Privacy Policy

1. Overview

Iatrosyn, a division of iDigital Enterprise ("we," "our," or "us"), is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered medical assistant platform and related services.

                    Key Points:
                    We are HIPAA, GDPR, PDPA, and LGPD compliant
We use industry-leading security measures
You have full control over your data
We never sell personal or health information

                

This policy applies to all users of our platform, including healthcare providers, patients, and website visitors. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

Contact Information: Name, email address, phone number, mailing address
Professional Information: Medical license number, specialty, practice information
Account Information: Username, password, preferences, settings
Payment Information: Billing address, payment method details (processed by third-party providers)

2.2 Protected Health Information (PHI)

As a healthcare technology provider, we may process Protected Health Information (PHI) on behalf of healthcare providers:

Clinical Data: SOAP notes, medical diagnoses, treatment plans
Voice Recordings: Doctor-patient conversations (encrypted and anonymized)
Medical Codes: ICD-10, CPT, HCPCS codes generated by our AI
EHR Integration Data: Data exchanged with Electronic Health Record systems

2.3 Technical Information

Device Information: IP address, browser type, operating system
Usage Information: Pages visited, time spent, features used
Log Data: System logs, error reports, performance metrics
Cookies: Essential cookies for functionality and security

3. How We Use Information

3.1 Service Provision

Provide AI-powered medical scribing and coding services
Generate SOAP notes and medical codes
Integrate with Electronic Health Record systems
Provide customer support and technical assistance

3.2 Legal Basis for Processing (GDPR)

Contractual Necessity: To perform our services under contract
Legitimate Interest: To improve our services and ensure security
Legal Compliance: To comply with healthcare regulations
Consent: Where explicitly provided for specific purposes

3.3 Service Improvement

Analyze usage patterns to improve AI algorithms (anonymized data only)
Enhance platform performance and user experience
Develop new features and capabilities
Ensure system security and prevent fraud

4. Information Sharing

We do not sell, trade, or rent personal information or PHI to third parties. We may share information only in the following circumstances:

4.1 Service Providers

Cloud hosting providers (AWS) under strict data processing agreements
Payment processors for billing (tokenized payment data only)
Technical support vendors under confidentiality agreements

4.2 Legal Requirements

When required by law or court order
To protect our rights, property, or safety
To prevent fraud or security threats
In connection with legal proceedings

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

Encryption: AES-256 encryption at rest, TLS 1.3 in transit
Access Control: Role-based access with multi-factor authentication
Network Security: Firewalls, intrusion detection, DDoS protection
Monitoring: 24/7 security monitoring and incident response

5.2 Administrative Safeguards

Regular security training for all employees
Background checks for personnel with data access
Incident response procedures
Regular security audits and penetration testing

5.3 Physical Safeguards

Secure data centers with biometric access controls
Environmental controls and monitoring
Secure disposal of hardware and media

6. Data Retention

We retain information only as long as necessary for the purposes outlined in this policy:

6.1 Retention Periods

PHI: As required by healthcare providers and applicable law (typically 6-7 years)
Account Information: For the duration of the account plus 3 years
Technical Logs: 12 months for security and performance analysis
Marketing Data: Until consent is withdrawn

6.2 Secure Deletion

When data reaches the end of its retention period, we securely delete it using industry-standard methods that make recovery impossible.

7. Your Rights

You have the following rights regarding your personal information:

7.1 GDPR Rights (EU Residents)

Access: Request a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your personal data
Portability: Receive your data in a structured format
Restriction: Limit how we process your data
Objection: Object to certain types of processing

7.2 HIPAA Rights (US Residents)

Access: Request access to your PHI
Amendment: Request amendments to your PHI
Accounting: Request a list of PHI disclosures
Restriction: Request restrictions on PHI use

7.3 How to Exercise Rights

To exercise any of these rights, contact us at privacy@iatrosyn.com. We will respond within the required timeframe (typically 30 days).

8. International Data Transfers

We operate globally and may transfer data across borders. We ensure adequate protection through:

Adequacy Decisions: Transfers to countries with adequate protection
Standard Contractual Clauses: EU-approved data transfer agreements
Data Localization: Regional data storage where required by law
Binding Corporate Rules: Internal data protection standards

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will:

Notify you of material changes via email or platform notification
Post the updated policy on our website with the effective date
Provide 30 days notice for significant changes
Obtain consent for changes that expand our use of PHI

10. Contact Information

Data Protection Officer

Email: privacy@iatrosyn.com

Phone: +1 504 342 9109

Address:
Iatrosyn Privacy Office
1851 Rousseau St
New Orleans, LA 70130, USA

Supervisory Authorities

If you are an EU resident, you have the right to file a complaint with your local data protection authority. You can find contact information for your authority at: https://edpb.europa.eu/about-edpb/board/members_en

Questions and Concerns

If you have any questions about this Privacy Policy or our data practices, please contact us. We are committed to addressing your concerns promptly and transparently.

Table of Contents