Privacy Policy

DrAI is a restricted-access application. It is not available to the general public.

• Institutional licensing only — Access to DrAI is granted exclusively through licensing agreements with healthcare organizations (hospitals, clinics, medical groups). Individual sign-ups are not available.
• Verified healthcare professionals — Only licensed physicians and authorized clinical staff within a subscribing institution may use the App. Accounts are provisioned and managed by the institution.
• No public authentication — DrAI does not support Google, Apple, social login, or any general-purpose authentication. All user accounts are created through our institutional onboarding process with identity verification.
• Institutional responsibility for patient consent — The subscribing healthcare institution and its physicians are responsible for obtaining appropriate patient consent before using DrAI to process patient-related data, including voice recordings in the Companion feature. Areen AI provides the technology platform; the institution governs its clinical use in accordance with its own policies, ethics board approvals, and applicable regulations.
• Compliance with institutional policies — Each institution deploys DrAI under its own data governance and clinical use policies. Areen AI works with each institution to ensure the deployment meets their regulatory and compliance requirements.

• Account information — Name, email address, medical specialty, and credentials provided during registration.
• Chat messages — Text messages and clinical questions you send through the chat interface.
• Medical images — ECG images, X-Ray images, and other clinical documents you upload for AI analysis.
• Audio recordings — Voice recordings uploaded through the Companion feature for clinical documentation.
• Patient data — Clinical conditions, medications, lab values, and clinical context you enter into the app. Patient names and identifiable information are never sent to third-party AI services — they are stored only in our secure database and stripped before any AI processing.
• Usage data — App interaction data, feature usage patterns, and session metadata.

• AI processing — Your messages, images, and audio are processed by AI models to generate clinical decision support, evidence summaries, image analyses, and transcriptions.
• Service improvement — Aggregated, anonymized usage data may be used to improve the quality and reliability of our services.
• Account management — To maintain your account, authenticate sessions, and provide personalized content.

DrAI uses the following third-party AI services to process your data:

• OpenAI — Language models for clinical reasoning, evidence synthesis, drug interaction analysis, and conversational AI. Data is processed via API and is not used by OpenAI to train models under our agreement.
• Google Cloud (Chirp 3) — Speech-to-text processing for voice companion sessions. Audio data is processed in real-time and not retained by Google beyond the processing window.

All data transmitted to these services is encrypted in transit. We maintain data processing agreements with each provider that ensure your data receives equivalent protection.

Patient de-identification: Patient names, medical record numbers, and other direct identifiers are never included in requests to third-party AI services. Our platform strips identifiable information before AI processing and re-associates responses with the patient record internally.

• All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Data is stored on Google Cloud Platform servers in the Middle East region (me-central1).
• Access to production systems is restricted to authorized personnel with multi-factor authentication.
• We conduct regular security reviews and follow industry best practices for healthcare data protection.

• Conversation history and uploaded files are retained in your account for your ongoing reference.
• You can delete individual conversations, patient records, or companion sessions at any time.
• Account deletion permanently removes all associated data from our servers within 30 days.
• Anonymized, aggregated analytics data may be retained indefinitely.

You have the right to:

• Access your personal data held by us.
• Correct inaccurate or incomplete data.
• Delete your data and account.
• Export your data in a portable format.
• Withdraw consent for data processing at any time.

To exercise any of these rights, contact us at privacy@areen.ai.

Areen AI
Email: privacy@areen.ai
Website: areen.ai