Privacy Policy

Last Updated: 8/7/25


1. Introduction

Joyera Inc. ("Joyera," "we," "us," or "our") is committed to protecting the privacy and security of your personal information and Protected Health Information (PHI). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our HIPAA-compliant AI platform for health service providers.


Our Mission: We help health service providers reclaim the joy in helping others by providing secure, compliant AI tools that reduce administrative burden while maintaining the highest standards of data protection.


2. Scope and Application

2.1 Covered Information

This Privacy Policy applies to:

  • Personal information collected through our website and platform
  • Protected Health Information (PHI) processed through our AI services
  • Usage data and analytics from platform interactions
  • Communications and support interactions


2.2 HIPAA Compliance

For healthcare customers processing PHI, this Privacy Policy works in conjunction with our Business Associate Agreement (BAA), which governs our HIPAA obligations and your rights regarding PHI.


2.3 Who This Applies To

  • Healthcare providers and organizations using our platform
  • Website visitors and potential customers
  • Support and service personnel
  • Business partners and vendors


3. Information We Collect

3.1 Personal Information

We collect the following types of personal information:


Account Information:

  • Name, email address, phone number
  • Professional credentials and license information
  • Organization details and billing information
  • Job title and role within healthcare organization


Platform Usage Data:

  • Login times and session duration
  • Features accessed and frequency of use
  • System performance and error logs
  • IP addresses and device information


Communications:

  • Support ticket content and correspondence
  • Training session participation and feedback
  • Survey responses and product feedback


3.2 Protected Health Information (PHI)

When you use our AI services, we may process PHI including:

  • Patient visit notes and session recordings
  • Treatment plans and service documentation
  • Billing and insurance information
  • Clinical observations and assessments


Important: We maintain zero data retention for PHI and process it only as necessary to provide our AI services.


3.3 Automatically Collected Information

  • Browser type and version
  • Operating system and device information
  • Referring website and pages visited
  • Time stamps and usage patterns
  • Performance metrics and error reports


4. How We Use Information


4.1 Primary Service Purposes

We use your information to:

  • Provide AI-powered administrative tools and assistants
  • Process and analyze healthcare documentation
  • Generate automated transcriptions and summaries
  • Assist with billing and claims processing
  • Provide decision support tools
  • Optimize workflows and improve efficiency


4.2 Platform Operations

  • Maintain and improve our AI services
  • Provide customer support and training
  • Ensure platform security and compliance
  • Monitor system performance and reliability
  • Conduct security audits and assessments


4.3 Communication and Support

  • Respond to inquiries and support requests
  • Provide product updates and security notifications
  • Deliver training materials and best practices
  • Send billing and account information


4.4 Legal and Compliance

  • Comply with HIPAA and other healthcare regulations
  • Respond to legal requests and court orders
  • Investigate security incidents or policy violations
  • Maintain records required by law


5. Information Sharing and Disclosure

5.1 No Sale of Personal Information

We do not sell, rent, or trade your personal information or PHI to third parties for marketing purposes.


5.2 Permitted Disclosures

We may share information only in the following circumstances:


Service Providers:

  • HIPAA-compliant cloud hosting providers
  • Security monitoring and incident response vendors
  • Payment processing services
  • Technical support and maintenance providers


Legal Requirements:

  • Court orders, subpoenas, or legal process
  • Regulatory investigations or audits
  • Law enforcement requests (with proper authorization)
  • Emergency situations involving patient safety


Business Transfers:

  • Mergers, acquisitions, or asset sales (subject to confidentiality obligations)
  • Due diligence processes with prospective buyers


5.3 PHI-Specific Restrictions

PHI is shared only:

  • As required to provide contracted AI services
  • With your explicit authorization
  • As permitted or required by HIPAA
  • To business associates under signed BAAs


6. Data Security and Protection

6.1 Technical Safeguards

  • Encryption: End-to-end encryption for all data transmission and storage
  • Access Controls: Multi-factor authentication and role-based access
  • Network Security: Secure data centers with restricted physical access
  • Monitoring: 24/7 security monitoring and threat detection
  • Backup and Recovery: Secure, encrypted backup systems


6.2 Administrative Safeguards

  • Employee Training: Regular HIPAA and security training for all staff
  • Background Checks: Comprehensive screening for personnel with data access
  • Incident Response: Documented procedures for security breaches
  • Audit Logs: Comprehensive logging of all system access and activities


6.3 Physical Safeguards

  • Data Centers: SOC 2 Type II certified facilities
  • Access Controls: Biometric and card-based access systems
  • Environmental Controls: Fire suppression and climate monitoring
  • Equipment Security: Secure disposal of hardware and storage media


7. Data Retention and Deletion

7.1 PHI Retention Policy

  • Zero Retention: PHI is automatically deleted according to configured retention periods
  • Processing Only: PHI is retained only as long as necessary to provide AI services
  • Customer Control: You can request immediate deletion of PHI at any time
  • Secure Destruction: All deletion uses cryptographic erasure methods


7.2 Other Data Retention

  • Account Data: Retained while your account is active plus 7 years for legal compliance
  • Usage Logs: Retained for 2 years for security and performance analysis
  • Support Records: Retained for 3 years to improve service quality
  • Billing Records: Retained for 7 years for tax and audit purposes


