Privacy Policy

Introduction

This Privacy Policy describes how Scrivly, Inc. ("Ailva," "we," "us," or "our") collects, uses, discloses, and protects information when you use the Ailva clinical intelligence platform. Ailva is designed for NPI-verified healthcare providers in the United States.

Data We Collect

Provider Identity (from NPI Verification)

• NPI number
• Name (as registered in NPPES)
• Specialty and credential type
• State/region of practice
• Institution or practice affiliation (from NPPES registry)
• Email address (provided at registration)

Clinical Queries

• Every query submitted and its corresponding response
• Query text and de-identified patient context are stored in query history so providers can revisit prior sessions
• Detected specialty classification per query
• Detected patient context (de-identified demographics, conditions, medications, and lab values only)
• Session grouping and timestamp metadata
• Response feedback ratings (if provided)

Engagement Events

• Query frequency and session duration
• Topic and specialty distribution patterns
• Feature usage (Thinking toggle, citation expansions, follow-up actions, pathway views, copy/share actions)
• Return frequency

De-Identified Patient Context

When a query contains clinical context (e.g., "68-year-old male with HFpEF and CKD stage 3b on metformin"), Ailva extracts de-identified demographic and clinical descriptors to improve evidence retrieval. These descriptors do not constitute Protected Health Information (PHI) under the HIPAA Safe Harbor standard when they exclude direct and indirect identifiers. You must not include names, dates of birth, medical record numbers, addresses, phone numbers, email addresses, or other HIPAA-defined identifiers. See "HIPAA Safe Harbor De-Identification" below.

Data We Do Not Collect

• Protected Health Information (PHI) — our Terms of Service prohibit entering identifiable patient information
• Raw inference content beyond operational logs and transient processing required to return a response

How We Use Your Data

For Your Clinical Workflow

Query history, session continuity, shareable response links, and personalized follow-up suggestions based on your specialty and recent query patterns.

For Contextual Advertising

The therapeutic area of your current query is used for contextual ad placement (e.g., a cardiology query may trigger a cardiology advertisement). Individual provider query text and patient context are never shared with advertising partners. Aggregated, de-identified profile data (e.g., "500 cardiologists in the Northeast searched for SGLT2 inhibitors this week") may be shared with advertising partners for targeting purposes.

For Service Improvement

Aggregated query patterns are used to identify coverage gaps, prioritize evidence caching, and improve feature design. No individually identifiable data is used to train Ailva's own models. We may review de-identified usage patterns, system logs, and failure cases to improve retrieval quality, citation verification, product reliability, and provider workflow design.

Third-Party Services

Ailva uses the following third-party services to operate. Each service processes data only as necessary to provide its function:

• Neon (database hosting) — Stores provider accounts, query history, citations, and evidence records in PostgreSQL. Data encrypted at rest and in transit.
• Vercel (application hosting) — Hosts the Ailva web application, handles CDN delivery and serverless API functions. Access logs are retained per Vercel's data retention policy.
• Upstash (rate limiting) — Provides Redis-based rate limiting for API endpoints. Stores only ephemeral request counters keyed by anonymized identifiers; no query content or PHI is transmitted.
• Hugging Face Inference Endpoints (embedding inference) — Processes provider query text with the MedCPT query-encoder model so Ailva can perform vector-based retrieval against its evidence indexes.
• Z.ai (large language model inference) — Processes de-identified clinical queries and assembled evidence context to generate structured clinical responses. Query text and response prompts are transmitted over TLS for inference.
• Sentry (error monitoring) — Receives redacted application errors, performance traces, and diagnostics necessary to investigate bugs and degraded service behavior.

Ailva configures these vendors to process only the minimum data needed to operate the service. We do not permit advertising partners to receive full provider query text or de-identified patient context.

Google AdSense and Google Ad Manager

Ailva uses Google AdSense and Google Ad Manager to serve contextual advertisements. These services may use cookies, device identifiers, and browsing data to display relevant advertisements. Google may collect and process data according to the Google Privacy Policy.

Ailva does not share individual provider query content or patient context with Google or any advertising partner. Only contextual therapeutic-area signals (e.g., "cardiology") derived from the current query are used for ad targeting. You may opt out of personalized advertising through your account settings or the "Your Privacy Choices" link in the application. We honor the Global Privacy Control (GPC) browser signal.

Business Associate Agreements (BAA)

Ailva does not process, store, or transmit Protected Health Information. Our Terms of Service explicitly prohibit PHI entry, and clinical queries containing only de-identified patient descriptors are not PHI under HIPAA. Accordingly, Ailva is not acting as a Business Associate, and a BAA is not required at this time.

