AI-HEART Lab Privacy Policy

Effective Date: March 24, 2026

1. Introduction

AI-HEART Lab, LLC operates the AI-HEART Lab website and mobile application. This policy explains how we handle your information.

2. Information We Collect

  • Clinical data you enter (patient demographics, lab values, medications, clinical history) — processed entirely on your device or in your browser for calculator features
  • Email address — only when you choose to send a clinical note via email
  • Audio recordings — only when you use the voice input feature (premium, mobile app only)
  • Account information — email and authentication credentials when you create an account (mobile app only)
  • Subscription status — managed through Apple App Store or Google Play Store (mobile app only)

3. How We Process Data

  • Calculator computations: 100% on-device (mobile) or in-browser (web). No clinical data leaves your device for calculator features.
  • AI features (voice transcription, text extraction, AI note generation): Clinical data is sent to our secure API servers for processing. Data is held in memory ONLY during the active request and is NEVER logged, stored, cached, or persisted to any database or file system.
  • Email delivery: Your email address and the clinical note content are transmitted to deliver the email. No copies are retained after delivery.

4. HIPAA Compliance

  • AI processing is performed through HIPAA-compliant cloud infrastructure under a signed Business Associate Agreement (BAA)
  • Email delivery is performed through a HIPAA-compliant email service provider under a signed BAA
  • Authentication provider is used for account management (email and authentication tokens only — no PHI)
  • Our infrastructure is designed with zero data retention: no databases, no file storage, no caching of clinical data

5. Third-Party Services

  • Cloud infrastructure provider — AI processing, HIPAA BAA signed
  • Email service provider — email delivery, HIPAA BAA signed
  • Authentication provider — user accounts (no clinical data)
  • RevenueCat — subscription management (receives no clinical data)
  • Apple/Google — app distribution and in-app purchases
  • Cloud hosting provider — website and API hosting

6. ARBITER Pre-Submission Review Tool

ARBITER (AI-Based Review & Intelligent Thesis Evaluation Resource) processes author-uploaded manuscripts for AI-powered peer review. The following data practices apply specifically to ARBITER:

  • All AI processing is performed on HIPAA BAA-covered cloud infrastructure with Zero Data Retention (ZDR) enabled — no AI provider retains submitted data in API logs
  • Manuscripts are encrypted in transit (TLS 1.3) and at rest (AES-256) on SOC 2 Type II, ISO 27001 certified infrastructure
  • Uploaded manuscripts are automatically deleted from our servers after the review is delivered. No long-term manuscript storage occurs
  • Review artifacts (generated review output, not the manuscript) are retained for up to 30 days for quality assurance, then purged
  • Manuscript data is never used for AI model training by any provider
  • Account data (email, authentication credentials, submission history) is retained while your account is active

7. Data Retention

  • Clinical data: Not retained. Processed in-memory during active requests only.
  • Audio recordings: Deleted from your device immediately after transmission to our API. Not stored on our servers.
  • ARBITER manuscripts: Automatically deleted after review delivery. See Section 6 for details.
  • Account data: Email and authentication credentials retained while your account is active.
  • Subscription data: Managed by Apple App Store / Google Play Store per their respective policies.

8. Your Rights

  • Data deletion is automatic — clinical data is never stored, so there is nothing to delete
  • You can delete your account by contacting information@ai-heart.org
  • You can cancel your subscription at any time through the App Store or Google Play

9. Children's Privacy

This application is intended for use by licensed healthcare professionals only. We do not knowingly collect information from individuals under 18 years of age.

10. Changes to This Policy

We may update this policy from time to time. The effective date at the top indicates the most recent revision.

11. Contact Us

AI-HEART Lab, LLC

Pittsburgh, PA

information@ai-heart.org

https://ai-heart.org

See also: Terms of Service