Privacy Policy

1. Who we are

Buddee ("Buddee," "we," "us," or "our") operates a shadow-mode clinical AI platform that helps U.S. healthcare organizations identify suspected HCC/ICD-10 documentation gaps, draft prior-authorization requests, and maintain a tamper-evident audit trail of revenue-cycle and compliance decisions. Buddee operates alongside an organization’s existing electronic health record (EHR) and never auto-submits a billing claim or prior authorization; every suggestion is advisory and requires a human to review and decide.

This Policy explains what information we collect, how we use it, and the choices you have, across three contexts:

• our public website and marketing pages at trybuddeeai.com (the “Site”);
• our waitlist and interactive product demonstration (which uses synthetic, non-real patient data); and
• the Buddee product (the “Service”) when made available to a contracted design partner or pilot customer, including the ingestion and analysis of clinical data.

Buddee is a Delaware company. Our registered contact details appear in Section 14.

This Policy covers personal information generally. Protected health information (PHI) that we process on behalf of a customer is governed primarily by our written agreement with that customer, including any Business Associate Agreement (BAA) and Data Processing Addendum (DPA); see Section 8.

2. A note on our current stage

Buddee is an early-stage company. We have built our platform with privacy- and security-protective architecture, but we want to be precise about what that means today:

• We describe our architecture as HIPAA-aligned and designed to support HIPAA obligations. We do not currently claim to be HIPAA-certified, SOC 2 certified, or to have completed an independent third-party security audit.
• We will only process real PHI through the Service after the required Business Associate Agreements are in place — both with the relevant customer and with our AI sub-processors — and we will not transmit real clinical data to any AI provider that is not covered by a current BAA.
• Until a customer agreement and BAA are executed, the interactive demonstration on the Site uses synthetic, non-real patient data only.

We update this Policy as our compliance posture matures (for example, when audits are completed or certifications obtained). The "Last updated" date above reflects the current version.

3. Information we collect

3.1 Information you give us

• Waitlist and contact information. When you join our waitlist, request a demo, or contact us, we collect information such as your name, work email address, organization name, job title/role, and any message you send us.
• Sales and design-partner communications. If you engage with us about a pilot, we collect the contents of those communications and any information you choose to share (for example, your organization’s payer mix, EHR system, or revenue-cycle challenges).
• Account credentials (Service). Customers who access the Service are issued API credentials. Our operator interface is designed to keep API keys in memory only during a session and does not persist them in browser local storage.

3.2 Information we collect automatically on the Site

• Usage and device data. When you visit the Site, we (and our service providers) may collect your IP address, browser type, device and operating-system information, referring/exit pages, pages viewed, and timestamps.
• Cookies and similar technologies. We use a limited set of cookies and similar technologies for essential site functionality and aggregate analytics. See Section 7.

3.3 Information processed through the demonstration

The interactive demo (for example, the sample-patient workflow) runs on synthetic data that does not describe a real person. If you type free-text input into a demo chat interface, that input may be processed to generate a response; please do not enter any real patient information, PHI, or other sensitive personal data into the public demo.

3.4 Information processed through the Service (customer data, including PHI)

When a contracted customer uses the Service, Buddee processes data the customer submits or authorizes, which may include:

• Clinical and billing data contained in FHIR R4 resources (for example, clinical notes, encounters, diagnosis and billing codes) submitted to our ingestion endpoint;
• Derived outputs we generate, such as suspected HCC/ICD-10 gap suggestions with confidence scores and supporting evidence quotations, prior-authorization drafts, and modeled recovery estimates; and
• Audit and operational records, including a cryptographically hash-chained log of analyses, suggestions, approvals, and related events.

To the extent this data constitutes PHI, Buddee acts as a Business Associate (or subcontractor) and processes it only as permitted by the applicable customer agreement and BAA, and as required by law. We do not use customer PHI for our own purposes, and we do not sell it.

4. How we use information

We use information for the following purposes:

• To operate and provide the Site, demo, and Service, including generating suggestions, drafts, and audit records for customers.
• To respond to inquiries and manage our waitlist, sales, and design-partner relationships.
• To secure our systems, detect and prevent fraud and abuse, enforce our terms, and maintain the integrity of the audit trail.
• To improve our products using aggregated or de-identified operational metrics (for example, latency, error rates, and audit-chain verification rates). We do not use real PHI to train or fine-tune AI models except as expressly permitted by a customer’s BAA, and we do not add third-party analytics SDKs to any PHI-processing path.
• To comply with legal obligations, respond to lawful requests, and protect our rights and the rights of others.

Where required, our legal bases for processing personal information include your consent, the performance of a contract, our legitimate interests in operating and improving our business, and compliance with legal obligations.

5. How AI providers and other sub-processors are involved

The Service uses large language models and supporting infrastructure provided by third parties acting as our sub-processors. As of the effective date, these include or are expected to include:

• Anthropic — primary large-language-model provider for clinical reasoning;
• OpenAI — used for embeddings and/or as a fallback provider; and
• Google Cloud Platform (GCP) — cloud hosting, database, key management (KMS), and durable storage.

