Privacy Policy

ClearChartAI, Inc. ("ClearChartAI," "we," "us," or "our") is committed to protecting your privacy and safeguarding your personal and health information.

This Privacy Policy explains how we collect, use, store, disclose, and protect information when you access or use the ClearChartAI platform and AI health assistant ("Clari") (collectively, the "Service").

1. Scope

This Privacy Policy applies to information processed by ClearChartAI through the Service. Certain functions of the Service rely on third-party service providers such as identity verification vendors, cloud infrastructure providers, and health information networks. These providers process information only to perform services on behalf of ClearChartAI and are contractually required to protect that information. Their own privacy policies may also apply.

When retrieving medical records from healthcare providers or health information networks, ClearChartAI relies on information supplied by those providers. ClearChartAI does not control and cannot guarantee the accuracy, completeness, or timeliness of records provided by third parties.

ClearChartAI processes health information only with the authorization of the individual whose records are being retrieved.

If you use our Individual Access Services to retrieve medical records through the Trusted Exchange Framework and Common Agreement (TEFCA), additional terms apply. Please review our IAS Privacy & Security Notice.

2. Information We Collect

A. Identifiers

• Name
• Email address
• Phone number
• Account credentials
• IP address

B. Health Information (User-Authorized)

At your direction and with your authorization, we may collect and process medical records from healthcare providers, including:

• Laboratory results
• Medication lists
• Diagnoses
• Vital signs
• Imaging reports
• Provider notes
• Treatment targets

This information may constitute Protected Health Information (PHI).

C. Identity Verification Information

To verify your identity and retrieve medical records, ClearChartAI uses a Credential Service Provider (CSP) to perform identity verification. During this process, the CSP may temporarily process information such as:

• Government-issued identification (e.g., driver's license or passport)
• Identity verification data
• Biometric comparison data (such as selfie-to-ID verification)
• Social Security number (only when required for identity assurance)

This information is used solely to confirm your identity and prevent unauthorized access to medical records. The CSP performs the verification process and returns only a verification result or status to ClearChartAI.

ClearChartAI does not receive or store copies of government-issued identification documents, biometric data, or Social Security numbers used during verification unless required for compliance or audit purposes.

Important: Identity verification data is not used for advertising, profiling, or training public artificial intelligence models.

D. AI Interaction Data

We may collect and log:

• Questions submitted to Clari
• Health-related inputs
• AI-generated responses
• Risk categorizations
• Escalation triggers
• Timestamps and system metadata

This supports system safety, compliance, fraud prevention, and performance improvement.

E. Device and Usage Data

• Device type
• Browser type
• Operating system
• Usage analytics

3. How We Use Information

We use information to:

• Verify identity
• Retrieve medical records at your request
• Organize longitudinal health data
• Generate AI-powered educational insights
• Identify potential medication interactions
• Detect patterns within health data
• Surface items for provider discussion
• Detect potential emergency risk signals
• Share health information with family members or caregivers you designate
• Provide voice health assistant services
• Send verification codes via SMS or email for account authentication
• Process and respond to support requests
• Enable data export functionality
• Support API integrations
• Maintain audit logs
• Improve system safety and reliability
• Provide customer support
• Comply with legal obligations

We do not sell personal information. We do not use identifiable health data, SSN, biometric data, or identity documents to train public AI models. We may use de-identified or aggregated information to improve system performance in accordance with applicable law.

4. Artificial Intelligence Processing

The Service uses Google Gemini, a family of large language models provided by Google Cloud, to analyze authorized health data and generate informational insights. Your health data is sent to Google Gemini for processing under our Business Associate Agreement with Google Cloud.

The Service does not provide medical advice, diagnosis, or treatment recommendations. AI-generated information is intended to help individuals better understand their health records and should not replace consultation with licensed healthcare professionals.

AI-generated outputs:

• Are produced algorithmically by Google Gemini
• Are not reviewed by licensed healthcare professionals
• May contain inaccuracies
• Are intended for educational purposes only

Google does not use your health data submitted through ClearChartAI to train or improve its general AI models. Processing is governed by Google Cloud's HIPAA-compliant terms and our BAA.

When using the voice health assistant, audio is processed in real time and is not recorded or stored. Voice sessions are subject to daily usage limits.

5. Sharing of Information

We do not sell personal information.

We may share information with:

A. Service Providers (Sub-Processors)

We share information with the following service providers, each bound by contractual obligations to safeguard your data:

B. Healthcare Providers

When transmitting record requests at your direction through the CommonWell Health Alliance network or direct provider connections.

C. Legal and Regulatory Authorities

When required by law.

6. Data Storage and Security

Your data is stored on Google Cloud Platform infrastructure located in the United States. We implement administrative, technical, and physical safeguards designed to protect sensitive information, including:

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Role-based access controls
• Multi-factor authentication (TOTP-based)
• HIPAA-compliant audit logging with 6-year retention
• Restricted access to identity documents
• Continuous security monitoring
• User-scoped data isolation (each user can only access their own data)

No system can guarantee absolute security.

7. Data Retention

We retain information:

• While your account remains active;
• As necessary to provide the Service;
• As required for compliance, fraud prevention, audit, or legal obligations.

Identity verification documents and biometric data are retained only as long as necessary for verification and compliance purposes.

8. Account Deletion and Data Export

You may request deletion of your account at any time.

Before deletion, you may export your health records and AI-generated summaries.

Upon verified deletion:

• Personal and health data will be removed from active systems;
• Identity verification documents will be deleted where permissible;
• Access to your account will be permanently disabled.

Upon confirmation, your account enters a 7-day grace period during which you may cancel the request. If you need immediate deletion, you may contact our support team at team@clearchartai.io.

Certain limited information may remain in encrypted backups, audit logs, or as required by law. If you provide a reason for closing your account, it may be used to improve our services.

Exported data is available for download for a limited time. Support request history is retained for service quality and compliance purposes.

9. Your Privacy Rights (All 50 States)

Depending on your state of residence, you may have rights to:

• Access personal information we collect about you;
• Correct inaccurate personal information;
• Request deletion of personal information;
• Receive a portable copy of your data;
• Opt out of the sale of personal information (we do not sell personal information);
• Opt out of automated decision-making or profiling;
• Withdraw consent where processing is based on consent;
• File a complaint with applicable regulatory authorities.

HIPAA: ClearChartAI is not a covered entity under HIPAA. In certain contexts, ClearChartAI may operate as a Business Associate under agreements with healthcare organizations. As applicable, you have rights under HIPAA including the right to access your health information, request amendments, and receive an accounting of disclosures.

ClearChartAI does not sell or share personal information for cross-context behavioral advertising.

To exercise any of these rights, please contact us at team@clearchartai.io. We will respond to your request within the timeframe required by applicable law. We may need to verify your identity before processing your request.

10. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from children. Parents or legal guardians may use our Service to manage health records on behalf of minors under their care.

11. Cookies and Tracking

We use essential cookies for authentication and security purposes only. We do not use advertising cookies or third-party tracking. Your session information is managed securely through our authentication infrastructure.

12. Changes to This Policy

We may update this Privacy Policy periodically. If material changes occur, we will notify users by email or through a notice on our Service. Your continued use after changes take effect constitutes acceptance of the updated policy.

13. Contact Information

If you have questions about this Privacy Policy, want to exercise your rights, or have concerns about how we handle your information, please contact us:

If you believe your privacy rights have been violated, you also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.