Privacy Policy for Hyper Insight – ICH

Effective Date: May 8, 2025

Provider: PurpleAI Inc.

1. Introduction

Welcome to Hyper Insight – ICH (the “App”), a mobile platform developed by PurpleAI (“we,” “us,” or “our”) to support qualified medical professionals (“you,” “User”) in the rapid assessment of suspected acute stroke events. The App provides the following core functionalities:

• AI-powered alerts for suspected brain hemorrhage based on CT scan analysis.
• Mobile DICOM viewer for accessing patient imaging and medical data.
• In-app communication for clinical collaboration.

We are committed to protecting all personal and health-related information processed through this App in accordance with applicable laws, including the U.S. Health Insurance Portability and Accountability Act (HIPAA) and equivalent international data protection laws.

2. Information We Collect and Process

a. Information You Provide

• Account Details: Name, email, professional credentials, and affiliated institution to verify eligibility and enable account management.
• Support/Feedback Communications: Records of communication when you contact us.

b. Patient Health Information (PHI)

• The App enables authorized users to view PHI, including CT images, AI analysis results, and other medical data, retrieved from institutional systems (e.g., PACS, EMR).
• PurpleAI acts as a Business Associate under HIPAA, processing PHI on behalf of your healthcare institution, which is the Covered Entity.
• We do not collect PHI directly from patients.

Authorized users may view PHI (CT images, analysis results) retrieved from systems like PACS/EMR. PurpleAI acts as a Business Associate under HIPAA and does not collect PHI directly from patients.

c. Automatically Collected Data

• Usage Logs: Access times, feature usage, and activity logs for audit and compliance.
• Device Information: OS version, device model, IP address, and unique identifiers for functionality and security.

3. How We Use Information

• App Functionality: Deliver AI alerts, display CT scans, enable in-app communication, and support user login.
• Security & Compliance: Enforce access controls, detect unauthorized use, maintain audit trails, and fulfill legal obligations.
• Improvement & Analytics :Use de-identified or aggregated data for performance optimization, research, and service enhancements.
• User Support: Communicate service updates and respond to inquiries.

4. How We Share Information

• With Your Institution & Care Team: PHI and usage logs may be shared with authorized users within your organization as required for clinical care and operations.
• With Service Providers: Third-party vendors (e.g., cloud hosting, analytics) operate under strict contractual obligations, including HIPAA-compliant BAAs.
• Legal & Safety Disclosures: s required by law or to address fraud, security, or safety concerns.
• Business Transfers: If involved in a merger or acquisition, subject to appropriate data protection safeguards.
• De-identified Data: May be shared for research or reporting, provided it cannot identify individuals.

5. Data Security

We implement administrative, physical, and technical safeguards to protect PHI, including:

• Encryption (in transit and at rest)
• Role-based access control
• Security assessments

6. Data Retention

• Account Information: Retained while your account is active or as legally required.
• PHI: Temporarily processed or cached for functionality only; primary storage remains with your institution.
• Audit Logs: Retained as required by law or security policy.

7. User Rights and Responsibilities

• Account Management: Update your user information via in-app settings.
• PHI Access Requests: Patients must contact their healthcare provider, not PurpleAI, for PHI-related inquiries.
• Communication Preferences: You may opt out of non-essential communications, but not critical service updates.

8. Children’s Privacy

This App is intended for licensed medical professionals. It is not intended for users under 18. Patient data relating to minors is processed under institutional policies.

9. Regulatory Compliance

We comply with HIPAA and other applicable data protection laws. We enter BAAs with healthcare institutions and ensure all subcontractors processing PHI are also bound by equivalent safeguards.

10. International Data Transfers

Where data is transferred outside the country of origin, we implement appropriate safeguards to ensure compliance with local laws and HIPAA requirements.

11. Changes to this Policy

We may update this policy periodically. Material changes will be communicated through the App or by email before taking effect. We encourage regular review of this policy.

12. Contact Us

If you have questions about these Terms, please contact:

PurpleAI Inc.
3rd Floor, 18, Tehran-ro 20-gil, Gangnam-gu, Seoul, Korea (06235)

purpleai@purple-ai.co