AI-HEART Lab Privacy Policy

Effective Date: March 24, 2026

1. Introduction

AI-HEART Lab, LLC operates the AI-HEART Lab website and mobile application. This policy explains how we handle your information.

2. Information We Collect

  • Clinical data you enter (patient demographics, lab values, medications, clinical history) — processed entirely on your device or in your browser for calculator features
  • Email address — only when you choose to send a clinical note via email
  • Audio recordings — only when you use the voice input feature (premium, mobile app only)
  • Account information — email and authentication credentials when you create an account (mobile app only)
  • Subscription status — managed through Apple App Store or Google Play Store (mobile app only)

3. How We Process Data

  • Calculator computations: 100% on-device (mobile) or in-browser (web). No clinical data leaves your device for calculator features.
  • AI features (voice transcription, text extraction, AI note generation): Clinical data is sent to our secure API servers for processing. Data is held in memory ONLY during the active request and is NEVER logged, stored, cached, or persisted to any database or file system.
  • Email delivery: Your email address and the clinical note content are transmitted to deliver the email. No copies are retained after delivery.

4. HIPAA Compliance

  • AI processing is performed via Google Cloud Vertex AI under a signed HIPAA Business Associate Agreement (BAA)
  • Email delivery is performed via Google Workspace (Gmail) under a signed HIPAA BAA
  • Firebase Authentication is used for account management (email and authentication tokens only — no PHI)
  • Our infrastructure is designed with zero data retention: no databases, no file storage, no caching of clinical data

5. Third-Party Services

  • Google Cloud (Vertex AI) — AI model inference, HIPAA BAA signed
  • Google Workspace (Gmail) — email delivery, HIPAA BAA signed
  • Firebase (Google) — user authentication
  • RevenueCat — subscription management (receives no clinical data)
  • Apple/Google — app distribution and in-app purchases
  • Vercel — website and API hosting

6. Data Retention

  • Clinical data: Not retained. Processed in-memory during active requests only.
  • Audio recordings: Deleted from your device immediately after transmission to our API. Not stored on our servers.
  • Account data: Email and authentication credentials retained while your account is active.
  • Subscription data: Managed by Apple App Store / Google Play Store per their respective policies.

7. Your Rights

  • Data deletion is automatic — clinical data is never stored, so there is nothing to delete
  • You can delete your account by contacting information@ai-heart.org
  • You can cancel your subscription at any time through the App Store or Google Play

8. Children's Privacy

This application is intended for use by licensed healthcare professionals only. We do not knowingly collect information from individuals under 18 years of age.

9. Changes to This Policy

We may update this policy from time to time. The effective date at the top indicates the most recent revision.

10. Contact Us

AI-HEART Lab, LLC

Pittsburgh, PA

information@ai-heart.org

https://ai-heart.org

See also: Terms of Service