Effective Date: August 1, 2025
Privacy Policy
This Privacy Policy explains how ChartBriefs ("ChartBriefs," "we," "us," or "our") collects, uses, discloses, stores, and protects personal information and data in connection with the ChartBriefs platform, software, applications, APIs, and related services (collectively, the "Services"). This Privacy Policy is incorporated by reference into the ChartBriefs Terms of Service.
Table of Contents
- Purpose and Scope
- Information We Collect
- How We Use Information
- Artificial Intelligence and Automated Processing
- Data Sharing and Disclosure
- HIPAA and Protected Health Information
- Data Retention and Deletion
- Security Safeguards
- User Responsibilities
- Cross-Border Data Transfers
- Privacy Rights
- Children’s Privacy
- Changes to This Privacy Policy
- Contact Information
1. Purpose and Scope
This Privacy Policy describes ChartBriefs’ data practices and privacy posture. It applies to all Users of the Services, including individual users, enterprise users, and authorized users acting on behalf of an organization.
This Privacy Policy addresses how data is handled. The Terms of Service govern how the Services may be used and allocate legal responsibility.
2. Information We Collect
2.1 Account and Contact Information
- Name, email address, organization name, role or title
- Account credentials and authentication information
- Billing and payment-related information processed via third-party payment processors
2.2 Uploaded Content and User Data
We collect and process Content that Users upload to the Services, which may include medical records, legal records, images, PDFs, and related metadata. Such Content may contain personal data and, where applicable, Protected Health Information (PHI).
2.3 Usage and Technical Information
- Log data such as IP address, browser type, device type, and timestamps
- Usage metrics related to file processing and feature utilization
- Security and audit logs for access control and compliance purposes
2.4 Communications
We may collect information provided through communications with ChartBriefs, including support requests and feedback.
3. How We Use Information
ChartBriefs uses information solely for legitimate business and operational purposes, including to:
- Provide, operate, and maintain the Services
- Process and transform uploaded Content at the User’s direction
- Authenticate users and manage accounts
- Bill for Services and manage payments
- Provide customer support and respond to inquiries
- Improve platform reliability, performance, and security
- Comply with legal and regulatory obligations
ChartBriefs does not use User Content to provide medical advice or legal advice.
4. Artificial Intelligence and Automated Processing
Certain features of the Services use automated and artificial intelligence-based processes to analyze, organize, summarize, or extract information from User Content.
- All AI processing is performed at the User’s direction.
- User Content is not used to train generalized artificial intelligence or machine learning models.
- AI-generated outputs may be inaccurate or incomplete and must be independently reviewed by Users.
5. Data Sharing and Disclosure
ChartBriefs does not sell personal information.
We may share information only in the following circumstances:
- With service providers and subprocessors who support the Services, subject to contractual confidentiality and security obligations
- As required by law, regulation, subpoena, or court order
- To protect the rights, security, or integrity of ChartBriefs, Users, or the public
- With an Enterprise Account administrator regarding account usage and access
6. HIPAA and Protected Health Information
Where applicable, ChartBriefs acts as a Business Associate under HIPAA and processes PHI pursuant to a Business Associate Agreement (BAA).
ChartBriefs processes PHI solely to provide the Services and does not use PHI for marketing or advertising.
Users are responsible for ensuring that they have legal authority to upload PHI and that their use of the Services complies with HIPAA and other applicable laws.
7. Data Retention and Deletion
ChartBriefs retains User Content for up to three (3) years from the date of upload, unless otherwise agreed in writing.
- Users may delete Content at any time prior to expiration.
- Deleted Content is permanently removed and cannot be restored.
- ChartBriefs does not maintain backups for the purpose of restoring deleted Content.
- If access to deleted Content is later required, the Content must be re-uploaded, reprocessed, and paid for again.
8. Security Safeguards
- Secure cloud infrastructure operated under an Amazon Web Services Business Associate Agreement
- Access controls and authentication mechanisms
- Encryption in transit and at rest where appropriate
- Monitoring and logging for security events
No system is completely secure, and ChartBriefs cannot guarantee absolute security.
9. User Responsibilities
- Maintaining the confidentiality of account credentials
- Managing access permissions for Authorized Users
- Ensuring the accuracy and legality of uploaded Content
- Exporting and preserving Content subject to litigation holds or regulatory obligations
10. Cross-Border Data Transfers
ChartBriefs may process and store data in the United States or other jurisdictions where its service providers operate. Users acknowledge and consent to such transfers, subject to applicable law.
11. Privacy Rights
Depending on jurisdiction, Users may have rights regarding their personal information, including rights to access, correct, or delete personal data.
Requests may be submitted to ChartBriefs using the contact information below.
12. Children’s Privacy
The Services are not directed to children under 18, and ChartBriefs does not knowingly collect personal information from children.
13. Changes to This Privacy Policy
ChartBriefs may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by other reasonable means.
14. Contact Information
For questions regarding this policy, please contact ChartBriefs through our web based contact form.