Privacy Policy

Last Updated: October 6, 2025

At LongSession, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered pre-consultation assistant service.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Apply for our pilot program
  • Use our services
  • Contact us for support
  • Participate in surveys or feedback

This information may include:

  • Name and contact information (email, phone number)
  • Professional information (occupation, organization)
  • Account credentials

1.2 Health Information

When you use our pre-consultation service, we collect health-related information including:

  • Medical history and symptoms
  • Current medications and allergies
  • Previous diagnoses and treatments
  • Family medical history
  • Lifestyle and behavioral health information

This information is collected solely to provide you with our services and is protected under HIPAA regulations.

1.3 Technical Information

We automatically collect certain technical information when you use our services:

  • Device information (type, operating system, browser)
  • IP address and location data
  • Usage data and analytics
  • Log files and error reports

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and improve our AI-powered pre-consultation services
  • Medical Summaries: To generate structured medical history summaries for healthcare providers
  • Communication: To send you service-related notifications, updates, and respond to your inquiries
  • Improvement: To analyze usage patterns and improve our AI algorithms and service quality
  • Compliance: To comply with legal obligations and protect against fraud or security threats
  • Research: To conduct de-identified research to advance healthcare technology (only with your explicit consent)

3. HIPAA Compliance

LongSession is committed to full compliance with the Health Insurance Portability and Accountability Act (HIPAA):

  • All Protected Health Information (PHI) is encrypted in transit and at rest using industry-standard encryption
  • We maintain comprehensive Business Associate Agreements (BAAs) with all relevant parties
  • Access to PHI is strictly limited to authorized personnel on a need-to-know basis
  • We conduct regular security audits and risk assessments
  • All staff undergo HIPAA training and are bound by confidentiality agreements
  • We maintain detailed audit logs of all PHI access and modifications

4. Data Sharing and Disclosure

We do not sell your personal or health information. We may share your information only in the following circumstances:

4.1 Healthcare Providers

We share medical summaries with your designated healthcare providers to facilitate your care.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our platform, subject to strict confidentiality obligations and HIPAA-compliant BAAs.

4.3 Legal Requirements

We may disclose information when required by law, such as:

  • In response to valid legal processes (subpoenas, court orders)
  • To protect our rights, property, or safety
  • To prevent fraud or security threats
  • In emergency situations to protect health or safety

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred, subject to the same privacy protections.

5. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption: End-to-end encryption for all data transmission and storage
  • Access Controls: Multi-factor authentication and role-based access controls
  • Network Security: Firewalls, intrusion detection, and regular security monitoring
  • Data Centers: SOC 2 Type II certified data centers with physical security measures
  • Incident Response: Comprehensive incident response and breach notification procedures
  • Regular Audits: Third-party security audits and penetration testing

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Medical Records: Retained in accordance with HIPAA requirements and applicable state laws (typically 6-7 years)
  • Account Information: Retained while your account is active and for a reasonable period thereafter
  • Marketing Data: Retained until you opt out or request deletion
  • Legal Requirements: Some information may be retained longer if required by law

7. Your Privacy Rights

You have the following rights regarding your information:

  • Access: Request access to your personal and health information
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your information (subject to legal retention requirements)
  • Restriction: Request restriction on how we use your information
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain uses of your information
  • Opt-Out: Opt out of marketing communications at any time

To exercise these rights, please contact us using the information provided below.

8. International Data Transfers

If you are accessing our services from outside the United States, please note that your information may be transferred to, stored, and processed in the United States. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and preferences
  • Analyze usage patterns and improve our services
  • Provide personalized content and recommendations

You can control cookie preferences through your browser settings, though this may affect service functionality.

11. Third-Party Links

Our services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending you an email notification (for significant changes)

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

13. State-Specific Privacy Rights

California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

Other States

Residents of other states with comprehensive privacy laws (e.g., Virginia, Colorado) have similar rights. Contact us to exercise these rights.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: privacy@longsession.com
Privacy Officer: privacy@longsession.com

We will respond to your request within 30 days in accordance with applicable law.