7.3 Deletion Procedures

  • Customer Requests: Data deletion within 30 days of verified request
  • Account Termination: All data deleted within 60 days unless legally required to retain
  • Automated Deletion: Regular automated deletion of expired data
  • Verification: Deletion confirmation provided upon request


8. Your Rights and Choices

8.1 Access and Correction

You have the right to:

  • Access your personal information we maintain
  • Request correction of inaccurate information
  • Receive copies of your data in portable formats
  • Request deletion of your personal information


8.2 HIPAA Rights (for PHI)

Under HIPAA, you may have additional rights including:

  • Right to access PHI we process on your behalf
  • Right to request restrictions on PHI use
  • Right to request amendments to PHI
  • Right to receive an accounting of PHI disclosures


8.3 Communication Preferences

  • Marketing Communications: Opt-out of promotional emails
  • Service Notifications: Essential service communications cannot be disabled
  • Support Communications: Control frequency and method of support contact


8.4 Account Controls

  • Data Export: Download your data in standard formats
  • Usage Monitoring: View logs of platform access and activities
  • Permission Management: Control user access within your organization


9. Cookies and Tracking Technologies

9.1 Types of Cookies

  • Essential Cookies: Required for platform functionality and security
  • Performance Cookies: Help us analyze platform usage and performance
  • Functional Cookies: Remember your preferences and settings


9.2 Third-Party Services

We use limited third-party services for:

  • Analytics: Platform usage and performance monitoring
  • Support: Customer service and communication tools
  • Security: Threat detection and incident response


9.3 Cookie Management

  • Browser Controls: Disable cookies through browser settings
  • Opt-Out Tools: Use third-party opt-out mechanisms
  • Impact Notice: Some platform features may not work without cookies

10. International Data Transfers

10.1 Data Location

  • Primary Storage: Data stored in HIPAA-compliant US data centers
  • Backup Systems: Encrypted backups maintained in geographically diverse US locations
  • Processing: All AI processing occurs within US boundaries


10.2 International Customers

For customers outside the US:

  • Adequacy Decisions: Transfers comply with applicable adequacy decisions
  • Standard Contractual Clauses: Additional safeguards for international transfers
  • Local Requirements: Compliance with local data protection laws


11. Children's Privacy

Our platform is not intended for individuals under 18. We do not knowingly collect personal information from minors as users. If we discover we have collected information from a minor, we will delete it immediately.


12. California Privacy Rights (CCPA)

12.1 California Consumer Rights

California residents have additional rights including:

  • Right to Know: Categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of sale of personal information (we do not sell)
  • Right to Non-Discrimination: Equal service regardless of privacy choices


12.2 Exercising Rights

Contact us at privacy@joyera.ai to exercise your California privacy rights. We will verify your identity before processing requests.


13. European Privacy Rights (GDPR)

13.1 Legal Basis for Processing

We process personal data based on:

  • Contractual Necessity: To provide our AI services
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Legal Compliance: To meet regulatory requirements
  • Consent: Where specifically obtained


13.2 GDPR Rights

European residents have rights including:

  • Access: Obtain copies of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion of personal data
  • Portability: Receive data in machine-readable format
  • Objection: Object to certain types of processing


14. Breach Notification


14.1 Incident Response

In the event of a data breach:

  • Immediate Response: Contain and investigate the incident
  • Risk Assessment: Evaluate potential harm to affected individuals
  • Notification Timeline: Notify affected parties within required timeframes
  • Remediation: Implement measures to prevent future incidents


14.2 Notification Procedures

  • HIPAA Breaches: Notification within 60 days as required by HIPAA
  • State Law Requirements: Compliance with applicable state breach notification laws
  • European Customers: 72-hour notification to supervisory authorities if required
  • Transparency: Clear communication about the nature and scope of breaches


15. Updates to This Privacy Policy

15.1 Policy Changes

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • New features or services
  • Legal or regulatory requirements
  • Industry best practices


15.2 Notification of Changes

  • Material Changes: 30-day advance notice via email and platform notification
  • Minor Updates: Notice through updated "Last Modified" date
  • Immediate Changes: For legal compliance or security reasons

16. Contact Information


16.1 Privacy Inquiries

For questions about this Privacy Policy or our data practices:

Privacy Officer
Joyera Inc.
Email: privacy@joyera.ai


16.2 Security Incidents

For security-related concerns:

Security Team
Email: datasecurity@joyera.ai


16.3 Data Subject Requests

To exercise your privacy rights:

Data Protection Contact
Email: privacy@joyera.ai


17. Compliance and Certifications


17.1 Current Certifications

  • HIPAA Business Associate Agreement compliant
  • SOC 2 Type II certified data centers
  • ISO 27001 information security management
  • Regular third-party security audits


17.2 Regulatory Compliance

We maintain compliance with:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • California Consumer Privacy Act (CCPA)
  • State healthcare privacy laws


17.3 Industry Standards

We follow industry best practices including:

  • NIST Cybersecurity Framework
  • HITECH Act requirements
  • Healthcare industry security standards
  • AI ethics and fairness principles


This Privacy Policy is effective as of 8/1/25 and was last updated on 8/7/25.


Questions? Contact our Privacy Officer at privacy@joyera.ai for any questions about this Privacy Policy or our data practices.