Legal

Privacy Policy

Last updated: March 22, 2026

1. Information We Collect

QAPIHub collects the following types of information:

  • Account information: Work email address, name, and role when you create an account.
  • Facility data: Aggregate quality data including incident counts, PIP progress, meeting records, and training completion rates. Individual patient records are never stored.
  • Usage data: Pages visited, features used, and session duration for product improvement.
  • AI interaction data: Questions asked to the AI agent and generated responses, scoped to your facility session.

2. How We Use Your Information

  • To provide and maintain QAPIHub services for your facility.
  • To generate AI-powered quality reports, meeting packets, and regulatory guidance.
  • To monitor and improve service reliability and performance.
  • To send facility-specific quality alerts and regulatory updates.

3. Data Protection

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Row-level security ensures users only access their own facility data.
  • AI inputs are scanned for Protected Health Information (PHI) patterns and blocked before processing.
  • No patient-level data is stored or transmitted to AI providers.

4. Data Sharing

We do not sell your data. We share data only with:

  • Anthropic (AI provider): Anonymized, aggregate facility context is sent for AI response generation. No PHI is transmitted.
  • Supabase (database provider): Stores your facility data with encryption and row-level security.
  • Vercel (hosting provider): Hosts the application with SOC 2 compliant infrastructure.

5. Data Retention

Account and facility data is retained for the duration of your active subscription. Upon account deletion, data is removed within 30 days. AI conversation logs are session-scoped and not retained after your session ends.

6. Your Rights

You may request access to, correction of, or deletion of your data at any time by contacting us. Colorado residents have additional rights under the Colorado Privacy Act (CPA).

7. Contact

For privacy questions, contact us at shinu.mammen@qapihub.com.