Privacy Policy — Surgery.AI

1. Introduction

Surgery.AI ("we," "us," or "our") operates as a technology service provider to healthcare practices. This Privacy Policy describes how we collect, use, and protect information in connection with our AI phone agent and clinical intake products ("Services").

By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect information in the following categories:

Practice Information: Business name, contact details, provider information, and configuration data provided by healthcare practices ("Customers") when onboarding.
Patient Data: When deployed by a Customer, our Services may collect patient health information as part of intake or phone agent workflows. This data is processed on behalf of the Customer under a Business Associate Agreement (BAA).
Usage Data: Log data, call metadata, and usage analytics used to operate and improve the Services.
Communications: Emails, demo requests, and support inquiries sent to Surgery.AI.

3. How We Use Information

To provide, operate, and improve our Services
To configure and maintain AI agents on behalf of Customers
To communicate with Customers about their accounts and the Services
To comply with legal obligations
To detect and prevent fraud or security incidents

We do not sell personal information to third parties. We do not use patient health data for any purpose other than providing the contracted Services to the Customer.

4. Protected Health Information (PHI)

Where our Services process Protected Health Information on behalf of a covered entity or business associate, we do so as a Business Associate under HIPAA. All PHI is processed in accordance with our BAA and applicable HIPAA regulations. Please refer to our HIPAA Notice for more information.

5. Data Retention

We retain Customer account data for as long as the Customer maintains an active account with us. Patient data is retained in accordance with the terms of the applicable BAA. Upon termination of the Customer relationship, we will destroy or return data as specified in the BAA.

6. Data Security

We implement appropriate technical and organizational measures to protect data against unauthorized access, disclosure, alteration, or destruction. These measures include encryption in transit and at rest, access controls, audit logging, and periodic security assessments.

7. Third-Party Service Providers

We may share data with third-party vendors who assist in operating our Services (e.g., cloud infrastructure, communication platforms). All such vendors are contractually required to maintain appropriate safeguards and are prohibited from using data for their own purposes.

8. Your Rights

Depending on your location, you may have rights to access, correct, or delete personal information we hold about you. To exercise any such rights, contact us at anup@surgery.ai.

For requests related to patient health information, please contact the healthcare practice (our Customer) directly, as they are the covered entity responsible for that data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Customers of material changes via email or through our platform. Continued use of the Services after changes constitutes acceptance of the revised policy.

10. Contact

For privacy-related questions or concerns, contact us at:
Surgery.AI