SuperAuth.ai

Book Demo

Privacy Policy

1. Acceptance of Terms

This policy applies to:

  • All users of the SuperAuth.ai platform (including clinics, providers, and authorized users)
  • All data processed through our application, integrations, and APIs
  • All visitors of our website and connected portals

2. Information We Collect

A. Personal Information

When you create or use an account, we may collect:

  • Account Information: name, email, phone, organization, job title
  • Authentication Data: login credentials, session tokens, MFA preferences
  • Profile & Usage Information: role, preferences, permissions, system settings

 

B. Protected Health Information (PHI)

To deliver prior authorization services, we process PHI strictly under HIPAA’s definition, including:

  • Patient Identifiers: name, DOB, record numbers, demographics
  • Clinical Data: diagnoses, CPT/ICD codes, medical notes, treatment plans
  • Insurance Data: payer names, authorization numbers, coverage details

All PHI is handled as a Business Associate under signed HIPAA Business Associate Agreements (BAAs).

C. Usage & Technical Data

  • System Logs: IP address, device/browser, access times
  • Analytics: workflow usage, click metrics, response latency
  • Integration Data: EHR sync records, API transactions, error logs

3. How We Use Information

PurposeDescription
Service DeliveryProcess prior authorizations, generate clinical letters, and communicate with payers
Platform EnhancementTrain and improve AI accuracy, add features, optimize performance
Security & ComplianceMonitor access, detect threats, maintain audit trails, ensure HIPAA compliance
Support & CommunicationRespond to inquiries, send notifications, share product updates
Legal & ContractualFulfill BAAs, comply with law, enforce terms, respond to lawful requests

Note: We never use PHI or personal data for marketing or advertising purposes.

4. Data Security Measures

Encryption

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Encrypted database backups
  • Key rotation (AWS KMS)

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Session timeout policies
  • Least-privilege permissions
Monitoring
  • 24/7 security monitoring
  • Intrusion detection (AWS GuardDuty)
  • Comprehensive audit logging
  • Real-time threat detection
Compliance
  • HIPAA-compliant infrastructure
  • SOC 2 Type II certified
  • ISO 27001 certified
  • Annual security audits

5. Information Sharing and Disclosure

We do not sell or rent any personal information or PHI.

We may share data only under the following circumstances:

With Insurance Payers

We share necessary clinical and administrative information to process prior authorization requests on your behalf.

With Authorized Healthcare Providers

We exchange patient information with your EHR system and authorized providers for treatment coordination.

With Service Providers

Trusted third-party vendors (cloud hosting, AI inference, analytics, support) operating under executed Business Associate Agreements.

For Legal Compliance

When required by law, court order, subpoena, or to protect rights, property, and safety.

With Your Consent

For purposes not described above with your explicit consent.

All sub-processors are U.S. based or certified under appropriate data transfer safeguards.

6. Your Privacy Rights

Under HIPAA (45 CFR § 164.524 – 528) and applicable laws, you may:

Access

Request access to your PHI and personal information

Correction

Correct inaccurate or incomplete data

Accounting

Receive an accounting of PHI disclosures

Restriction

Request restrictions on certain uses

Confidential Communication

Request communications by alternative means

Complaint

File a complaint about privacy practices

To exercise these rights, please contact our Privacy Officer at privacy@superauth.ai

For California residents (CCPA) and EU users (GDPR), additional rights to deletion, portability, and objection apply where relevant.

7. Data Retention

Data TypeRetention PeriodJustification
PHI / Clinical Data7 years after case closureHIPAA record retention
Account DataWhile active + 30 days after terminationService continuity
Audit Logs7 yearsSecurity & compliance evidence
BackupsEncrypted; 90 daysDisaster recovery

Older data is securely destroyed using NIST 800-88 methods.

8. International Users

SuperAuth.ai services are hosted exclusively in the United States. If you access the platform from outside the U.S., you acknowledge that your data will be transferred to and processed within the U.S. under HIPAA and applicable U.S. law.

9. Children's Privacy

SuperAuth.ai is intended for professional healthcare use only and is not directed to individuals under 18 years of age. We do not knowingly collect information from minors.

10. Data Breach Notification

In the unlikely event of a security incident involving PHI:

  • Affected customers will be notified within 60 days, as required by 45 CFR § 164.404
  • We will describe the nature of the breach, data impacted, and mitigation steps
  • Incidents are also reported to HHS as required

10. Data Breach Notification

We may update this policy periodically. Material updates will be communicated via:

  • In-app notice
  • Email notification to registered users
  • Updated “Last Updated” date at the top

Your continued use after changes become effective constitutes acceptance.

12. Contact Information

Privacy Officer

SuperAuth.ai

DynaNet Healthcare Inc.

8 The Green, STE B

Dover, DE 19901

Email: privacy@superauth.ai

Put prior auth on autopilot

Faster approvals. Happier patients. Smarter revenue.
Book demo