Privacy Policy

1. Introduction

At Aura Cure Platform Inc., we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information in compliance with applicable privacy laws, including:

• The Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
• The General Data Protection Regulation (GDPR) – European Union
• The Privacy Act 2020 – New Zealand
• Where applicable, the Health Insurance Portability and Accountability Act (HIPAA) – United States

We are dedicated to ensuring that your personal information is handled responsibly and transparently.

2. Information We Collect

We may collect the following types of personal information:

• Name, contact information, and account credentials
• Health-related data (if voluntarily submitted, e.g., for generating medical documentation)
• Interaction logs and usage data from your engagement with our platform and AI assistant

We only collect information necessary to provide and enhance our services.

3. How We Use Your Information

We use your personal information to:

• Operate and improve our services and platform functionality
• Generate clinical or administrative documentation using AI tools
• Respond to user inquiries, support needs, and service updates
• Comply with legal and regulatory obligations

We do not sell your personal information.

4. Use of AI Services and Third Parties

We use third-party providers to deliver AI-powered features, including:

• OpenAI's GPT-4o Mini for automated note generation
• AssemblyAI for speech-to-text transcription services

These services may involve temporarily transmitting your data (such as inputted clinical content or audio recordings) to their servers for processing.

We have signed a Data Processing Agreement (DPA) with OpenAI and a Business Associate Agreement (BAA) with AssemblyAI to ensure compliance with applicable privacy laws and to guarantee secure handling of your data.

Regarding AssemblyAI: AssemblyAI deletes your audio recordings immediately after transcription and removes any Protected Health Information (PHI) from the transcriptions to safeguard your privacy.

OpenAI is a U.S.-based organization that maintains SOC 2 Type II compliance.

5. Cross-Border Data Transfers

Your personal data may be processed in jurisdictions outside your country of residence, including the United States, where our AI service providers are based.

For Canadian Users (PIPEDA):

We comply with PIPEDA requirements for cross-border transfers by ensuring comparable levels of protection via contractual and technical safeguards. Users are notified that their data may be processed outside Canada.

For EU Users (GDPR):

We rely on Standard Contractual Clauses (SCCs) and other legal mechanisms to ensure that transfers to non-EU countries, such as the United States, meet GDPR data protection standards.

For New Zealand Users (Privacy Act 2020):

We take appropriate steps to ensure that any overseas transfers of personal information are made to jurisdictions with comparable privacy protections or under binding agreements.

Despite our safeguards, users should be aware that privacy laws in foreign jurisdictions may not provide the same level of protection as their home country.

6. Data Retention

We retain your data only as long as necessary to fulfill the purposes described in this policy or to meet legal requirements. You may request deletion of your personal data at any time by contacting us.

7. Data Security

We use industry-standard security protocols to protect your data, including:

• Encryption of data in transit and at rest
• Role-based access controls
• System logging and auditing

While we strive to protect your data, no system can be guaranteed 100% secure.

8. Your Rights

Under PIPEDA, GDPR, and the Privacy Act (NZ), you may:

• Request access to the personal data we hold about you
• Request corrections to inaccurate or incomplete information
• Withdraw your consent at any time (if applicable)
• Request deletion of your personal data
• File a complaint with a privacy authority in your jurisdiction

To exercise your rights, please contact our Privacy Officer at:
privacy@aura-cure.com

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact:

Aura Cure Platform Inc.
Privacy Officer
privacy@aura-cure.com