Privacy Policy

1. Scope

This policy covers information we collect through the marketing site and when an organization evaluates or uses the AI Agents Marketplace. Protected Health Information (PHI) processed through deployed agents is governed by a separate Business Associate Agreement (BAA) and the terms of the customer’s order form.

2. Information we collect

• Contact information you provide. Work email, organization name, role, and any details you include when requesting a demo or contacting us.
• Account information. If your organization provisions accounts, we receive identifiers such as name, email, and role from your administrator or your single sign-on provider.
• Usage and diagnostic data. Logs of feature use, performance metrics, error reports, and audit events generated by the marketplace platform.
• Customer content. Inputs and outputs you choose to send to specific agents. Where this content includes PHI, it is processed only under a signed BAA and the customer’s configuration.

The marketing site does not use advertising cookies and does not track you across other sites. Strictly necessary functionality such as remembering your form state may use local browser storage.

3. How we use information

• To provide, secure, and improve the Services.
• To respond to demo requests and customer inquiries.
• To monitor performance, detect abuse, and meet our compliance obligations.
• To produce de-identified, aggregated statistics about Service performance.

We do not sell personal information. We do not use customer content or PHI to train foundation models or any model used to serve other customers.

4. Legal bases

Where the GDPR applies, we rely on the following legal bases: performance of a contract (delivering the Services), legitimate interests (securing and improving the Services), legal obligation (compliance), and consent (for any optional communications you opt into).

5. Sharing

We share information only with:

• Service providers (such as cloud hosting and email delivery) bound by confidentiality and data protection terms.
• Your organization’s administrators, where applicable.
• Authorities, where required by law and after appropriate review.
• An acquirer in connection with a merger, financing, or sale, subject to commitments equivalent to this policy.

6. Security

We maintain administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. This includes encryption in transit and at rest, role-based access controls, audit logging, vendor reviews, and regular security testing. No system is perfectly secure, and we cannot guarantee absolute security.

7. Data retention

We retain information for as long as needed to provide the Services and to meet legal, tax, and compliance obligations. Customer content and PHI are retained according to the customer’s order form and BAA, and are deleted on request or at the end of the applicable retention period.

8. International transfers

We may process information in the United States, the European Union, and other regions where our providers operate. Where required, we use Standard Contractual Clauses and equivalent safeguards to protect cross-border transfers.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict the processing of your personal information, and to object to certain processing. To exercise a right, write to privacy@healthinnovators.digital. We will respond within the timelines required by applicable law.

10. Children

The Services are intended for healthcare organizations and are not directed to children under 16. We do not knowingly collect personal information from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, provide additional notice.

12. Contact

Questions about this policy or our data practices? Email privacy@healthinnovators.digital or write to us via our contact form.