1. Introduction

SRAT-AI ("we", "our", or "us") is committed to protecting your privacy and the privacy of patient data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical decision support platform.

2. HIPAA Compliance

• We implement administrative, physical, and technical safeguards
• Access to PHI is limited to authorized personnel only
• All data transmissions are encrypted using industry-standard protocols
• We maintain audit logs of all system access and data handling

3. Information We Collect

3.1 Account Information

• Name, email address, professional credentials
• Medical license information and specialization
• Institution or practice affiliation

3.2 Patient Data

• Clinical information entered for analysis purposes
• Demographic data (age, gender, relevant medical history)
• Diagnostic imaging reports and test results
• Treatment history and outcomes

3.3 Usage Information

• Platform usage patterns and feature utilization
• System performance and error logs
• Anonymized analytics data

4. How We Use Information

• Clinical Decision Support: Provide AI-powered analysis and recommendations
• Platform Improvement: Enhance our algorithms and user experience
• Research: Conduct anonymized research to advance medical knowledge (with appropriate consent)
• Compliance: Meet regulatory requirements and maintain audit trails
• Support: Provide technical support and customer service

5. Data Security

5.1 Technical Safeguards

• End-to-end encryption for all data transmissions
• AES-256 encryption for data at rest
• Multi-factor authentication for user accounts
• Regular security audits and penetration testing
• Secure cloud infrastructure with backup and disaster recovery

5.2 Administrative Safeguards

• Role-based access controls
• Regular security training for all personnel
• Incident response procedures
• Background checks for employees with data access

6. Data Sharing and Disclosure

We do not sell, trade, or rent patient data. We may share information only in the following circumstances:

• With Your Consent: When explicitly authorized by the healthcare provider
• Legal Requirements: When required by law or court order
• Research Partners: Anonymized data for approved research studies (with IRB approval)
• Service Providers: Trusted third parties who assist in platform operations (under strict confidentiality agreements)
• Emergency Situations: When necessary to prevent serious harm

7. Data Retention

• Patient data is retained only as long as necessary for clinical and legal purposes
• Users can request data deletion in accordance with applicable laws
• Backup data is securely destroyed according to our data retention schedule
• Anonymized research data may be retained indefinitely for scientific purposes

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to legal requirements)
• Portability: Request transfer of your data to another service
• Objection: Object to certain processing activities

9. International Data Transfers

If you are accessing our service from outside the United States, please note that your information may be transferred to, stored, and processed in the United States where our servers are located and our company is based.

10. Children's Privacy

Our service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or platform notification. Your continued use of the service after such modifications will constitute acknowledgment and acceptance of the modified Privacy Policy.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us: