypted using TLS (Transport Layer Security). - Secure infrastructure: Our website and services are hosted on reputable platforms with industry-standard security practices. - Access controls: Access to personal information is limited to authorized personnel who need it to perform their duties. - Regular review: We periodically review our security practices and update them as needed to address new threats and vulnerabilities.

While we strive to protect your information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to handling your data responsibly and addressing any security incidents promptly.

Depending on where you are located, you may have certain rights regarding your personal information. We honor the following rights for all users, regardless of location:

- Access: You may request a copy of the personal information we hold about you. - Correction: You may request that we correct any inaccurate or incomplete personal information. - Deletion: You may request that we delete your personal information. We will comply unless we have a legitimate legal reason to retain it. - Opt-out of communications: You may opt out of any non-essential communications from us at any time by following the unsubscribe instructions in our emails or by contacting us directly.

To exercise any of these rights, please contact us at info@policyhealth.ai. We will respond to your request within 30 days.

California Residents (CCPA/CPRA): If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). You have the right to know what personal information we collect, request its deletion, and opt out of sale or sharing of your personal information. We do not sell or share your personal information as defined by the CCPA/CPRA. We will not discriminate against you for exercising any of your privacy rights. To submit a CCPA request, please email us at info@policyhealth.ai with the subject line "CCPA Request."

PolicyHealth.AI incorporates artificial intelligence features to help healthcare organizations manage their policies more efficiently. We believe in being transparent about how AI is used and how it interacts with data.

How AI is used in our platform: AI features assist with policy analysis, recommendations, and workflow automation within the platform. AI is designed to support and augment human decision-making, not replace it. All AI-generated suggestions are subject to review and approval by authorized users.

How AI interacts with data: We do not use your proprietary policy content or any customer data to train our AI models. Your data is yours. AI processing within the platform is performed solely to deliver the features and functionality of the Service to you. We do not feed customer data into general-purpose AI training datasets.

Our commitment: We will always be transparent about where and how AI is used in our product. We provide administrators with controls to manage AI-assisted features. We continuously evaluate our AI practices against emerging best practices and industry standards for responsible AI use.

Our Service is designed for use by healthcare organizations and their professional staff. It is not directed at individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at info@policyhealth.ai.

Our website may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit. A link to a third-party website does not constitute an endorsement of that site's privacy practices.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Effective Date" at the top of this policy, post the revised policy on our website, and where appropriate, provide additional notice.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us. We will make every effort to respond to your inquiry within 30 days.