Unifyr

Legal

Privacy Policy

Effective date: January 1, 2025 ·  Last updated: January 1, 2025

Unifyr, Inc. (“Unifyr,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services. Please read it carefully.

HIPAA NoticeThis platform may be used to process Protected Health Information (PHI). If your organization is a HIPAA Covered Entity, you must sign a Business Associate Agreement (BAA) with Unifyr before using the Services with PHI. Contact privacy@unifyr.care to get started.

1Information We Collect

We collect information in the following ways:

Information you provide directly

  • Account registration details (name, email address, organization name)
  • Profile information and preferences
  • Messages, queries, and content you submit through the conversational AI interface
  • Integration credentials and configuration settings (stored encrypted)
  • Support communications

Information collected automatically

  • Usage data: pages visited, features used, session duration, click patterns
  • Device and browser information: IP address, browser type, operating system
  • Log data: server logs, error reports, performance metrics
  • Cookies and similar tracking technologies (see Section 8)

Information from third-party integrations

  • Data synced from connected platforms (EVV systems, EHR/EMR, scheduling software, Microsoft 365, Google Workspace)
  • OAuth tokens obtained with your explicit authorization

2How We Use Information

We use the information we collect to:

  • Provide, operate, and improve the Services
  • Process and fulfill your requests and commands through the AI interface
  • Authenticate your identity and manage your account
  • Sync data between your connected third-party systems
  • Send transactional communications (account notices, security alerts)
  • Provide customer support and respond to inquiries
  • Monitor and analyze usage patterns to improve performance and features
  • Comply with legal obligations and enforce our Terms of Service
  • Train and improve our AI models using aggregated, de-identified data

We will not use your Customer Data to train AI models in a way that could identify your organization, employees, or patients without your explicit consent.

3Healthcare & Protected Health Information (PHI)

Unifyr may process Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act (“HIPAA”) when you connect healthcare software integrations. If your use involves PHI, a Business Associate Agreement (BAA) must be executed prior to any PHI being transmitted through the Services. Please contact privacy@unifyr.care to request a BAA.

When processing PHI under a BAA, Unifyr acts as a Business Associate and will:

  • Use and disclose PHI only as permitted under the BAA and HIPAA
  • Implement appropriate safeguards to protect PHI
  • Report any breach of unsecured PHI in accordance with the HITECH Breach Notification Rule
  • Ensure subcontractors who access PHI agree to the same restrictions
  • Return or destroy PHI upon termination of the BAA, where feasible

You, as the Covered Entity, remain responsible for ensuring your staff use the Services in accordance with your HIPAA policies and procedures.

4Data Sharing

We do not sell your personal data. We may share information in the following limited circumstances:

Service providers

We share data with trusted third-party vendors who assist us in operating the Services (cloud infrastructure, authentication, analytics, customer support). These providers are contractually obligated to protect your data and use it only for the services they provide to us.

At your direction

When you authorize integrations with third-party platforms (e.g., connecting Microsoft 365 or your EVV system), we share data with those platforms as necessary to provide the integration.

Legal requirements

We may disclose information if required to do so by law, subpoena, court order, or if we believe such action is necessary to comply with legal process or protect the rights, property, or safety of Unifyr, our users, or others.

Business transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Services prior to such a transfer.

5Data Retention

We retain your information for as long as your account is active or as necessary to provide you the Services. Specifically:

  • Account data: Retained for the duration of your account plus 30 days after termination (to allow data export)
  • Conversation history: Retained per your organization’s settings; default retention is 12 months
  • Integration tokens: Retained until you disconnect the integration or terminate your account
  • Log data: Security and access logs retained for 90 days; aggregated analytics retained for up to 3 years
  • PHI: Handled according to your BAA and HIPAA retention requirements (minimum 6 years)

Upon account deletion, we will delete or anonymize your data within 30 days, except where we are required to retain it by law.

6Security

We implement industry-standard security measures to protect your information:

  • Encryption at rest (AES-256) and in transit (TLS 1.2+)
  • OAuth tokens and integration credentials encrypted before storage
  • Role-based access controls and principle of least privilege
  • Regular security assessments and penetration testing
  • Multi-factor authentication support via our identity provider
  • Audit logging of all access to sensitive data

While we take reasonable precautions, no security system is impenetrable. If you believe your account has been compromised, please contact us immediately at privacy@unifyr.care.

7Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal retention requirements
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to certain types of processing, including direct marketing
  • Restriction: Request that we restrict processing of your data in certain circumstances

To exercise any of these rights, please email privacy@unifyr.care. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

8Cookies

We use cookies and similar technologies to operate and improve the Services. Types of cookies we use:

  • Essential cookies: Required for authentication and session management (cannot be disabled)
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Help us understand how users interact with the Services (aggregated, anonymized)

You can control non-essential cookies through your browser settings. Note that disabling cookies may affect the functionality of the Services.

9Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information without parental consent, please contact us at privacy@unifyr.care and we will take steps to remove such information.

10Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

  • Posting the updated policy on this page with a revised effective date
  • Sending an email notification to the address associated with your account
  • Displaying a prominent notice within the Services

Your continued use of the Services after the effective date of the revised policy constitutes acceptance of the changes.

11Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

Unifyr, Inc.
Privacy & Data Protection
privacy@unifyr.care
unifyr.care