Legal

Privacy Policy

Last updated: April 22, 2026

1. Information We Collect

QAPIHub collects the following types of information:

  • Account information: Work email address, name, and role when you create an account.
  • Facility data: De-identified and facility-level quality data including incident counts, PIP progress, meeting records, and training completion rates. Individual patient records are not part of the intended workflow.
  • Usage data: Pages visited, features used, and session duration for product improvement.
  • AI interaction data: Questions asked to the AI agent and generated responses, scoped to your facility session.

2. How We Use Your Information

  • To provide and maintain QAPIHub services for your facility.
  • To generate AI-powered quality reports, meeting packets, and regulatory guidance.
  • To monitor and improve service reliability and performance.
  • To send facility-specific quality alerts and regulatory updates.

3. Data Protection

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Row-level security ensures users only access their own facility data.
  • AI inputs are scanned for Protected Health Information (PHI) patterns and blocked before processing.
  • No patient-level data is intended to be stored in or transmitted through AI workflows.
  • QAPIHub is currently intended for de-identified quality workflow information and is not offered under a HIPAA business associate agreement at this time.

4. Data Sharing

We do not sell your data. We share data only with:

  • Anthropic (AI provider): De-identified or facility-level context may be sent for AI response generation. Do not submit PHI through AI workflows.
  • Supabase (database provider): Stores your facility data with encryption and row-level security.
  • Vercel (hosting provider): Hosts the application with SOC 2 compliant infrastructure.

5. Data Retention

Account and facility data is retained for the duration of your active subscription. Upon account deletion, data is removed within 30 days. AI conversation logs are session-scoped and not retained after your session ends.

6. Your Rights

You may request access to, correction of, or deletion of your data at any time by contacting us. Colorado residents have additional rights under the Colorado Privacy Act (CPA).

7. AI and Legal Use

QAPIHub's AI features are provided to support internal quality workflows. AI-generated content is informational only, is not legal advice, and must be reviewed by qualified staff before use in any official or regulated context.

8. Contact

For privacy questions, contact us at hello@qapihub.com.