HIPAA (USA)  ·  GDPR (EU)  ·  PHIPA (Ontario)  ·  PIPEDA (Canada)  ·  EU AI Act (EU)  ·  NIST AI RMF  ·  FDA AI/ML  ·  SOC 2  ·  ISO/IEC 42001  ·  ISO/IEC 27001  ·  OECD AI Principles

Privacy Policy

Effective Date: September 15, 2025

Introduction and Acceptance of Terms

AI Healthcare Compliance (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use AIHealthcareCompliance.com (the “Site”). By accessing or using the Site, or by communicating with us (for example, by submitting a contact form or email), you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Site or provide us with any personal information.

This policy is intended to comply with applicable privacy laws in Canada (including the principles of the Personal Information Protection and Electronic Documents Act, PIPEDA) and to reflect international best practices. We strive to be transparent about our privacy practices so you can make informed choices about your information.

Information We Collect

We only collect personal information that is necessary for the purposes identified in this policy. The types of information we may collect include:

  • Information You Provide Voluntarily: When you interact with our Site or with us, you may choose to provide certain personal information. For example:

    • Contact and Correspondence Data: If you fill out a contact form, send us an email, or submit a question, we may collect your name, email address, organization or affiliation (if you provide it), and the content of your message or question.

    • Volunteer Contributions: If you apply to contribute content or volunteer with us, we may collect information you provide in that process – such as your name, contact information, professional background, and any materials or details you submit for our review.

    • Other Information: Any other information you choose to provide when communicating with us (for instance, feedback, suggestions, or additional personal details you include in a message). We advise you not to include sensitive personal information (such as health or financial details) in your submissions, as our Site’s purpose is educational and not to handle sensitive data.

  • Information Collected Automatically: When you visit our Site, our systems and service providers may automatically log certain technical information about your visit. This information may include:

    • Usage Data: Such as your IP address, browser type, device information, operating system, referring website, pages you view on our Site, the dates/times of your visits, and other standard web log data.

    • Cookies and Similar Technologies: We use minimal cookies on our Site. Cookies are small text files stored on your device to help websites function or collect information. We do not use third-party analytics or advertising cookies at this time. However, we may use essential cookies to enable site functionality (for example, to remember if you’ve seen a notification or to ensure form submissions work properly). Your browser may automatically also store a cookie if you log that you have consented to something or for basic session management. (See “Cookies and Tracking Technologies” below for more details.)

We do not intentionally collect any sensitive personal information (such as health information, social insurance numbers, credit card numbers, etc.) through our Site. Please refrain from providing such sensitive data in any communications with us. Our Site is not intended for collecting personal health information, and any compliance discussions on the Site are general in nature.

How We Use Your Information

We use personal information for the following purposes:

  • To Respond to Inquiries and Provide Information: We use your contact information (like your email) and any details you provide to respond to your questions, requests, or feedback. For example, if you ask a question about AI compliance, we will use your information to reply with an answer or clarification.

  • To Facilitate Volunteer Contributions: If you express interest in contributing to the Site or provide content suggestions, we use the information you provided to evaluate and discuss your proposed contributions. We may contact you via email to follow up about your submission, provide guidelines, or notify you if we publish content you contributed.

  • To Publish Educational Content: If you submit a question or suggestion that could benefit others, we may use the content of your inquiry to create anonymized Q&A entries or educational articles. For instance, we might publish a general answer to a question that multiple users have asked. In doing so, we will remove or alter any personal identifiers from your question, unless you gave explicit consent to identify you (for example, crediting you for a contributed piece of content).

  • Site Operation and Improvement: We use automatically collected information (like usage data) to maintain and improve our website. This includes analyzing how visitors use the Site, ensuring security (e.g., monitoring for malicious activity), and optimizing the user experience. For example, understanding which pages are most visited can help us improve those sections.

  • Communication: We may use your contact information to communicate with you about updates or changes related to your inquiry or contributions. We will not send you marketing newsletters or promotions, since the Site currently does not offer such services, unless you have explicitly subscribed or consented in the future. (As of now, we have no email newsletter or marketing list.)

  • Legal Compliance and Protection: If necessary, we may use or disclose your information to comply with applicable laws, regulations, legal processes (such as a court order), or governmental requests. We may also process your information if needed to enforce our Terms and Conditions, to detect or investigate fraud or security issues, or to protect the rights, property, and safety of our organization, our volunteers, our users, or others.

We will only use your personal information for the purposes for which we collected it, and as otherwise permitted or required by law. If we need to use your information for a new purpose that is not compatible with the original purpose, we will seek your consent unless otherwise permitted by law.

Cookies and Tracking Technologies

As noted, our Site’s use of cookies and tracking is very limited:

  • We do not use any third-party advertising cookies or analytics plugins (such as Google Analytics) at this time. This means we are not tracking your browsing behavior for marketing or detailed analytics purposes.