Because Ailva is built for de-identified clinical decision support and not for PHI workflows, we do not represent the service as HIPAA-compliant for identifiable patient data. If Ailva introduces features that process PHI in the future (for example, EHR integrations or note ingestion), we will update our vendor agreements, technical controls, and privacy terms before enabling those features.

HIPAA Safe Harbor De-Identification

Ailva applies the HIPAA Safe Harbor method of de-identification (45 CFR 164.514(b)(2)) to clinical context within queries. Under Safe Harbor, information is considered de-identified when the following 18 categories of identifiers are removed: names; all geographic data smaller than a state; all dates (except year) related to an individual; phone numbers; fax numbers; email addresses; Social Security numbers; medical record numbers; health plan beneficiary numbers; account numbers; certificate or license numbers; vehicle identifiers; device identifiers; web URLs; IP addresses; biometric identifiers; full-face photographs; and any other unique identifying number or code.

By design, Ailva's query input accepts only de-identified clinical descriptors (age, sex, lab values, conditions, medications). We do not solicit, and our Terms prohibit, information from any of the 18 Safe Harbor identifier categories.

Data Retention Periods

• Provider identity: Retained while your account is active. Deleted within 30 days of account closure.
• Query history and responses: Retained while your account is active (this is a core feature — providers revisit past queries). Deleted within 30 days of account closure.
• De-identified patient context extracted from queries: Retained with query history so prior answers can be reloaded and follow-up questions can be answered in context.
• Engagement metrics: Retained while your account is active. Aggregated, de-identified analytics data may be retained after account deletion.
• Advertising interaction data: Governed by Google's data retention policies. See the Google Privacy Policy linked above.
• Server and access logs: Retained for up to 90 days for security and debugging purposes, then deleted.

Security

All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 (provided by our database and hosting infrastructure). Passwords are hashed using bcrypt or argon2. We implement rate limiting, session controls, NPI-based access controls, and application monitoring designed to detect service degradation and abuse. We do not permit PHI in the product, which substantially reduces our attack surface.

Breach Notification

In the event of a data breach involving your personal information, we will notify affected users via email within 60 calendar days of discovering the breach, consistent with the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D) timeline. The notification will include a description of the breach, the types of information involved, the steps we are taking in response, and recommended actions for affected individuals.

If a breach affects 500 or more individuals, we will also notify the U.S. Department of Health and Human Services and, where required, prominent media outlets in the affected jurisdiction. Breaches affecting fewer than 500 individuals will be logged and reported to HHS annually.

Your Rights

Access

You may request a copy of all personal data we hold about you, including your provider profile, query history, and engagement metrics. Requests can be submitted to privacy@ailva.ai and will be fulfilled within 30 days.

Deletion

You may delete your account at any time through your profile settings. Account deletion permanently removes your provider profile, query history, and associated engagement data within 30 days. You may also request deletion by contacting privacy@ailva.ai.

Advertising Opt-Out

You may opt out of personalized advertising at any time through your account settings or the "Your Privacy Choices" link. When opted out, only contextual advertising (based on the current query's therapeutic area) will be displayed. We honor the Global Privacy Control (GPC) browser signal.

Data Portability

Upon request, we will provide your data in a structured, commonly used, machine-readable format (JSON).

California and U.S. State Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information. Similar rights may apply to residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy legislation.

Categories of personal information collected

We collect identifiers (NPI number, name, email address, IP address), professional information (specialty, credentials), internet or electronic network activity (clinical queries, engagement events, browsing data), and inferences drawn from the above (specialty-based content recommendations).

Sale or sharing of personal information

We do not sell personal information as defined under the CCPA. We may share de-identified, aggregate data with advertising partners for contextual ad targeting, which does not constitute a "sale" under the CCPA because the data is not reasonably linkable to an individual. We honor the Global Privacy Control (GPC) signal as a valid opt-out request.

Your rights under CCPA/CPRA

You have the right to (1) know what personal information we collect, use, and disclose, (2) request deletion of your personal information, (3) correct inaccurate personal information, (4) opt out of the sale or sharing of personal information, and (5) not be discriminated against for exercising your privacy rights. To exercise any of these rights, contact us at privacy@ailva.ai. We will respond to verifiable consumer requests within 45 days.

Do Not Track

We honor the Global Privacy Control (GPC) signal. We do not respond to browser-level Do Not Track (DNT) signals as there is no industry standard for compliance.

Children's Privacy

Ailva is not directed at individuals under the age of 18. We do not knowingly collect information from minors. NPI verification inherently restricts access to licensed healthcare providers.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a notice in the application. Continued use of Ailva after the effective date of any changes constitutes your acceptance of the revised policy.

Contact

Questions about this Privacy Policy may be directed to privacy@ailva.ai.