Real PHI is transmitted to an AI sub-processor only when a current BAA is in place with that sub-processor. Clinical inputs sent to a model are wrapped with safeguards designed to treat them as data (not instructions), and personally identifying patterns are redacted from our application logs and traces. A current list of sub-processors is available to customers on request.

6. How we share information

We do not sell your personal information, and we do not sell or share customer PHI. We disclose information only as follows:

• Service providers / sub-processors. To vendors who process information on our behalf under contract (see Section 5).
• Customers and their authorized users. Outputs and audit records generated for a customer are made available to that customer.
• Legal and safety. When required by law, subpoena, or other legal process, or where we believe disclosure is necessary to protect the rights, property, or safety of Buddee, our customers, or the public.
• Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to the protections of this Policy and applicable law. For enterprise customers, our agreements may also provide for data export and, where applicable, source-code escrow on termination.

7. Cookies and analytics

The Site uses essential cookies necessary for the page to function. For aggregate usage measurement we use Google Analytics 4, which loads only after you opt in through our cookie-consent banner and is configured to anonymize IP addresses. We do not use advertising cookies, and we do not run third-party behavioral-advertising trackers on PHI-processing surfaces.

You can decline analytics from the consent banner and control cookies through your browser settings; disabling some cookies may affect Site functionality.

8. Protected health information (PHI) and HIPAA

When Buddee processes PHI on behalf of a covered entity or another business associate, Buddee acts as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA), as amended by HITECH, and the relationship is governed by a Business Associate Agreement (BAA). In the event of a conflict between this Policy and an executed BAA with respect to PHI, the BAA controls.

Under those agreements, Buddee:

• uses and discloses PHI only as permitted by the BAA and applicable law;
• applies administrative, physical, and technical safeguards designed to protect PHI;
• requires its sub-processors that handle PHI to agree to equivalent obligations; and
• will report breaches of unsecured PHI as and when required by the BAA and 45 CFR Part 164, including the breach-notification timelines that apply.

If you are an individual patient and believe your information was processed by Buddee, please contact the healthcare provider or organization that holds your records; as a Business Associate, Buddee generally must direct individual privacy requests to the responsible covered entity.

9. Data security

We design Buddee to protect data through measures that include:

• encryption of data in transit (TLS) and support for encryption of data at rest, including customer-managed encryption keys in our target production architecture;
• authentication on every Service route, tenant isolation with row-level access controls, and least-privilege access;
• redaction of personally identifying patterns from application logs and traces;
• a cryptographically hash-chained audit log with a verification capability and, in our production architecture, a daily key-signed integrity root exported to durable, write-protected storage;
• a shadow-mode design in which the Service never auto-submits claims or authorizations; and
• secrets-management requirements that prevent the system from starting with insecure default credentials.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Our security program continues to mature; specific controls, certifications, and audit status are described to customers under NDA and in our agreements.

10. Data retention

We retain personal information for as long as needed to fulfill the purposes described in this Policy, unless a longer or shorter period is required by law or specified in a customer agreement:

• Waitlist and marketing contacts: retained until you ask us to remove you or the information is no longer needed.
• Site usage and analytics data: retained on a rolling basis in aggregate or de-identified form.
• Customer data and PHI: retained and deleted in accordance with the applicable customer agreement, BAA, and DPA, which may include a defined post-termination egress/return window before deletion.

When we no longer need information, we delete or de-identify it using commercially reasonable measures.

11. Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, to opt out of certain processing, and to be free from discrimination for exercising these rights. This may include rights under U.S. state privacy laws (for example, the California Consumer Privacy Act as amended) and, where applicable, other jurisdictions.

To exercise a right regarding personal information we hold as a controller (for example, your waitlist or contact details), email us at the address in Section 14. We will verify your request as required by law before acting on it. For requests concerning PHI or other customer data we process on a customer’s behalf, we will refer the request to the relevant customer (covered entity), who is responsible for responding.

We do not sell personal information and do not "share" it for cross-context behavioral advertising as those terms are defined under California law.

12. International users

Buddee is operated from the United States and is intended for U.S. healthcare organizations. If you access the Site from outside the United States, you understand that your information will be processed in the United States, where data-protection laws may differ from those in your jurisdiction.

13. Children's privacy

The Site and Service are intended for businesses and their professional users and are not directed to children. We do not knowingly collect personal information directly from children through the Site. (Clinical data that a customer submits through the Service may relate to patients of any age and is governed by the applicable customer agreement and BAA, not by this consumer-facing section.)

14. Changes to this Policy and how to contact us

We may update this Policy from time to time. When we do, we will revise the "Last updated" date and, for material changes, provide additional notice as required by law. Your continued use of the Site or Service after an update constitutes acceptance of the revised Policy where permitted by law.