Skip to main content
Legal

Privacy Policy

How we handle your personal information and protected health information.

Nextvisit AI Inc ("Nextvisit," "we," "us," or "our") values your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, applications, and services (collectively, the "Service"). References to "Nextvisit Inc" in legacy materials refer to our subsidiary company.

This Privacy Policy complies with applicable U.S. federal and state laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and the New York SHIELD Act. It also reflects industry best practices for privacy in web applications, artificial intelligence (AI), machine learning (ML), and software-as-a-service (SaaS).

By using our Service, you agree to the practices described in this Privacy Policy. If you do not agree, please refrain from using the Service.

1. Intended Use in the United States Only

The Nextvisit Service is intended solely for users located within the United States. We do not support users outside the United States, and the Service is not designed to comply with international privacy laws, such as GDPR (General Data Protection Regulation). By using the Service, you confirm that you are a resident of the United States and will access it only within U.S. territories.

2. Information We Collect

We collect and process information to provide and improve our Service. This includes information you actively provide, data collected automatically, and information obtained from third parties.

a. Information You Provide

Depending on your user role, you may provide us with:

  • Personal Identifiable Information (PII): Examples include your name, email address, phone number, and billing information when you register, make a purchase, or interact with the Service.
  • Protected Health Information (PHI): If you are a healthcare provider or process patient data through Nextvisit, we may process PHI as defined under HIPAA.
  • Account Information: Professional credentials, practice or clinic details, team member directories, and roles.
  • User-Generated Content: Transcriptions, notes, uploaded files, and other data entered into the platform.
  • Payment Information: Credit card details and billing information for payment processing.

b. Information Collected Automatically

When you use our Service, we automatically collect:

  • Device Information: IP address, browser type, operating system, device type, and geographical location.
  • Usage Data: Features accessed, timestamps, crash logs, clickstream data, and performance metrics.
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to improve your experience (see Section 8: Cookies and Tracking Technologies).

c. Information From Third Parties

We may receive data from trusted third-party sources, including:

  • Identity Verification Services: To validate accounts and comply with legal requirements.
  • Third-Party Service Providers: Such as payment processors, server hosting providers, and AI partners.
  • Publicly Available Sources: Information from public databases or directories to verify healthcare-related entities.

3. User Categories and Access Levels

Our platform provides different roles to ensure appropriate access to data:

Practice/Clinic Owner

Full administrative access to practice data, including patient records and team activity. Responsible for managing billing, user roles, and overall compliance.

Administrators

Access to patient data, practice settings, and analytics as assigned by the Owner. Manage provider and staff accounts.

Providers

Access to patient records, clinical tools, and transcription services. Limited administrative permissions based on role assignments.

Staff

Task-level access to specific patient or workflow data as assigned by the Owner or Administrator. No access to administrative or billing data.

4. How We Use Your Information

We use your information for the following purposes:

a. Core Service Delivery

Enable account setup and management; provide transcription, clinical documentation, and analytics tools; and process payments and manage subscriptions.

b. Service Improvement

Analyze usage trends and technical performance; enhance platform features and functionality; and develop and refine AI and ML models using de-identified data.

c. Regulatory Compliance

Adhere to HIPAA, HITECH, and other healthcare privacy regulations, and respond to legal or regulatory inquiries.

d. Security and Fraud Prevention

Monitor for suspicious activity, unauthorized access, or security risks, and investigate and mitigate fraudulent behavior.

e. Communication

Send transactional emails, service updates, and notifications, and provide marketing communications (with an opt-out option).

5. AI and Machine Learning

We use a combination of proprietary in-house models and third-party large language models (LLMs) to power our AI features.

a. AI Partners

  • Anthropic, OpenAI, Google, Microsoft Azure: Provide advanced language processing capabilities.
  • OpenRouter, Helicone: AI routing and observability services.
  • Deepgram: Speech-to-text and audio transcription services.

These partnerships allow us to deliver transcription, insights, and workflow automation.

b. How Data Is Handled

Patient or user data sent for AI processing is de-identified where possible and sanitized to remove any PII or PHI. De-identified data is used to improve AI models, in compliance with the HIPAA de-identification standard.

c. Voice and Audio Data

When using real-time transcription features, we do not store voice data or voiceprints (no audio retention). When using audio upload or legacy audio recording methods, we may store anonymized voice data after 30 days. We do not create or retain biometric identifiers from voice data.

6. Third-Party Integrations

We work with trusted third-party providers to deliver secure and reliable services:

Infrastructure Providers

  • Google Cloud Platform, Microsoft Azure, DigitalOcean: Hosting and server infrastructure.
  • Cloudflare: Content delivery network and security services.
  • Backblaze: Encrypted data backup and storage.

Development and Deployment

  • Laravel LLC (Forge, Envoyer, Spark, Cloud): Application deployment, server management, and billing infrastructure.

