Privacy Policy
Last updated: May 2026
How Patient Data Is Handled
When a clinician submits a patient assessment through NephroSense AI, the structured biomarker inputs and the resulting risk score are persisted in our backend database so the clinician can revisit results, download reports, and so we can maintain an audit trail of clinical decision support activity. The data is encrypted at rest using AES-256 with envelope-wrapped data keys managed by a customer-controlled key service, and in transit using TLS. Direct identifiers (patient name, MRN, contact details) are stripped before any model inference runs.
Where Data Lives
NephroSense AI runs on Amazon Web Services in the United States, using services covered by the AWS Business Associate Addendum. The application database, encryption keys, and audit logs are hosted within a private network; no patient data is shared with third-party analytics providers or LLM vendors that do not have a Business Associate Agreement in place with us.
Audit Logging
Every access to or modification of patient data through NephroSense AI is recorded with the authenticated clinician, the action, the resource identifier, and the time. Audit records are shipped to immutable, retention-locked storage and are not exposed in clinical-facing surfaces.
HIPAA Considerations
NephroSense AI is a Clinical Decision Support tool designed for use by licensed healthcare professionals under physician oversight. We treat the data we process as Protected Health Information and operate as a Business Associate of the contracting covered entity, governed by a Business Associate Agreement that defines permitted uses, disclosures, and safeguards. Responsibility for patient-facing consent and the underlying treatment relationship rests with the healthcare institution and treating physician.
Third-Party Services
NephroSense AI may integrate with Electronic Health Record (EHR) systems via FHIR R4. EHR data exchange is governed by the data sharing agreements between the healthcare institution and NephroSense AI. Where the application uses external AI services (for example, large language model narrative generation), only Business-Associate-Agreement-covered providers are used.
Contact Information
For privacy inquiries, contact the NephroSense AI team at nephrosenseai.com/contact.
Updates
This privacy policy may be updated periodically. Material changes will be communicated through the website.