Accurecord AI Privacy Policy

Accurecord AI Privacy Policy Effective Date: December 22, 2025 Introduction Accurecord AI (“Company,” “we,” or “us”) is committed to protecting your privacy. This Privacy Policy explains what information we collect through our website and services, how we use and share that information, and the rights and choices you have with respect to your information. Scope: This Privacy Policy covers general personal information (account and marketing data), usage and device data, service-related Customer Content, and special provisions for Protected Health Information (“PHI”) for enterprise customers under a Business Associate Agreement (“BAA”). If you are an enterprise healthcare customer, any PHI we handle on your behalf is governed by HIPAA and our BAA with you. In the event of a conflict, the BAA and HIPAA obligations will take precedence for PHI. PHI Boundary (Important) • Self-serve / individual accounts: no PHI (do not enter patient identifiers). • Enterprise: PHI supported only under a signed BAA and only in designated enterprise environments. Information We Collect 1. Information you provide to us: • Account/contact details (name, email, phone, organization, job title, address). • Billing information (processed by payment providers). • Support communications. • Customer Content you submit (note: self-serve users must not submit PHI). 2. Information we collect automatically: • Usage data and logs. • Device/network info (IP, browser, OS). • Cookies and similar technologies. • Analytics/performance metrics. 3. PHI: • Enterprise customers with a signed BAA may submit PHI; we use/disclose PHI only as permitted by the BAA and HIPAA. • Self-serve users must not submit PHI; if discovered, we may delete it and suspend accounts. How We Use Information • Provide and operate the services. • Account management, billing, and support. • Security, fraud prevention, monitoring. • Improve services (using aggregated/de-identified data; PHI is not used to train models except as permitted by the BAA or de-identified). • Legal compliance. How We Share Information We do not sell your personal information. We may share information: • With subprocessors/service providers (hosting, payments, monitoring) under contract. • With enterprise account administrators and authorized users (workspace access). • For legal compliance and protection. • In connection with corporate transactions (subject to confidentiality). • As de-identified/aggregated data. Subprocessors We maintain a public list of subprocessors and provide at least 30 days’ notice before adding a new subprocessor that processes Customer Content (except emergencies). Cookies We use essential and analytics cookies. You can manage cookies in your browser settings. Our site does not currently respond to Do Not Track signals. Security We implement commercially reasonable safeguards including encryption, access controls, monitoring, and incident response processes. No system is completely secure. Data Retention We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include: • Account information: Duration of your account plus three (3) years after account closure, or as required for legal compliance. • Usage logs and analytics: Ninety (90) days for detailed logs; aggregated analytics retained indefinitely. • Support communications: Three (3) years after resolution. • Billing records: Seven (7) years for tax and legal compliance. • Marketing preferences: Until you opt out or close your account. • Enterprise PHI: As specified in your BAA, typically returned or destroyed within thirty (30) days of termination unless legally required to retain. International Data Transfers Accurecord AI is based in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. For transfers from the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on appropriate legal mechanisms such as Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms. By using our services, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy. Children's Privacy Our services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us at support@accurecord.io. Your Rights Depending on your jurisdiction, you may have rights regarding your personal information: General Rights: • Access: Request a copy of the personal information we hold about you. • Correction: Request correction of inaccurate or incomplete information. • Deletion: Request deletion of your personal information, subject to legal retention requirements. • Portability: Request a copy of your data in a portable format. • Opt-out: Unsubscribe from marketing communications at any time. To exercise these rights, contact us at support@accurecord.io. We will respond within thirty (30) days (or as required by applicable law). We may need to verify your identity before processing your request. California Privacy Rights (CCPA/CPRA) If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information. Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as legal compliance or completing transactions). Right to Correct: You have the right to request correction of inaccurate personal information. Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out. Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information (if collected) for purposes permitted under CCPA, such as providing our services. Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. Categories of Personal Information Collected (past 12 months): • Identifiers (name, email, phone, IP address) • Commercial information (subscription history, billing) • Internet/network activity (usage logs, device info) • Professional information (job title, organization) • Inferences drawn from the above We collect this information from: you directly, your use of our services, and third-party analytics providers. Business Purpose for Collection: Providing services, account management, security, analytics, and legal compliance. To submit a CCPA request, email support@accurecord.io with the subject line "CCPA Request" or call 612-845-3432. You may designate an authorized agent to make a request on your behalf; we may require verification of your identity and the agent's authority. Contact Us Accurecord AI 309 Old County Rd Apt 246 Belmont, CA 94002, USA Email: support@accurecord.io