Privacy Policy
This policy is effective as of April 3, 2026. Contact legal@cortaloom.ai for questions.
Last updated: April 3, 2026
1. Data Collection
CortaLoom collects information you provide directly, including account registration details (name, email, organization), clinical documents uploaded for processing, and usage data such as feature interactions and session duration. We do not collect data from third-party sources or use tracking cookies.
2. Use of Data
We use collected data to provide and improve the CortaLoom service, including AI-powered clinical data extraction and narrative generation. Account information is used for authentication, billing, and customer support. Aggregated, de-identified usage data may be used to improve our AI models and service quality.
3. Data Sharing
CortaLoom does not sell your data. We share information only with service providers necessary to operate the platform (cloud hosting, authentication, payment processing), and only under strict contractual obligations. We may disclose data if required by law or to protect the rights and safety of our users.
4. HIPAA Compliance
CortaLoom is designed to be HIPAA compliant. All Protected Health Information (PHI) is encrypted at rest and in transit. PHI is automatically scrubbed before AI processing. We maintain Business Associate Agreements (BAAs) with all subprocessors that handle PHI. Audit logs are maintained for all access to PHI. We conduct regular security assessments and maintain administrative, physical, and technical safeguards as required by the HIPAA Security Rule.
5. Data Retention
Clinical documents and extracted data are retained for the duration of your subscription and for a reasonable period thereafter to comply with legal obligations. You may request deletion of your data at any time by contacting us.
6. Contact
For privacy-related inquiries, contact our team at legal@cortaloom.ai.