LEOAI Screening

Privacy Policy

Our Commitment to Your Privacy

Last Updated: 7/10/2025

1. Introduction

LEO AI Screening ("we", "us", or "our") is committed to protecting the privacy and security of your personal information and the patient data processed through our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered patient screening tool (the "Service").

We comply with applicable data protection laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).

2. Information We Collect

We may collect information in the following categories:

  • Account Information: When you register for our Service, we collect information such as your name, email address, clinic/organization name, and payment information.
  • Patient Data (Protected Health Information - PHI): As a Business Associate under HIPAA, we process PHI provided by healthcare providers (Covered Entities) or directly by patients during the screening process. This may include demographic information, medical history, symptoms, and responses to screening questionnaires. The Covered Entity is responsible for obtaining necessary patient consents.
  • Usage Data: We collect information about how you interact with our Service, such as IP addresses, browser types, access times, pages viewed, and features used.
  • Cookies and Tracking Technologies: We use cookies and similar technologies to enhance user experience, analyze trends, and administer the website.

3. How We Use Your Information

We use the collected information for purposes including:

  • Providing, operating, and maintaining our Service.
  • Processing patient screenings and generating summaries as directed by healthcare providers.
  • Improving and personalizing our Service.
  • Communicating with you, including responding to inquiries and providing support.
  • Processing payments and managing subscriptions.
  • Ensuring compliance with legal obligations, including HIPAA and GDPR.
  • For research and development, using de-identified or aggregated data.

4. Data Sharing and Disclosure

We do not sell your personal information or PHI.

We may share information under the following circumstances:

  • With Healthcare Providers (Covered Entities): PHI is shared with the respective healthcare provider for treatment, payment, or healthcare operations purposes, as permitted by HIPAA and the Business Associate Agreement (BAA) in place.
  • Service Providers: We may share information with third-party vendors and service providers who perform services on our behalf, such as payment processing, data hosting (e.g., secure cloud infrastructure), and customer support. These providers are contractually obligated to protect the information and use it only for the purposes for which it was disclosed.
  • Legal Requirements: We may disclose information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, information may be transferred as part of that transaction.

5. Data Security

We implement robust administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of personal information and PHI. These measures include encryption, access controls, audit logs, and regular security assessments.

6. Data Retention

We retain personal information and PHI for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with our legal obligations (including HIPAA record retention requirements), resolve disputes, and enforce our agreements.

7. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information, such as the right to access, correct, or delete your data. Patients should direct requests concerning their PHI to their healthcare provider (the Covered Entity).

For users in regions covered by GDPR, you have rights including access, rectification, erasure, restriction of processing, data portability, and objection to processing.

8. Children's Privacy

Our Service is not intended for use by individuals under the age of 18 without parental consent provided through a healthcare provider. We do not knowingly collect personal information from children under 13 without such consent.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: privacy@leoaiscreening.ai

Address: 123 Health Tech Ave, Silicon Valley, CA 94000