Protecting Your Privacy at
Every Step

Your Privacy is a Priority

At TachyHealth, privacy is taken seriously of individuals who use our website. This privacy policy outlines how information is collected, used, and protected when interacting with the website and services. Our goal is to ensure transparency, comply with applicable laws (including HIPAA, GDPR, and Saudi Arabia’s Personal Data Protection Law), and give you control over your data. This policy explains the steps taken to protect data and maintain security throughout all processes.

Information Collection and Use

We collect and use the following types of information to provide, maintain, and improve our services, including the AiCode platform for AI-assisted medical coding:

• 

  Personal data to enhance the user experience.
  Profile Information: When you register using third-party login options and payment information (if applicable) provided during registration or use of our services.
  Communications: When you contact us, we may collect personal information such as your name, email address, message content, attachments, and any other details you provide. If you subscribe to our newsletter, we will collect your email address. We may track email opens to improve our Services

• 

  Data for improving products and services.
  Anonymized data such as IP addresses, browser types, device information, and interaction patterns to monitor and improve platform performance.

• 

  Anonymous data for analyzing trends and performance.
  All data is handled with strict confidentiality and in compliance with applicable data protection laws, using HIPAA-compliant de-identification methods (e.g., safe harbor or expert determination) for PHI.

All information is handled with the highest level of confidentiality and security.

Log Data

We automatically collect log data, such as IP addresses, browser types, device information, and timestamps of your interactions with our platform. This data is anonymized and used to enhance user experience, troubleshoot issues, and analyze platform performance without identifying individuals.

Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., web beacons) to personalize your experience, remember preferences, and optimize platform functionality. You can manage cookie settings through your browser or our platform’s privacy dashboard, where you can opt out of non-essential cookies.

Data Sharing with Third-Party Providers

We may share your data with trusted third parties only as necessary to provide our services, under the following conditions:

• Service Providers: Hosting, analytics, and maintenance providers who are bound by strict confidentiality agreements and, where applicable, HIPAA-compliant BAAs.
• Payment Processors: To process payments, with data encrypted and limited to what is necessary.
• Marketing Platforms: Only anonymized or aggregated data is shared for marketing purposes, unless you explicitly consent otherwise.
• No PHI is shared without your explicit consent or proper de-identification, and we do not sell your data.

Shared data is always handled with the utmost care and in compliance with data protection regulations

Data Storage and Retention

We store personal data and PHI securely using AES-256 encryption for data at rest and in transit. Data is retained only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, or resolve disputes, unless a longer retention period is required by law (e.g., HIPAA’s 6-year retention rule for certain records).

Data Transfer

Your data may be transferred to jurisdictions outside your region (e.g., for cloud storage or processing). We ensure compliance with applicable laws, such as GDPR’s Standard Contractual Clauses (SCCs), HIPAA’s BAA requirements, and PDPL’s cross-border transfer rules, using safeguards like encryption and secure transfer protocols to protect your data.

Security

We implement industry-standard security measures, including AES-256 encryption, secure access controls, and regular security audits, to protect your data from unauthorized access, disclosure, alteration, or destruction. While we strive to maintain the highest security standards, , and we continuously monitor and improve our practices to minimize risks.

Data Breach Procedures

In the unlikely event of a data breach, we will promptly investigate, contain, and mitigate the issue. We will notify affected individuals and relevant authorities (e.g., HHS, EU DPAs, or Saudi Data Authority) within the timelines required by law (e.g., HIPAA’s 60-day rule, GDPR’s 72-hour rule).

Links to Other Sites

Our platform may include links to third-party websites not operated by TachyHealth. We are not responsible for their privacy practices, and we encourage you to review their policies before providing any personal information.

Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect or process personal data from children. If we discover such data, we will delete it immediately and notify relevant parties as required by law.

Your Rights

You have the following rights regarding your personal information and PHI, subject to applicable laws (e.g., HIPAA, GDPR, CCPA, PDPL):

Access: Request a copy of the categories and specific pieces of personal information and PHI we have collected about you, including sources, purposes, and third parties with whom it is shared.

Correction: Request corrections to inaccurate or incomplete data.

Deletion: Request deletion of your data, subject to exceptions below.

Opt-Out/Restriction: Object to or restrict certain types of data processing, such as marketing or sharing with third parties.

Data Portability: Request a portable copy of your data (GDPR-specific).

Non-Discrimination: We will not discriminate against you for exercising these rights. We may deny deletion requests if retaining the data is necessary to:

You have the right to request the deletion of any of your personal information that has been collected and retained. Once a request is received and your identity is verified, personal information will be deleted (and service providers will be directed to delete) from records, unless an exception applies.

Deletion requests may be denied if retaining the information is necessary for TachyHealth or its service providers to:

Complete the transaction for which the personal information was collected, provide a requested good or service, take actions reasonably anticipated within the context of the ongoing business relationship, or otherwise perform a contract.

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

Debug products to identify and repair errors that impair existing intended functionality.

Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement if informed consent was previously provided.

Enable solely internal uses that are reasonably aligned with consumer expectations based on the relationship with TachyHealth.

Comply with a legal obligation.

Use data for other lawful purposes consistent with this policy. To exercise these rights, submit a verifiable request via the contact information below. We will verify your identity (e.g., through account credentials or other secure methods) and respond within 45 days (or as required by law, e.g., GDPR’s 1-month rule). Only you, or someone legally authorized to act on your behalf (e.g., a parent for a minor child), may make such requests.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or technology. We will notify you of material changes via email, in-app notifications, or our website at least 30 days before they take effect.

Contact

For any questions or concerns regarding privacy or data handling, do not hesitate to contact TachyHealth at info@tachyhealth.com