Privacy Policy

Effective April 28, 2025

This Privacy Policy ("Policy") explains how Alcuin AI Inc. ("UniWise," "UniWise AI," "we," "our," or "us") collects, uses, and discloses personal information when you interact with (i) our public websites, including UniWise.ai, (ii) the UniWise Virtual Health Assistant chat widget ("Chat"), and (iii) the UniWise Platform, our clinic-facing CRM and automation tools available through web and mobile applications (collectively, the "Services"). By using the Services, you agree to the practices described below.

1. Important Notice About PHI & HIPAA

The Chat and UniWise Platform are not intended to store protected health information ("PHI") unless you have executed a Business Associate Agreement with us. Patients should not submit full names, addresses, dates of birth, medical-record numbers, images, or any other direct identifiers. Clinics and staff must de-identify data before entry unless their workspace is expressly designated HIPAA-compliant. For safe-harbor guidance on de-identification, consult the U.S. HHS website.

2. Information We Collect

We collect several categories of information:

Account Data: Your name, email, password, role, organization, and billing details provided when you create an account.

Chat Content: Questions, symptom descriptions, and timestamps you type into the Chat.

Platform Content: Notes, workflow data, and files you upload or generate within the UniWise Platform.

Device and Usage Data: IP address, browser type, pages viewed through cookies, pixel tags, and similar technologies.

Payment Data: Limited information such as the last four digits of your card from our PCI-compliant payment processor.

Communication Data: Marketing or support information you provide in web forms, emails, or product prompts.

Aggregated Data: De-identified data derived from these categories after removal of identifiers.

3. How We Use Your Information

We use personal information to:

• Provide, secure, and improve the Services
• Personalize content and remember preferences
• Process transactions and send operational messages
• Respond to inquiries and offer customer support
• Train and evaluate our AI models using de-identified data
• Conduct analytics, benchmarking, and research
• Send marketing communications (which you may opt out of at any time)
• Comply with legal obligations or enforce our terms

Our legal bases include contract performance, legitimate interests, consent, and compliance with law.

4. How We Share Information

We share information with:

• Service Providers: Trusted vendors that host our infrastructure, process payments, deliver email, and perform analytics on our behalf
• Workspace Users: Content you choose to share within your UniWise workspace is visible to other authorized users of that workspace
• Legal Compliance: We may disclose information to comply with law, protect rights, investigate fraud, or complete a business transaction such as a merger or asset sale
• Aggregated Data: We share aggregated or de-identified data that cannot reasonably identify you

We do not sell personal information.

5. SMS/Text Messaging Privacy Policy

Mobile Information Collection and Use

When you provide your mobile phone number to UniWise for SMS notifications, we collect and use this information solely for:

• Appointment reminders and confirmations
• Appointment rescheduling notifications
• Follow-up messages related to your care
• Customer service communications related to your appointments
• Telehealth appointment links and instructions

HIPAA Compliance for SMS Communications

Business Associate Agreements: We only use SMS service providers that either (1) provide Business Associate Agreements ensuring HIPAA compliance, or (2) qualify under HIPAA's "Conduit Exception" for entities that transmit but do not access Protected Health Information.

Minimum Necessary Standard: All SMS communications adhere to HIPAA's minimum necessary rule, limiting information to what is essential for the intended purpose. For example: Appointment reminders can be limited to "This is a reminder that you have an appointment today. If you cannot make the appointment, please call to reschedule. Reply Stop to Opt-Out."

Security Safeguards: Our SMS communications employ:

• Encryption in transit where technically feasible
• Access controls limiting message creation to authorized staff
• Audit trails documenting all SMS communications
• Secure authentication for staff access

Patient Consent and Authorization

Written Consent Required: Before sending any SMS communications, we obtain explicit written consent from patients, including acknowledgment of potential security risks associated with SMS communications.

Consent Documentation: All consent records are maintained in our HIPAA-compliant patient management system with timestamps and staff verification.

