Privacy has to be designed into clinical operations.

among.health supports sensitive mental health workflows. This policy explains the categories of information we process, why we process them, when information may be shared, and how users can contact us about privacy requests.

Submit privacy request Cookie settings

Data resale

We do not sell patient information as a business model.

Role

Access control

Product access is designed around user roles and permissions.

Review

Human oversight

AI-assisted output should be reviewed before clinical use.

Information we process

The product uses information needed to run care workflows.

Information may include account details, clinic or practice information, patient records entered by authorized users, visit context, notes, check-ins, messages, support requests, and device or usage information.

Account and organization data

Names, emails, roles, clinic details, subscription state, and workspace permissions.

Clinical workflow data

Patient context, appointments, notes, check-ins, care plans, safety flags, and related care coordination records.

Product and support data

Usage telemetry, form submissions, support messages, logs, and diagnostics used to operate the service.

How we use information

Data is used to provide, secure, improve, and support the service.

We use information to authenticate users, route workspaces, support clinical workflows, provide Avinya AI features, maintain security, respond to support requests, and improve reliability.

Service operation

Run doctor, patient, and admin workflows according to organization setup and user permissions.

AI functionality

Generate summaries, guidance, and workspace context where enabled and appropriate for the user's role.

Security and compliance

Monitor abuse, debug issues, maintain auditability, and satisfy legal or contractual obligations.

Sharing

Information is shared only for service, legal, or user-directed reasons.

We may share information with service providers, care organizations, authorized users, payment processors, legal authorities when required, or parties involved in a business transaction.

Service providers

Vendors may process limited information to help us host, secure, analyze, support, or bill for the service.

Care organizations

Authorized clinics and care teams may access information according to their roles and patient relationships.

Legal requirements

We may disclose information when required to comply with law, protect rights, or prevent harm.

Details

What to know

Rights

User choices

Users may request access, correction, deletion, or restriction where applicable law and clinical record obligations allow.

Records

Retention

Retention depends on account status, clinical record requirements, contracts, security needs, and legal obligations.

Controls

Security

We use administrative, technical, and organizational safeguards appropriate for sensitive healthcare workflows.

Privacy requests

Privacy requests should include the account email, organization, request type, and enough information for identity verification.

Access

Correction

Deletion where legally available

Contact

Submit a privacy request

Send a privacy, data access, correction, or deletion request.