Privacy Policy

Last updated: May 2026

Introduction

ChronoMedAI ("we," "our," or "us") is committed to protecting your privacy and the confidentiality of your medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical document processing platform.

Information We Collect

We collect information that you provide directly to us, including:

  • Account information (name, email address, company)
  • Medical documents you upload for processing
  • Usage data and analytics

HIPAA Security Rule Safeguards

ChronoMedAI is built to HIPAA Security Rule standards. We implement appropriate administrative, physical, and technical safeguards to protect the privacy and security of protected health information (PHI).

Data Security

We employ industry-standard security measures including:

  • Encryption for data in transit and at rest
  • Secure cloud infrastructure (AWS)
  • Access controls and audit logging
  • Regular security assessments

Sub-Processors

We engage a limited set of third-party service providers to operate our platform. PHI is processed only within Amazon Web Services, under an executed Business Associate Addendum. A current list of our sub-processors is available at chronomedai.com/sub-processors.

SMS Messaging and Phone Numbers

If you enroll in SMS-based multi-factor authentication (MFA), we collect and store your mobile phone number solely to deliver one-time verification codes during sign-in. Specifically:

  • Your phone number is used only to send account security codes — never for marketing or promotional messages.
  • Your phone number is not sold, rented, or shared with third parties for marketing purposes.
  • Phone numbers are transmitted to our SMS delivery provider solely for the purpose of sending verification codes.
  • You may remove your phone number at any time by switching to authenticator-app MFA in your account security settings.
  • Phone number records are retained for the duration of your account and deleted on account closure, subject to any audit retention requirements applicable to protected health information (PHI) under HIPAA.

Mobile information (including phone numbers and opt-in consent) is never shared with third parties or affiliates for marketing or promotional purposes.

For a step-by-step walkthrough of the SMS MFA opt-in flow, the exact text of the messages we send, and how to opt out, see SMS Two-Factor Authentication.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

privacy@chronomedai.com