Skip to main content

Privacy Policy

Last updated: May 2026

How Patient Data Is Handled

When a clinician submits a patient assessment through NephroSense AI, the structured biomarker inputs and the resulting risk score are persisted in our backend database so the clinician can revisit results, download reports, and so we can maintain an audit trail of clinical decision support activity. The data is encrypted at rest using AES-256 with envelope-wrapped data keys managed by a customer-controlled key service, and in transit using TLS. Direct identifiers (patient name, MRN, contact details) are stripped before any model inference runs.

Where Data Lives

NephroSense AI runs on Amazon Web Services in the United States, using services covered by the AWS Business Associate Addendum. The application database, encryption keys, and audit logs are hosted within a private network; no patient data is shared with third-party analytics providers or LLM vendors that do not have a Business Associate Agreement in place with us.

Audit Logging

Every access to or modification of patient data through NephroSense AI is recorded with the authenticated clinician, the action, the resource identifier, and the time. Audit records are shipped to immutable, retention-locked storage and are not exposed in clinical-facing surfaces.

HIPAA Considerations

NephroSense AI is a Clinical Decision Support tool designed for use by licensed healthcare professionals under physician oversight. We treat the data we process as Protected Health Information and operate as a Business Associate of the contracting covered entity, governed by a Business Associate Agreement that defines permitted uses, disclosures, and safeguards. Responsibility for patient-facing consent and the underlying treatment relationship rests with the healthcare institution and treating physician.

Third-Party Services

NephroSense AI may integrate with Electronic Health Record (EHR) systems via FHIR R4. EHR data exchange is governed by the data sharing agreements between the healthcare institution and NephroSense AI. Where the application uses external AI services (for example, large language model narrative generation), only Business-Associate-Agreement-covered providers are used.

Cookies and Analytics

The NephroSense AI marketing website (nephrosenseai.com) may use standard web analytics to track page visits and usage patterns. No patient health data is included in marketing-site analytics. Users can manage cookie preferences through their browser settings.

Contact Information

For privacy inquiries, contact the NephroSense AI team at nephrosenseai.com/contact.

Updates

This privacy policy may be updated periodically. Material changes will be communicated through the website.