Privacy Policy

At EnorAI Inc. ("we," "us," or "our"), we take the privacy and security of health information extremely seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our API and middleware services (the "Services").

1. Information We Process

EnorAI is a middleware designed specifically for healthcare AI. We process Protected Health Information (PHI) exclusively for the purpose of scrubbing, tokenizing, and validating clinical text.

• Transient Processing: Payload data (such as clinical notes sent to our API) is processed in-memory. We do not persist raw PHI to disk unless explicitly configured via a Business Associate Agreement (BAA) for federated learning.
• Telemetry Data: We collect non-identifiable telemetry data (latency, error rates, token counts) to maintain and improve the reliability of our Services.
• Account Information: We collect your name, email, billing address, and payment information when you register for an API key.

2. HIPAA Compliance

EnorAI operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). If you are a Covered Entity, you must execute a Business Associate Agreement (BAA) with us before transmitting PHI to our production environment.

3. Data Security

We use administrative, technical, and physical security measures to help protect your personal information and the PHI you transmit. Our infrastructure is hosted on SOC2 Type II compliant providers, and all data in transit is encrypted using TLS 1.3.

4. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

5. Contact Us

If you have questions or comments about this Privacy Policy, please contact our Data Protection Officer at: privacy@enorai.com