Privacy Policy

1. Introduction

ABAIQ ("the Service") is an AI-powered documentation assistant for Applied Behavior Analysis (ABA) professionals. The Service is operated by Hybreu Digital LLC (DBA ABAIQ), a Florida limited liability company ("we", "us", or "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use ABAIQ.

2. Information We Collect

When you use ABAIQ, we collect the following types of information:

• Account information: Name, email address, phone number, and license type (e.g., RBT, BCBA) provided during registration.
• Session inputs: Clinical session details you provide or that the extension reads from your screen to generate notes, including behavior descriptions, interventions, place of service, and session duration. ABAIQ reads only data that is already visible to you on your screen.
• Usage metadata: Features used, number of notes generated, and timestamps. We do not store the content of generated notes on our servers.
• Payment information: Billing details are processed securely through our third-party payment provider. We never store, access, or see your full credit card number.
• Terms acceptance records: When you create an account, we automatically record the timestamp of your acceptance, the version of the Terms of Service accepted, your device information (user agent), platform, and language preference. These records serve as evidence of your agreement and are retained for legal and compliance purposes.

3. How the Chrome Extension Works

Transparency about how the ABAIQ extension operates is important to us:

• The extension reads clinical session data that is already visible to you on your screen within any web-based practice management system you use.
• It only accesses information that you, the authenticated user, can already see in your browser window.
• The extension does not access internal APIs, databases, backend systems, or servers of any third-party platform.
• The extension does not intercept network traffic, access data from other users, or read information from other browser tabs.
• Its functionality is comparable to accessibility tools or spell-checkers that read visible on-screen content to assist the user.

4. Local Browser Storage (Cache)

The ABAIQ extension stores certain data locally in your browser to improve your experience:

• What is stored: Per-client preferences such as behavior functions, training objectives, and additional clinical details you have entered; your authentication token; and your language preference.
• Purpose: To pre-fill recurring data fields for the same client in future sessions, saving you time and reducing repetitive data entry.
• Where it is stored: Locally on your device within Chrome's extension storage. This data is not synced to the cloud, not transmitted to our servers, and not accessible to other extensions or websites.
• How to clear it: You can clear this data at any time through the extension settings or by uninstalling the extension from your browser.

5. AI Processing and Clinical Data

This section is especially important for ABA professionals handling sensitive clinical information:

• Session inputs are sent to our AI provider solely for the purpose of generating clinical note drafts. We maintain a Business Associate Agreement (BAA) with our AI provider.
• Data is processed in real-time via secure streaming and is not permanently retained by the AI provider.
• Our AI provider does not use your clinical data to train, improve, or develop AI models.
• We do not sell, share, license, or use your clinical data for advertising, marketing, or any purpose other than generating your requested notes.
• ABAIQ does not control what information you choose to input. You are responsible for not including direct patient identifiers (full names, dates of birth, Social Security numbers) in session inputs.

6. What We Do NOT Store

We want to be clear about what data we do not retain:

• Generated notes are NOT stored on ABAIQ servers or in our database. Notes exist only in your browser's memory during your active session.
• Once you close the extension sidebar or export a note to your practice management system, no copy of that note remains in our systems.
• We store only usage metadata: the number of notes generated and timestamps for billing and analytics purposes. The content of your notes is never recorded.
• We do not store full credit card numbers, bank account details, or other sensitive financial data.

7. Data Storage and Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS/SSL.
• Account data is stored on secure infrastructure hosted by SOC 2 certified providers.
• Multi-factor authentication (SMS) is available and enabled for account security during web login.
• Authentication tokens have defined expiration periods.
• Access to production data is restricted to authorized personnel only.
• We conduct regular security reviews and follow industry best practices.

8. HIPAA Compliance

ABAIQ is designed with healthcare data sensitivity at its core:

• We implement administrative, technical, and physical safeguards consistent with HIPAA requirements.
• We maintain a Business Associate Agreement (BAA) with our AI provider to ensure compliant handling of session data.
• ABAIQ is a documentation assistance tool and does not serve as an electronic health record (EHR) or medical record system.
• You are responsible for ensuring your use of ABAIQ complies with HIPAA and applicable state regulations.
• We strongly recommend that you do not include direct patient identifiers (full names, dates of birth, Social Security numbers) in session inputs.
• If you require a Business Associate Agreement (BAA) directly with ABAIQ, please contact us at support@abaiq.ai.

9. Third-Party Services

We use the following categories of third-party services to operate ABAIQ:

• Authentication and database infrastructure: For secure user authentication, data storage, and backend services.
• Payment processing: For subscription billing and payment handling. We never store your full credit card information.
• AI provider: For real-time clinical note generation. A BAA is in place with this provider, and session data is not retained for model training.
• SMS verification: For multi-factor authentication delivery.

Each of these providers maintains their own privacy policies, security certifications, and compliance standards.

10. Third-Party Platform Integrations

ABAIQ operates as an independent browser-based tool:

• ABAIQ is not affiliated with, endorsed by, or sponsored by any third-party practice management system or platform.
• The extension reads data that is already visible on your screen and can write user-approved content (such as generated notes) back into form fields at your direction. It does not access the backend systems, APIs, databases, or internal infrastructure of any third-party platform.
• ABAIQ does not store, copy, or redistribute any proprietary data belonging to third-party platforms. It processes visible on-screen data solely to generate notes for your personal professional use.
• All third-party trademarks, trade names, and logos referenced within the Service are the property of their respective owners.

11. Data Retention

We retain your data as follows:

• Account data: Retained while your account is active and for 30 days after an account deletion request, after which it is permanently deleted.
• Generated notes: Not retained. Notes exist only in your browser's memory during the active session.
• Local browser cache: Persists on your device until you clear it manually or uninstall the extension.
• Payment records: Retained as required by applicable financial and tax regulations.
• Usage logs: Retained for up to 12 months for service improvement and billing verification.

12. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and all associated data.
• Export your account information.
• Opt out of non-essential communications.

To exercise any of these rights, contact us at support@abaiq.ai. We will respond to requests within 30 days.

13. Data Breach Notification

In the event of a data breach that affects your personal information:

• We will notify affected users within 72 hours of confirming the breach.
• We will notify applicable regulatory authorities as required by law.
• Notification will include a description of the breach, the types of data affected, and steps we are taking to address it.

14. Children's Privacy

ABAIQ is designed exclusively for licensed ABA professionals and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will promptly delete it.

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Florida, United States, without regard to its conflict of law provisions. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Florida.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify registered users of material changes via email at least 15 days before they take effect. The "Effective Date" at the top of this page indicates the most recent revision.

17. Related Policies

For additional information about how we handle your data and the terms governing the Service, please review:

• Terms of Service — Usage terms, professional responsibility, and liability limitations
• Security & Development Practices — Technical safeguards, HIPAA compliance posture, and data architecture

18. Contact Us

For questions or concerns about this Privacy Policy or our data practices, please contact us:

Hybreu Digital LLC (DBA ABAIQ)
Email: support@abaiq.ai