  • We may use essential or functional cookies to support the basic operation of the site. For example, a cookie might be used to remember your preferences (such as a light or dark mode setting, if applicable) or to ensure that when you submit a form, the site remembers your input as you navigate. These cookies are generally session-based and contain minimal information (often just a random ID).

  • Our web hosting platform may deploy a cookie for technical performance or security (for instance, to determine if requests are coming from a human user and not a bot). We do not use these cookies to collect personally identifiable information, and they are used only to maintain the integrity and security of the Site.

Your Choices: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed on your device. Please note that if you disable cookies entirely, some parts of our Site may not function properly (for example, forms might not submit correctly or you might not be able to see certain preferences). However, because we do not use non-essential cookies, disabling cookies should not significantly affect your ability to read content on our Site.

Disclosure of Your Information

We value your privacy and handle your personal information with care. We do not sell, rent, or trade your personal information to third parties for their marketing or any other purposes. We only share your information in limited circumstances, such as:

  • With Service Providers: We may share information with third-party service providers who perform services on our behalf to operate and maintain the Site. For example, this could include our web hosting provider, email service provider, or other technical service providers. These parties only receive the information necessary to perform their functions, and they are contractually obligated to protect your data and use it only for the purposes of providing services to us.

  • For Legal Reasons: We may disclose your information if required to do so by law or in response to valid legal requests (such as a subpoena, court order, or government inquiry). We may also disclose information if we believe it is necessary to investigate, prevent, or take action regarding suspected illegal activities, fraud, or situations involving potential threats to the safety or legal rights of any person or entity (including our own rights or property).

  • Business Transfers: In the unlikely event that AI Healthcare Compliance is involved in a merger, acquisition, bankruptcy, or sale of assets, personal information in our possession may be transferred to the successor or assigning party as part of that transaction. If that happens, we will ensure that your information remains protected by appropriate privacy safeguards and that you are notified of any changes to the handling of your personal data.

  • With Your Consent: We will share your personal information with third parties in cases where you have given us your explicit consent to do so. For example, if you wanted us to introduce you to another professional or share your inquiry with an external expert, we would only do so if you clearly agreed and understood what information would be shared. (Generally, our default practice is not to share individual inquiries externally.)

Additionally, if we publish a user’s question on the Site in an anonymized form (as part of our educational content), that is a form of disclosure — but we will strip out names or direct personal identifiers, so that the published information cannot reasonably be connected back to you personally.

International Data Transfer

Our website is operated from Canada, and most of our data (including any personal information we collect) is stored and processed in Canada. However, we may use service providers or tools that operate in other countries (for example, an email service that routes data through the United States or elsewhere). This means that your personal information could be transferred to, stored, or processed in a country other than your home country.

By submitting your personal information to us or using our Site, you consent to this transfer, storage, and processing in countries outside of your country of residence. We will take reasonable measures to ensure that any such transfers comply with applicable data protection laws and that your information remains protected under standards comparable to those in Canada. In all cases, we handle your personal information as described in this Privacy Policy.

If you are located in a jurisdiction with data transfer restrictions (such as the European Economic Area), we will ensure that appropriate safeguards are in place for the transfer (for example, using standard contractual clauses or relying on your explicit consent, where applicable).

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. For example:

  • If you contact us with a question or feedback, we may retain that correspondence (including your email address and message) for our records and to help improve the Site. We typically keep routine inquiry emails for a period of time in case we need to refer back to them, but not longer than necessary.

  • If you volunteer or contribute content, we may retain your submission and contact details for as long as your content is under consideration or published on the Site, and for a reasonable period thereafter. This allows us to have a record of contributions and to contact you again for any follow-up or future opportunities.

  • We also retain information as needed to comply with legal obligations (for instance, if required for financial record-keeping or if relevant to an investigation), to resolve disputes, or to enforce our agreements.

When we no longer have a legitimate need or legal obligation to keep your personal information, we will securely destroy, delete, or anonymize it. For example, upon request, we can delete your correspondence and contact info from our active systems (unless we are required to keep it for legal reasons). Backup copies might persist for a short period, but will also be deleted according to our backup retention schedules.

Security Measures

We take reasonable administrative, technical, and physical security measures to protect your personal information from unauthorized access, use, alteration, or disclosure. These measures include:

  • Secure Transmission: Our Site is enabled with HTTPS, which means data transmitted between your browser and our Site is encrypted using SSL/TLS. This helps prevent eavesdropping on information you submit through our forms.

  • Access Controls: Personal information received (for example, via our email or contact form submissions) is accessible only to authorized personnel who need to process that information. We restrict access to stored personal data to those people who have a legitimate need for it.

  • Service Provider Due Diligence: We use reputable hosting and email providers that employ industry-standard security practices. We also ensure any third-party services we use to store or process data have appropriate security measures and, where applicable, data protection agreements in place.

  • Data Minimization: We strive to collect only the personal information that we actually need. By limiting the amount of data we collect, we reduce the risk associated with storing large volumes of personal data.