Payment Processors

  • Stripe: Handles secure payment processing and subscription billing.

Communications and Messaging

  • Telnyx, Twilio: SMS messaging, two-factor authentication (2FA), and communications services.
  • Customer.io, Mailgun, SendGrid: Email delivery and messaging automation platforms.

Monitoring, Marketing, and Analytics

  • Mixpanel, Segment: Product analytics and customer data platform.
  • Google Analytics: Website and usage analytics.
  • Apollo.io, HubSpot: Marketing, sales outreach, and customer relationship management. These tools are used for prospect and existing customer communications only and do not process patient data.

AI/ML Services

  • Anthropic, OpenAI: Large language model processing for transcription and analysis.
  • OpenRouter, Helicone: AI routing and observability.
  • Deepgram: Speech recognition and audio processing.

Security and Compliance

  • Ceel.io: Security and compliance management, including SOC 2, HIPAA, and other regulatory compliance programs.

Productivity and Support Services

  • Intercom: Customer support and service.
  • Airtable: Data management and workflow automation.

We ensure all third-party integrations comply with data protection laws and execute Business Associate Agreements (BAAs) where required.

7. SMS/Text Messaging Data

Protection of Your Mobile Information

Your mobile information will not be sold or shared with third parties for promotional or marketing purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Limited Sharing for Service Delivery

We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages.

Your Rights

You may opt out of SMS communications at any time by replying "STOP" to any message. Your consent to receive SMS messages is not a condition of using our Service. Message and data rates may apply based on your mobile carrier plan.

8. Cookies and Tracking Technologies

Why We Use Cookies

Cookies and similar technologies allow us to keep you logged in during your session, analyze feature usage and platform performance, and customize your experience based on preferences.

Types of Cookies

  • Essential Cookies: Required for the platform to function properly.
  • Performance Cookies: Help us understand how users interact with the Service.
  • Preference Cookies: Store user settings and preferences.

Managing Cookies

You can control cookies through your browser settings or by contacting us for assistance. Some features may not work properly if essential cookies are disabled. See our Cookie Policy for full detail.

9. How We Protect Your Data

We implement industry-leading security measures, including:

  • Encryption: AES-256 encryption for data at rest and TLS 1.2+ for data in transit.
  • Access Controls: Role-based permissions and multi-factor authentication for all accounts.
  • Monitoring: Regular security assessments, audits, and intrusion detection.

Despite these measures, no online service can guarantee absolute security. You use our Service at your own risk.

10. Data Breach Notification

In the event of a data breach involving your personal information, we will notify affected individuals and relevant regulatory authorities as required by applicable law, including HIPAA, the New York SHIELD Act, and applicable state breach notification laws. Notifications will be provided without unreasonable delay and, where required, within the timeframes mandated by law. Breach notifications will include a description of the incident, the types of information involved, steps we are taking to address the breach, and recommendations for affected individuals to protect themselves.

11. Data Retention and Deletion

Retention Policy

Clinical data is retained as required by HIPAA and state laws. De-identified data may be stored indefinitely for improving our AI models.

Deletion Requests

You may request that we delete your personal data by contacting us at privacy@nextvisit.ai. Certain information may need to be retained for legal or compliance reasons.

12. We Do Not Sell Your Personal Information

Nextvisit does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. This applies to all categories of personal information we collect, including information covered under the CCPA, CPRA, and other applicable state privacy laws. We do not engage in the "sale" or "sharing" of personal information as those terms are defined under California law.

13. Your Privacy Rights

Depending on your state of residence, you may have the following rights:

  • Access your personal data.
  • Correct inaccuracies in your data.
  • Request deletion of personal data, where legally permissible.
  • Opt out of marketing communications.
  • Opt out of the sale or sharing of personal information (though we do not sell your data).
  • Request portability of your data.
  • Appeal a decision regarding your privacy request.

California residents may exercise rights under the CCPA/CPRA, including requesting disclosure of data collection practices. Virginia, Colorado, Connecticut, and Utah residents have similar rights under their respective state privacy laws. To exercise any of these rights, please contact us at privacy@nextvisit.ai.

14. Children's Privacy

The Nextvisit platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information directly from minors. However, healthcare providers using our platform may enter clinical data about patients of any age as part of their professional practice. Such data is processed in accordance with HIPAA and applicable healthcare privacy regulations.

15. Updates to This Policy

We may update this Privacy Policy from time to time. When changes are made, we will post the updated policy on our website. You will be notified via email or platform alerts for significant changes.

16. Contact Information

For questions or concerns, please contact us:

Email: privacy@nextvisit.ai

Mail:
Nextvisit AI Inc
C/O Ryan Yannelli
108 W 39th St
Ste 1006 #1120
New York, NY 10018