Privacy Policy

Our Commitment to Privacy

At Oonagh AI, we are committed to protecting the privacy of healthcare practitioners and their patients. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Since Oonagh AI processes Protected Health Information (PHI), we maintain compliance with HIPAA and other applicable healthcare privacy laws.

Information We Collect

Practitioner Information

• Account Information: Name, email address, professional credentials, and contact details
• Practice Information: Business name, address, phone number, and professional licenses
• Payment Information: Billing information and payment details for subscription services
• Usage Data: Information about how you interact with our platform, features used, and time spent
• Communications: Records of communications between you and Oonagh AI, including support inquiries

Patient Information (PHI)

• Demographic information (name, contact details, date of birth)
• Medical history and current conditions
• Treatment records and clinical notes
• Clinical findings and test results
• Audio recordings and transcriptions of clinical sessions
• Tongue and pulse assessment data recorded through documentation templates

Important: Oonagh AI is designed for use by licensed healthcare practitioners. You should only input patient information in accordance with your professional responsibilities and after obtaining appropriate consent from your patients.

How We Use Your Information

Practitioner Information

• To create and manage your account
• To provide and maintain our services
• To process payments and manage subscriptions
• To communicate with you about our services, updates, and support
• To improve our platform and develop new features
• To comply with legal obligations and enforce our terms
• To prevent fraudulent or unauthorized activity

Patient Information

We process patient information solely to provide the services you have requested. This includes:

• Storing and managing electronic health records
• Processing audio recordings to create transcriptions
• Analyzing clinical data to provide insights and recommendations
• Facilitating secure communication with patients
• Generating clinical documentation and reports

We do not use patient information for any other purposes unless explicitly authorized by you and permitted by applicable law.

Information Storage and Security

Oonagh AI employs robust security measures to protect your information and maintain HIPAA compliance:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
• Access Controls: Strict role-based access controls limit who can access your information.
• Secure Infrastructure: Our platform is hosted in secure data centers with physical and technical safeguards.
• Security Assessments: We conduct regular security assessments and vulnerability testing.

Additional Security Features: Business Associate Agreements, Retention Policies, SOC 2 Type II Compliance, Regular Audits

Information Sharing and Disclosure

We limit the sharing of your information to the following circumstances:

Service Providers

We may share information with third-party service providers who help us operate our platform. All service providers that may have access to PHI are bound by Business Associate Agreements.

Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction with the same privacy protections.

With Your Consent

We may share information with third parties when you have given us your consent to do so.

We do not sell or rent your personal information or patient data to any third parties.

Data Subject Rights

Depending on your location, you may have certain rights regarding your personal information:

• Access: You can request access to the personal information we hold about you.
• Correction: You can request that we correct inaccurate or incomplete information.
• Deletion: You can request that we delete your personal information.
• Restriction: You can request that we restrict the processing of your information.
• Data Portability: You can request a copy of your information in a structured, commonly used format.
• Objection: You can object to the processing of your information.

To exercise these rights, please contact us at legal@oonagh-ai.com. We will respond to your request within the timeframe required by applicable law.

International Compliance

GDPR Compliance

For users in the European Union, we comply with GDPR requirements, including:

• Data minimization and purpose limitation
• User consent and withdrawal mechanisms
• Right to data portability and deletion
• EU data residency options
• Appointed Data Protection Officer (DPO)

International Data Transfers & Residency

Oonagh AI operates globally, and your information may be transferred to and processed in countries other than your country of residence. However, we are committed to data residency to ensure your data stays within your region.

• UK/EU Data: Stored in our London & Ireland data centers (GDPR Compliant).
• US/Canada Data: Stored in our US data centers (HIPAA Compliant).
• India Data: Stored in our India data centers (DPDPA Compliant).

We ensure that any necessary data transfers comply with applicable data protection laws, including implementing appropriate safeguards such as Standard Contractual Clauses where required.

Patient Rights

Patient information is controlled by the healthcare practitioner. Patients should contact their healthcare provider directly to exercise their rights regarding their health information.

Compliance with Healthcare Privacy Laws

In addition to this Privacy Policy, our handling of Protected Health Information (PHI) is governed by our Business Associate Agreement (BAA) and our HIPAA compliance policies. For more information about our HIPAA compliance, please visit our Data Security page.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on our website and updating the "Last Updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We are committed to working with you to resolve any complaints about our data collection or processing.