Privacy Policy
Effective Date: January 1, 2025
1. Scope
This Privacy Policy applies to:
- The Ashalna Assist mobile application;
- The Ashalna website(s), including landing pages, marketing sites, and related domains; and
- Information processed on behalf of healthcare provider clients and partners.
2. Information We Collect
We may collect the following categories of information:
Identifiers: Names, email addresses, phone numbers, job titles, and account credentials.
Professional or Employment-Related Information: Job title, role, and organization details.
Health Information: Clinical and health-related data, including PHI, processed strictly on behalf of healthcare agencies as their business associate under HIPAA.
Internet or Technical Information: Log data, device identifiers, IP address, browser type, and usage metrics.
Commercial and Transactional Information: Records of interactions with our Services, including subscriptions and communications.
Inferences and Analytics: De-identified or aggregated information derived from assessment data for service improvement.
Sensitive Information
Where permitted by law, we may process sensitive personal information as necessary to provide the Services, such as:
- Audio recordings and derived biometric identifiers (e.g., voice characteristics) used solely for transcription, authentication, or AI-based accuracy improvements.
We do not use sensitive data for marketing or profiling.
Application Data & Permissions
When you use our mobile application, we may request access to:
- Microphone and camera to enable recording and scanning features;
- Device data (e.g., model, OS version, carrier, device ID, IP address, crash logs, and usage patterns) for troubleshooting and analytics.
You can revoke these permissions anytime in your device settings.
Push Notifications
With your consent, we may send push notifications about your account or features. You can disable these through your device settings.
3. Sources of Information
We obtain personal information from:
- You directly (e.g., account creation or communications);
- Healthcare provider clients using Ashalna for patient assessments;
- Automated collection from your device and interactions; and
- Public databases, marketing partners, social media platforms, and service providers that assist in delivering or promoting our Services.
4. How We Use Information
We use information for the following purposes:
- To provide, operate, and maintain our Services;
- To authenticate users and secure accounts;
- To process assessments and PHI on behalf of healthcare agencies;
- To communicate with you, including updates and newsletters (opt-out available);
- To analyze de-identified data for product and statistical improvement;
- To comply with legal obligations, enforce agreements, and protect rights and safety.
Important: We do not use customer or PHI data to train AI models.
5. Sharing of Information
We may disclose personal information as follows:
Service Providers
To third parties under contract who support our operations, including:
- Cloud hosting and data storage providers;
- Security and monitoring vendors;
- Email and communication services;
- Analytics and diagnostics providers;
- Audio transcription and data labeling services.
Business Partners
Where necessary to support integrations or joint offerings with partner organizations.
Business Transfers
We may transfer information in connection with a merger, acquisition, financing, or sale of company assets, ensuring continued data protection.
Legal Compliance
When required by law, subpoena, or governmental request, or to protect the rights, property, or safety of Ashalna, our users, or others.
Important: We do not sell or rent personal information. We do not “share” personal information for cross-context behavioral advertising as defined by the California Consumer Privacy Act (CCPA/CPRA).
6. Data Storage and Security
- Location: Data is stored and processed in the United States.
- Security: We employ administrative, technical, and physical safeguards, including encryption at rest and in transit, access controls, and monitoring.
- Disclaimer: While we take reasonable measures to protect your information, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
7. HIPAA Compliance
When processing PHI on behalf of covered healthcare entities, Ashalna acts as a “Business Associate” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We maintain all required administrative, physical, and technical safeguards to protect PHI.
8. Your Rights
A. General Rights
- Marketing Communications: You may opt out of promotional communications at any time.
- Healthcare Data: Requests involving PHI must be directed to the healthcare provider that controls that data.
- Data Accuracy: You are responsible for ensuring your account information is true, complete, and current.
B. Multi-State Privacy Rights (U.S.)
Residents of certain U.S. states (e.g., CA, CO, CT, UT, VA, TX) may have the following rights:
- Right to Know and Access the categories and specific pieces of personal information we collect;
- Right to Delete personal information, subject to legal exceptions;
- Right to Correct inaccurate data;
- Right to Data Portability;
- Right to Opt Out of sale or targeted advertising (Ashalna does not engage in these practices); and
- Right to Limit Use of sensitive personal information to core service delivery.
Exercising Your Rights: You may submit a request by emailing hello@ashalna.com or via our online form. We may verify your identity before fulfilling requests. Authorized agents may act on your behalf as permitted by law.
Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
C. CPRA Data Category Disclosure Table
| Category | Examples | Collected | Purpose of Use | Disclosed To |
|---|---|---|---|---|
| A. Identifiers | Name, email, phone, IP address, account login | Yes | Account creation, authentication, and communication | Service providers (cloud, hosting, communications) |
| B. Protected Classifications | Gender, age, date of birth | No | N/A | N/A |
| C. Commercial Information | Subscription details, interactions, transactions | Yes | Billing and support | Service providers (payment, CRM) |
| D. Biometric Information | Voiceprints or voice-derived data | Yes (audio recordings only) | Transcription, validation, service improvement | Audio transcription providers |
| E. Internet/Network Activity | Device data, logs, crash reports | Yes | Security, troubleshooting, analytics | Cloud and analytics providers |
| F. Geolocation Data | Approximate device region | No | N/A | N/A |
| G. Audio/Visual Information | Voice recordings used for assessments | Yes | AI analysis and transcription | Service providers (transcription, cloud storage) |
| H. Professional/Employment Info | Role, employer, credentials | Yes | Authentication, account management | Internal systems only |
| I. Education Information | Student records | No | N/A | N/A |
| J. Inferences | De-identified usage insights | Yes (aggregated only) | Product analytics, improvements | Internal analytics |
| K. Sensitive Personal Info | Health data, PHI | Yes | HIPAA-compliant processing on behalf of healthcare clients | Healthcare providers, secure storage partners |
We retain this information only as long as necessary to fulfill the purposes described above or as required by law or client agreements.
9. Do-Not-Track Signals
Some browsers include a “Do-Not-Track” (DNT) setting. Because no standard exists for interpreting DNT signals, we do not currently respond to them. If an applicable standard emerges, we will update this Policy accordingly.
10. Data Retention
We retain personal information only as long as necessary for the purposes described in this Policy, or as required by law or client contract.
For example:
- Account information: Retained while the account is active and up to 5 years after closure.
- Operational logs: Typically retained for 180 days.
- PHI processed on behalf of healthcare clients: Retained and deleted according to client instructions.
Backup copies may persist temporarily as part of routine system backup processes before secure deletion.
11. Children’s Privacy
Our Services are intended for use by individuals 18 years of age or older. We do not knowingly collect or market to anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly.
12. International Use
Our Services are intended for use within the United States. If you access them from outside the U.S., you acknowledge that your information will be transferred to and processed in the United States.
13. Changes to this Policy
We may update this Privacy Policy from time to time. The “Effective Date” above reflects the latest revision. Updates will be posted on our website, and continued use of the Services constitutes acceptance of the updated policy.
14. Contact Us
For questions or concerns regarding this Privacy Policy or our data practices, please contact:
Privacy Officer – Ashalna LLC
Email: hello@ashalna.com
Mailing Address: 1111B S Governors Avenue, Suite 37947, Dover, DE 19904