Privacy Policy

Last updated: January 10, 2025

At Aclera-AI ("we," "us," or "our"), we are committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use CasePanel and our related services.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and professional credentials
  • Email address
  • Organization/employer information
  • National Provider Identifier (NPI), if applicable
  • Payment information (processed securely by our payment provider)

Clinical Data

When you use CasePanel to generate documentation, the service processes clinical data you input, which may include Protected Health Information (PHI). We handle all clinical data in accordance with HIPAA requirements.

Usage Data

We automatically collect certain information about your use of our services:

  • Features used and actions taken
  • Time spent in the application
  • Device type and browser information
  • Error logs and performance data

We use cookieless analytics (Microsoft Clarity and Azure Application Insights) to understand usage patterns without tracking individual users across the web.

How We Use Your Information

To Provide Our Services

  • Process and generate clinical documentation
  • Maintain and improve CasePanel functionality
  • Provide customer support
  • Process payments and manage subscriptions

To Improve Our Services

  • Analyze usage patterns to enhance features
  • Develop new functionality based on user needs
  • Ensure quality and accuracy of AI outputs

To Communicate With You

  • Send service-related announcements
  • Respond to support requests
  • Provide updates about your account

HIPAA Compliance

Aclera-AI operates as a HIPAA-compliant Business Associate. When healthcare providers use CasePanel:

  • We enter into Business Associate Agreements (BAAs) with covered entities
  • PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access to PHI is strictly controlled and audited
  • We do not use PHI for training AI models
  • We maintain comprehensive audit logs

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit - All data transmitted between your device and our servers uses TLS 1.2 or higher
  • Encryption at rest - All stored data is encrypted using AES-256 encryption
  • Access controls - Role-based access with multi-factor authentication for administrative access
  • Infrastructure security - Hosted on SOC 2 Type II certified infrastructure (Microsoft Azure)
  • Regular security assessments - Ongoing vulnerability scanning and penetration testing

Data Retention

We retain your data as follows:

  • Account information - Retained while your account is active and for 7 years after closure for legal compliance
  • Clinical documentation - Retained per your organization's policies and applicable healthcare regulations (minimum 6 years for HIPAA)
  • Usage logs - Retained for 2 years for security and improvement purposes

You may request deletion of your data subject to legal and regulatory requirements.

Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

  • Service providers - With vendors who assist in providing our services (hosting, payment processing), bound by confidentiality agreements
  • Legal requirements - When required by law, regulation, or legal process
  • Business transfers - In connection with a merger, acquisition, or sale of assets, with notice to affected users
  • With your consent - When you explicitly authorize sharing

Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access - Request a copy of your personal data
  • Correction - Request correction of inaccurate data
  • Deletion - Request deletion of your data (subject to legal requirements)
  • Portability - Receive your data in a machine-readable format
  • Opt-out - Opt out of non-essential communications

To exercise these rights, contact us at contact@aclera-ai.com.

Children's Privacy

CasePanel is intended for use by healthcare professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

International Data Transfers

Our services are hosted in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States. We implement appropriate safeguards for international data transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, if you have an account, by email. Your continued use of our services after changes become effective constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: