Privacy Policy

Rohimaya Health AI ("we," "our," or "us") is committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products, including EclipseLink AI and Phoenix & Peacock Honors™ (collectively, "Services").

1. Information We Collect

1.1 Healthcare Information

EclipseLink AI processes clinical handoff data, including:

• Patient identifiers and demographics
• Medical history and diagnoses
• Medications and treatment plans
• Vital signs and laboratory results
• Voice recordings and transcriptions (temporarily, for SBAR generation)
• Clinical assessments and recommendations

1.2 User Account Information

• Name, email address, and job title
• Healthcare facility and department affiliation
• Professional credentials and license numbers
• Login credentials and authentication data

1.3 Usage Data

• Device information and IP addresses
• Browser type and operating system
• Access times and pages viewed
• Feature usage patterns and interactions

1.4 Recognition Data (Phoenix & Peacock Honors™)

• Performance metrics and achievements
• Peer nominations and feedback
• Safety milestone records
• Leaderboard participation (with user consent)

2. How We Use Your Information

We use collected information to:

• Provide and improve our Services
• Generate SBAR reports and clinical handoff documentation
• Deliver predictive alerts for patient deterioration
• Facilitate recognition programs and gamification features
• Ensure system security and prevent fraud
• Comply with legal and regulatory obligations
• Conduct research and analytics to enhance product features
• Communicate with you about service updates and support

3. HIPAA Compliance

Rohimaya Health AI is a HIPAA-covered Business Associate.

• We execute Business Associate Agreements (BAAs) with all covered entities and healthcare organizations using our Services
• All Protected Health Information (PHI) is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access to PHI is restricted to authorized personnel on a need-to-know basis
• We maintain comprehensive audit trails of all PHI access and modifications
• Regular risk assessments and security audits are conducted
• Staff undergo annual HIPAA training and background checks

4. Data Security Measures

We implement industry-standard security measures:

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication (MFA) for user accounts
• Role-based access controls (RBAC)
• Regular security penetration testing
• SOC 2 Type II certification (in progress)
• Automated backup and disaster recovery systems
• 24/7 security monitoring and incident response

5. Data Sharing and Disclosure

We do not sell your personal or health information. We may share data only in the following circumstances:

• With Your Healthcare Organization: To facilitate clinical workflows and care coordination
• Service Providers: Third-party vendors who assist in service delivery (under strict confidentiality agreements)
• Legal Compliance: When required by law, court order, or government request
• Emergency Situations: To protect health and safety in urgent circumstances
• De-identified Data: Aggregated, anonymized data for research and analytics (cannot be traced back to individuals)

6. Data Retention

• Clinical Data: Retained per healthcare organization's record retention policies and applicable laws (typically 6-10 years)
• Voice Recordings: Deleted within 24 hours after SBAR generation is complete
• User Accounts: Deleted within 90 days of account deactivation request
• Audit Logs: Retained for 7 years for compliance purposes

7. Your Rights

You have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Receive your data in a machine-readable format
• Opt-Out: Decline participation in recognition programs or public leaderboards
• Restrict Processing: Limit how we use your data

To exercise these rights, contact us at [email protected]

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain user sessions and authentication
• Remember user preferences
• Analyze usage patterns and improve Services
• Prevent fraud and enhance security

You can control cookie preferences through your browser settings. Disabling cookies may limit certain features.

9. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect information from minors. If we discover we have collected data from a minor, we will delete it promptly.

10. International Data Transfers

Your information may be processed in the United States or other countries where we or our service providers operate. We ensure adequate protections through standard contractual clauses and compliance with applicable data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent notice in the Services. Your continued use after changes indicates acceptance of the updated policy.

12. Contact Us

For privacy-related questions or concerns: