Privacy Policy

Privacy Policy – Autoset

Learn how Autoset collects, uses, and protects your data. Your privacy matters,
and we’re committed to keeping your information secure and transparent.

Privacy Policy

Effective Date: January 1, 2026

We have created this Privacy Policy because we know that you care about how information you provide to us is used and shared. This Privacy Policy relates to the information collection, use, and disclosure practices of our cloud-based clinical documentation platform, application programming interfaces (APIs), and integrations with Electronic Health Record ("EHR") systems (collectively, the "Platform"), operated by Qanavi Inc. d/b/a Autoset ("Autoset", "we", "us", or "our").

1. Description of Users and Relationship to Covered Entities

This Privacy Policy applies to healthcare professionals and authorized personnel who access and use the Platform ("Users"), as well as the healthcare organizations, facilities, or employers that contract with Autoset to deploy the Platform for their staff ("Customers").

For the purposes of applicable healthcare data protection laws, including the Health Insurance Portability and Accountability Act ("HIPAA"), the Customer is the Data Controller (or "Covered Entity") of Protected Health Information ("PHI") and patient data. Autoset acts strictly as a Data Processor (or "Business Associate") operating under the direct instructions of the Customer.

By accessing or using the Platform, each User and Customer agrees to the terms of this Privacy Policy. If you do not agree to these terms, do not access, connect to, or use the Platform. Capitalized terms not defined herein shall have the meaning set forth in our Terms of Service.

2. The Information We Collect and Receive

In the course of operating the Platform and facilitating EHR integrations, we collect and receive the following types of information:

2.1 Account Information: To access the Platform, you must authenticate via authorized credentials. We collect your name, professional email address, job title/role, facility location, and authentication credentials ("Account Information") to manage your account, verify your identity, and maintain session security.

2.2 Patient Data and PHI: The Platform integrates directly with third-party EHR systems (such as PointClickCare) via secure APIs (including FHIR APIs) to read and ingest data. This may include patient names, medical history, demographics, diagnoses, vitals, medications, and other clinical documentation (collectively, "Patient Data").

2.3 Audio and Clinical Inputs: We collect unstructured clinical inputs provided by Users, including temporary raw voice dictations and audio recordings captured through the Platform to generate clinical documentation drafts.

2.4 Platform Usage and Telemetry Data: We automatically collect technical data regarding how Users interact with the Platform, such as navigation paths, page structure views within the integrated workflow, feature utilization, IP addresses, browser types, and immutable access logs. This data is used solely to maintain service reliability, audit compliance, and diagnose performance issues.

3. How We Use and Share Information (Scope-Limited Data Use)

We use your information solely to provide, operate, maintain, and secure the Platform's core functionality of AI-assisted clinical documentation. Specifically, we use it to:

  • Process clinical inputs and EHR data through our specialized AI models to generate draft documentation;

  • Maintain comprehensive audit logs of access, data synchronization, note generation, and edit events;

  • Respond to customer support requests and diagnose system performance issues; and

  • Comply with federal and state regulatory frameworks, including HIPAA/HITECH requirements.

  • No AI Training on PHI: Autoset does not sell, rent, or trade Customer Data or Patient Data. We do not use PHI to train, fine-tune, or improve generalized or public AI models.

  • No Alternative Commercialization: We do not use or transfer user or patient data to determine creditworthiness, for commercial lending, or for any third-party marketing or advertising purposes.

4. Subprocessors and Infrastructure Providers

To deliver our services, Autoset shares data only with third-party service providers acting as subcontractors (e.g., cloud hosting infrastructure, automated speech recognition (ASR), and secure Large Language Model (LLM) inference APIs).

All such subprocessors are strictly bound by written Business Associate Agreements (BAAs) and confidentiality protections no less restrictive than our corporate policies.

  • Zero-Retention Commitments: Any downstream AI inference or ASR subprocessor utilized by Autoset operates under strict zero-data-retention (ZDR) agreements, ensuring that data sent for processing is programmatically deleted immediately after the generation request is fulfilled and is never retained for subprocessor model training.

  • A current list of corporate subprocessors is available to Customers upon request. Autoset commits to notifying Customers of any material changes or additions to its subprocessor lineup.

5. HIPAA Compliance and Individual Rights

We recognize the sensitive nature of Patient Data. In compliance with HIPAA and the HITECH Act, our processing of PHI is strictly governed by a separate Business Associate Agreement (BAA) executed between Autoset and the Customer.

Because Autoset is a Business Associate rather than the Covered Entity:

  • Patient Inquiries: Any individual patient seeking to exercise their privacy rights under HIPAA (such as the right to access, amend, or receive an accounting of disclosures of their PHI) must submit their request directly to the applicable healthcare Provider (our Customer).

  • If Autoset receives a privacy request directly from a patient, we will route that request to the Customer's designated administrator without unreasonable delay.

6. Data Retention

We retain data strictly in accordance with the following parameters, subject to any overriding terms within an active BAA:

  • EHR-Sourced Clinical Data and Drafts: Retained securely for the duration of the Customer’s active subscription to maintain clinical audit trails, user edit histories, and compliance logs.

  • Raw Audio Dictations: Voice recordings are processed transiently and are programmatically deleted from live system memory within 30 days of transcription completion.

  • Account Information and Audit Logs: Retained for as long as necessary to fulfill legal obligations, resolve disputes, and enforce our contractual agreements.

7. Security and Encryption

Autoset maintains a comprehensive, written information security program containing administrative, technical, and physical safeguards designed to comply with the HIPAA Security Rule and HITECH standards.

  • Data in Transit: Encrypted using TLS 1.2 or higher.

  • Data at Rest: Encrypted using industry-standard AES-256 encryption keys.

  • Isolation: We utilize logical multi-tenant data isolation architecture to ensure Customer data sets remain partitioned.

  • Auditing: The Platform enforces immutable audit logging of all access, generation, sync, and edit events.

8. Breach Notification

In the event of a confirmed Breach of Unsecured PHI, Autoset will notify the Customer’s designated administrator in writing without unreasonable delay, and in no event later than ten (10) calendar days after discovery of the breach. This notification will provide the information necessary for the Customer to satisfy its reporting obligations under the HIPAA Breach Notification Rule. In the event of a conflict between this section and an executed BAA, the shorter notification window specified in the BAA shall control.

9. Technical Restrictions

Users and Customers are strictly prohibited from attempting to circumvent the secure data parameters of the integration. The Platform must not be used to scrape, extract, or access data from PointClickCare or any other third-party EHR beyond the specific, authorized scope granted by the EHR administrator.

10. User Account Rights and Choices

This section applies strictly to the professional Account Information of authorized Users (e.g., clinician logins):

  • Users may update or correct their account profile information through their Platform dashboard settings.

  • To request the deletion of a specific administrative user account, the Customer's designated administrator must contact Autoset support.

  • Note: Deletion of user account credentials does not result in the deletion of clinical audit logs or historical transaction data required by law or necessary for the Customer's clinical documentation records.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our integrations, data processing methodologies, or regulatory requirements. Material updates will be communicated to the Customer's designated administrator via email or a prominent notification within the Platform interface. Continued use of the Platform after the effective date of an updated policy constitutes acceptance of those terms.

12. Contact Us

For legal notices, data privacy questions, or to review subprocessor disclosures, please contact us at:

  • Email: dev@autoset.dev

  • Mailing Address: 

    Qanavi Inc.,
    8 The Green,
    Dover, Delaware, 19901
    United States

Copyright © 2026 Qanavi Inc. d/b/a Autoset. All rights reserved.

Forget the hassle.

Let our reliable AI agents take care of your mundane back office tasks, so that you can deliver the care your patients deserve.

Forget the hassle.

Let our reliable AI agents take care of your mundane back office tasks, so that you can deliver the care your patients deserve.

Forget the hassle.

Let our reliable AI agents take care of your mundane back office tasks, so that you can deliver the care your patients deserve.

Our AI agents are built to solve the unique challenges with SNF documentation, so that teams can spend more time caring for their patients.

Company

© 2025 Autoset. All rights reserved.

Our AI agents are built to solve the unique challenges with SNF documentation, so that teams can spend more time caring for their patients.

Company

© 2025 Autoset. All rights reserved.

Our AI agents are built to solve the unique challenges with SNF documentation, so that teams can spend more time caring for their patients.

Company

© 2025 Autoset. All rights reserved.