Despite these precautions, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. Any transmission of personal information is at your own risk. We also urge you to use caution when emailing us or submitting information; understand that email may not be fully secure. If we learn of a security breach that compromises your personal information, we will notify you and the appropriate authorities as required by law.

Your Rights and Choices

Access and Correction: You have the right to request access to the personal information we hold about you and to request corrections to any inaccuracies. We will provide you with access to your personal data, subject to certain exceptions (for example, information that contains references to other individuals or is subject to legal privilege). If you need to update or correct your information (such as changing your email address), please contact us and we will assist you.

Withdrawal of Consent: In cases where we are processing your personal information based on your consent (for example, you gave us consent to use your question on the Site), you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing we did prior to your withdrawal, but it means we will stop the specific use going forward. For instance, if you consented to be credited as a contributor and later change your mind, we can remove your name from the published content upon your request.

Deletion (“Right to be Forgotten”): You may request that we delete the personal information we have about you. For example, if you no longer want us to hold your contact details or correspondence, you can ask us to remove it. We will do so to the extent possible, though please note there may be legal requirements or legitimate purposes that necessitate we keep certain data (we will inform you if so). Also, if your personal information was part of content that has been published (like an answered question), we can remove or anonymize that content upon request.

Objection and Restriction: If you object to any aspect of our processing of your personal data or wish us to restrict how we use it (for instance, if you believe we have information about you that is inaccurate or that we no longer need), please let us know. In certain circumstances, you may also have the right to object to processing based on legitimate interests or for direct marketing (though we currently do not engage in direct marketing). We will consider all objections and requests for restriction and comply where required by applicable law.

Data Portability: If applicable, you can request a copy of the personal information you provided to us in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another service provider (this mainly applies if you are in jurisdictions like the EU under GDPR; in our context, since our data is usually simple communications, we can provide copies of what you sent us as needed).

Response Time: We will respond to any legitimate requests regarding your privacy rights within a reasonable timeframe, and in any event within the time limits required by law (for example, under PIPEDA or other regulations). There is generally no cost for you to exercise these rights, but if your request is unusually onerous or repetitive, we may charge a reasonable fee or decline if permitted by law (we would explain why in such a case).

To exercise any of these rights, or if you have questions about your rights, you can contact us using the information provided in the Contact section below. We may need to verify your identity before fulfilling certain requests to ensure we do not disclose personal data to the wrong person.

Please note that while we aim to fulfill rights requests for all users, the availability of some rights may depend on your jurisdiction. For example, residents of the European Economic Area (EEA) or California may have specific rights under GDPR or CCPA. Our policy is to honor applicable rights and to treat your privacy seriously, regardless of where you are located.

Third-Party Websites and Services

This Privacy Policy applies solely to information collected by AI Healthcare Compliance through our Site or communications. Our Site may contain links to external websites or embedded content (such as videos, articles, or resources from third parties). If you follow a link to any third-party website or interact with any third-party content, you will be subject to that third party’s own privacy policies and practices. We do not control and are not responsible for the privacy practices of third-party sites. We encourage you to read the privacy policy of any website you visit.

For example, if we link to an article on a government or educational site, and you choose to provide personal information to that external site (like signing up for their newsletter or contacting them), that action is outside the scope of our relationship with you and is governed by the third party’s terms.

We do not knowingly integrate any third-party services into our Site that collect personal data without your interaction. If in the future we incorporate specific third-party widgets or services that collect data, we will update this Privacy Policy to reflect that.

Children’s Privacy

Our Site and services are not directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13 years old. If you are under 13, please do not use the Site or send us any personal information (even if perhaps you find the topic interesting for a school project, please have an adult reach out on your behalf).

If we discover that we have unintentionally collected personal information from a child under 13, we will delete that information promptly. If you are a parent or guardian and you believe your child under 13 may have provided personal information to us, please contact us immediately so that we can take appropriate action.

For residents of certain jurisdictions, such as the European Union, our intention is also not to collect personal data from minors under the age of 16 without appropriate consent. If you are aware of a minor under 16 who has provided us with personal data without parental consent, please inform us and we will remove it.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, to ensure compliance with laws, or for other operational reasons. When we make changes, we will:

  • Post the updated policy on this page with a new effective date. The “Last Updated” or “Effective Date” at the top will change to the date of the latest revision.

  • Optionally, provide notice in a more prominent way if the changes are significant. For example, we might place a notice on our homepage or send an email notification if we ever began collecting significantly more personal data or changed our practices in a substantial way. (However, since we do not maintain a user account system, any such notification would likely be via the website itself.)

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Site after any changes to this Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should stop using the Site and can request that we remove your personal information as outlined above.

Contact Us

If you have any questions, concerns, or comments about these Terms and Conditions, or if you need to contact us for any reason related to your use of the Site, please reach out via our Contact form below. We will make our best effort to respond in a timely manner.