Right to Withdraw: Patients may withdraw consent for SMS communications at any time without affecting their care.

No Third-Party Sharing

Strict Non-Sharing Policy: UniWise will NOT share, sell, or distribute your mobile phone number or SMS opt-in information with any third parties or affiliates for marketing or promotional purposes.

Limited Service Provider Sharing: Your mobile information is only shared with authorized subcontractors who provide essential support services, including:

• Our HIPAA-compliant SMS platform provider for secure message delivery
• Customer service support systems with appropriate safeguards
• Technical support services under Business Associate Agreements

Message Frequency and Charges

Message Frequency: Message frequency varies based on your appointment activity and care needs. You may receive:

• Appointment reminders (typically 24-48 hours before appointments)
• Appointment confirmations
• Rescheduling notifications
• Occasional follow-up messages related to your care
• Telehealth appointment instructions

Data and Message Rates: Standard message and data rates may apply depending on your mobile service plan. UniWise is not responsible for these charges.

Opt-Out Rights and Patient Control

You may opt out of SMS communications at any time by:

• Replying STOP to any message (automatic unsubscribe)
• Calling our office at (555) 123-4567
• Updating your preferences during your next visit
• Emailing us at hello@uniwise.ai

Help and Support: Reply HELP to any message for assistance, or contact our office directly.

Data Security and Retention

Secure Storage: All mobile phone numbers and SMS consent records are stored securely in our HIPAA-compliant patient management system with appropriate administrative, physical, and technical safeguards.

Data Retention: SMS communications and consent records are retained according to HIPAA requirements and applicable state laws, typically for a minimum of six years or as required for patient care continuity.

Breach Notification: In the event of any unauthorized access to SMS communications or mobile contact information, we will provide notification as required by HIPAA and applicable state laws.

6. Your Choices and Rights

You may:

• Unsubscribe from marketing emails using the link in those messages or by contacting us
• Block or delete cookies through your browser settings (though some site features may not function properly)
• Request access to, correction of, deletion of, or portability of your personal information
• Restrict our processing of your information

Contact us at hello@uniwise.ai for any privacy requests.

Residents of the European Economic Area, United Kingdom, and certain other jurisdictions have additional rights including objecting to processing, opting out of the sale of personal data, limiting automated decision-making, and lodging complaints with data-protection authorities.

7. Data Security

We protect personal information using:

• Encryption in transit and at rest
• Role-based access controls
• Regular security audits
• HIPAA-compliant infrastructure
• Multi-factor authentication where available

Nevertheless, no system can guarantee complete security; you transmit data at your own risk.

8. International Transfers

We are headquartered in California, USA, and your information may be transferred to and processed in the United States or other countries where we or our providers operate. Those jurisdictions may have different data-protection laws than your own. By using the Services, you consent to these transfers.

9. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this Policy or as required by law, including HIPAA requirements for healthcare records. When information is no longer needed, we delete or anonymize it in a manner designed to prevent reconstruction.

10. Children

The Services are directed to individuals aged 18 and older and are not intended for children under 13. We do not knowingly collect personal information from children under 13; if we become aware that we have done so, we will delete it.

11. External Links and Third-Party Tools

Our Services may contain links to external sites or embed third-party plugins whose privacy practices we do not control. Any information you provide to those third parties is governed by their privacy policies.

12. Changes to This Policy

We may update this Policy periodically. Material changes will be announced via the Services or email. Continued use of the Services after an update constitutes acceptance of the revised Policy.

13. Contact Us

If you have questions or concerns about this Policy, please contact us:

Email: hello@uniwise.ai
Phone: (555) 123-4567

For SMS-related questions or to update your communication preferences, you may also:

• Reply HELP to any text message
• Call our office during business hours
• Visit during your next appointment‍

This Privacy Policy complies with HIPAA Privacy and Security Rules, the Telephone Consumer Protection Act (TCPA), and A2P 10DLC regulations for healthcare SMS communications.