1. Introduction

Rinova.ai (“we”) is dedicated to protecting your privacy and the confidentiality of data entrusted to our platform. Rinova.ai provides AI-powered revenue cycle management (RCM) automation solutions for healthcare organizations, streamlining administrative tasks and optimizing billing workflows. This Privacy Policy outlines how we collect, use, protect, and manage your information when you interact with our platform.

We are committed to maintaining the highest standards of privacy, confidentiality, and compliance with applicable data protection laws, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA) and other relevant regulations.

2. Information We Collect

We may collect the following categories of information:

• User Account Data: Name, email address, phone number when you register or communicate with us.
• Operational Data: Logs of user activity, interaction timestamps, feature usage and system diagnostics.
• Device & Technical Data: Browser type, operating system, IP address, device identifiers and performance metrics.
• Client Data: Data processed through the platform for RCM purposes, including de-identified patient records, coding data, claims data and billing information.

3. How We Use Your Data

We use the information we collect for the following legitimate purposes:

• To Provide Our Services: Enable core functionality, process data, deliver AI-powered RCM support using de-identified data and provide customer service
• To Improve the Platform: Analyze trends, debug issues and develop new features to enhance user experience and system performance.
• To Communicate: Respond to inquiries, send operational updates, notify you of changes to our services, and, where permitted, share relevant marketing content.
• To Comply with Legal Obligations: Meet regulatory requirements, enforce our terms, and maintain audit records.

4. Data Retention and Deletion

We retain data only as long as necessary to fulfill the purposes outlined in this policy or as required by law or contract. Our retention practices include:

• Operational Logs and Usage Data: Retained for up to 180 days unless needed for security or diagnostics.
• Account Data: Retained until an account is closed or the user requests deletion.
• Client Data: Retained based on contractual agreements, typically no longer than 12 months after termination of services.

Upon request, we securely delete data using industry-standard cryptographic wiping techniques. Secure deletion also applies to archived and backed-up data.

5. Data Security

We employ strong technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction, including:

• Encryption: Data is encrypted at all times and PHI is de-identified before any further processing.
• Access Controls: Strict role-based access, audit logging and multi-factor authentication for all users and staff.
• Infrastructure Security: Hosted in compliant environments with regular vulnerability scans and threat monitoring.
• Incident Response: A documented plan ensures timely action, including breach notifications as required by applicable law.

We regularly assess and improve our security posture to align with best practices.

6. Sharing and Disclosure of Data

We do not sell, lease, or share personal or client data for advertising purposes. Data may be disclosed only under the following circumstances:

• Authorized Subprocessors: We may engage carefully vetted third-party service providers for infrastructure, analytics, or support, under strict contractual obligations.
• Legal Requirements: If compelled by law, subpoena, or court order, we may share relevant information.
• Business Transfers: In the event of a merger, acquisition, or reorganization, your data may be transferred subject to this policy.

All third parties must meet our security and privacy standards.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access: Request a copy of the data we hold about you.
• Rectify: Update or correct your information.
• Delete: Request deletion of your data, subject to legal obligations.
• Restrict or Object: Limit data processing in certain circumstances.
• Portability: Receive your data in a portable format.

8. AI Use and Automated Processing

Our AI models are tailored for RCM automation and designed to augment, not replace human judgment. Where AI is used:

• It operates on de-identified or pseudonymized data.
• Outputs are subject to human review.
• We do not use automated decision-making that significantly affects individuals without safeguards.

Transparency and accountability are embedded into every AI workflow.

9. Policy Changes

We may revise this Privacy Policy to reflect changes in legal requirements or our practices. Updates will be posted here with the “Effective Date” updated accordingly. Material changes will be communicated directly through email or platform notifications.

10. Contact Us

For any privacy-related inquiries or requests, contact us at:

Email: info@rinova.ai