DrSwarm Privacy Policy (v1)

1. Information We Collect

1.1 Information you provide

• Account information (name, email, phone, organization, role)
• Billing/contact details (address, payment-related info via our payment processor)
• Support communications and feedback
• Customer Data uploaded to the Services (which may include PHI if you are using the Services for healthcare workflows)

1.2 Information collected automatically

• Device and browser information
• IP address, logs, diagnostic data
• Usage data (pages viewed, features used, timestamps)
• Cookies and similar tracking technologies (see "Cookies")

1.3 Information from third parties

• Integrations you enable (e.g., EHR systems, calendar, messaging)
• Service providers (e.g., cloud hosting, analytics, error monitoring)
• Identity providers (SSO), if used

2. How We Use Information

We use information to:

• Provide, maintain, and secure the Services
• Authenticate users and administer accounts
• Process payments and manage subscriptions
• Provide customer support
• Monitor performance, debug, and improve the Services
• Conduct research and development, including improving our models and features (see "AI/Model Use")
• Comply with legal obligations and enforce our agreements
• Prevent fraud, abuse, or security incidents

3. How We Share Information

We may share information with:

• Service providers (hosting, payments, analytics, support tooling, logging) under contractual confidentiality/security obligations
• Integrations you enable (data flows to/from third parties you connect)
• Affiliates and successors (e.g., merger/acquisition)
• Legal and safety: to comply with law, respond to lawful requests, protect rights/safety, and investigate wrongdoing

We do not sell your personal information.

4. HIPAA / PHI

If we process PHI on behalf of a Covered Entity or Business Associate, our handling of PHI is governed by the applicable BAA. Where this Privacy Policy conflicts with a signed BAA regarding PHI, the BAA controls.

5. AI / Model Use

The Services may use automated systems, including machine learning, to generate outputs and suggestions.

Default approach (protective):

• We may use Customer Data to operate and improve the Services, including improving reliability and safety.
• We will not use PHI to train generalized models for other customers unless permitted by the BAA and applicable law and/or you have provided appropriate authorization/consent.

6. Security

We use commercially reasonable administrative, technical, and organizational measures designed to protect information. No system is perfectly secure, and we cannot guarantee absolute security.

7. Data Retention

We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. We may retain backups and logs for a limited period even after deletion.

8. Cookies and Tracking

We use cookies and similar technologies to:

• keep you logged in
• remember preferences
• analyze usage and improve the Services

You can control cookies through browser settings. Some features may not function without cookies.

9. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, or object to certain processing of your personal information. You may also request a copy of your information.

To make a request, contact: privacy@drswarm.com. We may need to verify your identity.

10. International Data Transfers

If you access the Services from outside the United States, your information may be transferred to and processed in the U.S. and other locations where we or our providers operate.

11. Children

The Services are not intended for children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version and update the Effective Date. If changes are material, we will provide reasonable notice.

13. Contact

DrSwarm, Inc.
Email: privacy@drswarm.com