1.1 Our Privacy Commitment

AskAI is committed to protecting your privacy and maintaining the confidentiality, integrity, and security of all personal information we collect. This Privacy Policy explains our practices regarding data collection, use, disclosure, and protection in accordance with applicable laws including HIPAA, GDPR, and other data protection regulations.

1.2 Scope of This Policy

This Privacy Policy applies to all users of the AskAI platform, including:

• Healthcare organizations (customers)
• Authorized users and administrators
• Employees whose data is processed through the platform
• Website visitors and prospective customers

2.1 Employee Data

We collect and process employee information provided by healthcare organizations, including:

• Employee demographics (name, age, department, role)
• Compensation and benefits information
• Performance reviews and ratings
• Engagement survey responses
• Tenure and employment history
• Manager effectiveness scores
• Workload and scheduling data

2.2 Account Information

When you create an account, we collect:

• Name and email address
• Organization name and size
• Job title and role
• Login credentials

2.3 Usage Data

We automatically collect information about how you use our platform:

• Pages viewed and features accessed
• Time spent on platform
• Browser type and device information
• IP address and location data

3.1 Primary Uses

We use the collected information to:

• Provide predictive analytics and turnover forecasting
• Calculate financial impact of workforce changes
• Generate intervention recommendations
• Improve our machine learning models
• Provide customer support
• Send platform updates and notifications
• Comply with legal obligations

4.1 Technical Safeguards

We implement industry-standard security measures to protect your data:

• Encryption: AES-256 encryption at rest, TLS 1.3 in transit
• Access Controls: Role-based access with multi-factor authentication
• Compliance: HIPAA compliant and SOC 2 Type II certified
• Monitoring: 24/7 security monitoring and threat detection
• Auditing: Complete audit logs of all data access

4.2 Physical and Administrative Safeguards

In addition to technical measures, we maintain:

• Secure data centers with restricted physical access
• Employee background checks and security training
• Incident response and breach notification procedures
• Regular security audits and vulnerability assessments

5.1 No Sale of Data

We do not sell your data. We may share information only in these limited circumstances:

• With Your Consent: When you explicitly authorize sharing
• Service Providers: Third-party vendors who assist in platform operations (under strict confidentiality agreements)
• Legal Requirements: When required by law or to protect rights and safety
• Business Transfers: In connection with merger, acquisition, or sale of assets

6.1 Retention Period

We retain your data for as long as:

• Your account is active
• Needed to provide services
• Required by law or contract

6.2 Data Deletion

Upon account termination, data is securely deleted within 90 days unless legal retention is required. We use industry-standard data destruction methods to ensure complete removal.

7.1 Individual Rights

You have the right to:

• Access: Request a copy of your data
• Correction: Update inaccurate information
• Deletion: Request deletion of your data
• Portability: Receive your data in a portable format
• Opt-Out: Unsubscribe from marketing communications

7.2 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@askai.com. We will respond to your request within 30 days.

8.1 Healthcare Data Protection

For healthcare organizations, we comply with HIPAA regulations:

• Business Associate Agreements (BAA) available
• Protected Health Information (PHI) safeguards
• Breach notification procedures
• Regular compliance audits

9.1 Use of Cookies

We use cookies and similar technologies to:

• Maintain your session
• Remember your preferences
• Analyze platform usage
• Improve user experience

9.2 Cookie Management

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

10.1 Age Restrictions

Our platform is not intended for individuals under 18. We do not knowingly collect data from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

11.1 Cross-Border Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

• Standard contractual clauses
• Data processing agreements
• Compliance with applicable data protection laws

12.1 Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes via:

• Email notification to your registered address
• In-platform notification
• Prominent notice on our website

12.2 Continued Use

Your continued use of the platform after policy changes constitutes acceptance of the updated Privacy Policy.

13.1 Privacy Inquiries

For privacy-related questions, requests, or concerns, please contact us:

• Email: privacy@askai.com
• Phone: 1-800-PEGASUS
• Mail: AskAI Privacy Team, 123 Healthcare Blvd, Suite 500, Boston, MA 02101

13.2 Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at dpo@askai.com