Privacy Policy

1. Our Core Privacy Principle: Data Minimization

At Alanos, our guiding principle is straightforward: give clients exactly what they need — direct, private access to their automation workflows. To honor this, Automedic is built with data minimization at its core. We collect as little data as possible, and in many cases, none at all. When limited data is required, it is strictly confined to operational needs and HIPAA compliance obligations.

We do not use your data for analytics, advertising, model training, or any secondary purposes. Our architecture prioritizes privacy, control, and transparency so you remain in charge of your information.

2. Information We Collect

We strictly limit the information we collect to the following categories:

A. Account and Subscription Information

To manage your subscription and verify your identity, we collect:

• Personal Identifiers: Name, email address, and username.
• Organization Information: Company name and business contact details.

B. Operational and Compliance Logs

To ensure the security of our Services and strictly comply with the Health Insurance Portability and Accountability Act (HIPAA), we maintain operational logs. These logs are used solely for security auditing, incident response, and maintaining system integrity.

• Audit Logs: Timestamps, route access, method types, identity claims, and cryptographic hashes of payload bytes (for integrity verification).
• Usage Statistics: Anonymized metrics regarding application performance and feature usage to help us improve the stability of the Services.

3. Information We DO NOT Collect

For clarity, we explicitly state what we do not collect or access:

• No Protected Health Information (PHI): We do not access, store, or transmit PHI in our telemetry or audit logs.
• No Website Content: We do not track the websites you visit or the content displayed on them.
• No Extracted Data: Data extracted from websites or documents during automation remains on your local machine.
• No AI Interaction Content: We do not log the content (text, images, audio) of your conversations with the AI assistant.

4. Data Storage and Processing

Location of Data: All data collected by Alanos is stored and processed exclusively within the United States. We utilize secure, US-based data centers to ensure your data remains subject to US privacy laws and regulations.

5. Cloud Infrastructure and Third-Party Processors

We utilize Microsoft Azure for our backend services and cloud infrastructure. Azure is a global leader in cloud security and privacy.

Azure's Data Policy:
Microsoft Azure adheres to rigorous privacy standards and compliance certifications, including ISO/IEC 27018 (Code of Practice for Protecting Personal Data in the Cloud), HIPAA, and GDPR. Microsoft does not use customer data for advertising or marketing purposes. Data stored in Azure is encrypted at rest and in transit.

For more detailed information on how Microsoft handles data, please review the Microsoft Privacy Statement.

6. How We Use Your Information

We use the limited information we collect for the following specific purposes:

• Service Provision: To provide, operate, and maintain the Automedic application.
• Account Management: To manage your registration, login, and subscription status.
• Security and Compliance: To monitor for security incidents, prevent fraud, and fulfill our legal obligations under HIPAA and other applicable laws.
• Communication: To send you administrative information, such as updates to terms, conditions, and policies.

7. Disclosure of Your Information

We do not sell, trade, rental, or otherwise share your information with third parties for marketing purposes. We may disclose information only in the following specific situations:

• By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Service Providers: We may share information with third-party vendors (such as Microsoft Azure) who perform services for us or on our behalf and require access to such information to do that work.

8. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. These measures include:

• Encryption: Data is encrypted at rest and in transit using industry-standard protocols (TLS/SSL).
• Access Controls: Strict role-based access controls limit who can view data.
• Local Storage: Sensitive user data, including chat history and extracted content, is stored locally on your device with AES-256 encryption.

While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. We ensure HIPAA compliance on a shared responsibility model where we are responsible for implementing and maintaining the security measures to safeguard our system and data contained or transmitted through it; and you are responsible for safeguarding the access to your login credentials for the application and the data stored within. Learn more regarding this by reading our HIPAA Compliance Policy.

9. Contact Us

If you have questions or comments about this Privacy Policy, please contact us.