Ansur AI — Turn Patient Feedback Into Action Fast

At Ansur AI ("we," "us," or "our"), we are committed to protecting your privacy and the privacy of patient data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

This Privacy Policy applies to all users of our Service, including healthcare organizations, administrators, and patients who interact with our platform.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Name and contact information (email address, phone number)
Organization name and role
Authentication credentials (encrypted passwords)

1.2 Protected Health Information (PHI)

When processing patient surveys and interviews, we may collect and process PHI, including:

Patient identifiers (as necessary for survey delivery)
Survey responses and interview transcripts
Voice recordings (if applicable)
Clinical context provided through EHR integration

All PHI is collected, stored, and processed in strict compliance with HIPAA regulations.

1.3 Usage Data

We automatically collect information about how you use the Service:

Log data (IP addresses, browser type, access times)
Feature usage and interaction patterns
Device information
Error logs and performance metrics

1.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

Maintain your session and authentication state
Remember your preferences
Analyze Service usage and improve functionality

You can control cookie preferences through your browser settings.

2. How We Use Information

We use the information we collect to:

Provide, maintain, and improve the Service
Process and deliver patient surveys and interviews
Generate analytics and reports for healthcare organizations
Authenticate users and prevent unauthorized access
Send administrative communications and updates
Comply with legal obligations and respond to legal requests
Detect, prevent, and address security issues

3. How We Share Information

We do not sell your personal information or PHI. We may share information only in the following circumstances:

With Your Organization: We share data with authorized members of your healthcare organization who have appropriate access permissions.
With Service Providers: We may share data with trusted third-party service providers who assist in operating the Service, all of whom are bound by confidentiality agreements and HIPAA-compliant BAAs.
For Legal Compliance: We may disclose information if required by law, court order, or government regulation.
With Your Consent: We may share information with your explicit consent or at your direction.
In Case of Merger or Acquisition: Information may be transferred as part of a business transaction, subject to the same privacy protections.

4. HIPAA Compliance

As a Business Associate under HIPAA, we are committed to protecting PHI. Our HIPAA compliance measures include:

Executing Business Associate Agreements (BAAs) with all covered entities
Implementing administrative, physical, and technical safeguards
Encrypting PHI both in transit and at rest
Maintaining comprehensive audit logs
Conducting regular security assessments and training
Limiting access to PHI to authorized personnel only

For more information, please see our Security Brief and BAA Summary.

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption of data in transit (TLS 1.3) and at rest (AES-256)
Regular security audits and penetration testing
Access controls and authentication mechanisms
Secure data centers with physical security measures
Incident response and breach notification procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as necessary to:

Provide the Service to you
Comply with legal obligations
Resolve disputes and enforce agreements
Meet retention requirements specified in your BAA

When data is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable laws.

7. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information:

Access: Request access to your personal information
Correction: Request correction of inaccurate information
Deletion: Request deletion of your information (subject to legal and contractual obligations)
Portability: Request a copy of your data in a portable format
Opt-Out: Opt out of certain communications and data processing

For PHI, your rights are governed by HIPAA. Healthcare organizations using our Service are responsible for handling patient requests related to PHI in accordance with HIPAA.

8. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@ansur.ai
Address: Available upon request

For privacy-related requests regarding PHI, please contact your healthcare organization's Privacy Officer, who can coordinate with us as needed.