Privacy Policy

Last Updated: September 9, 2025

Table of Contents

At Prompted ("we," "us," or "our"), we are committed to protecting your privacy and handling your personal and health information in an open and transparent manner. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information, including Protected Health Information (PHI), when you use our application ("Software") and services.

1. Introduction

Prompted is dedicated to maintaining the confidentiality, integrity, and security of personal and health information we collect. We comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, as well as other applicable federal and state laws governing the protection of health information.

2. Information We Collect

2.1. Personal Information

  • Registration Data: When you create an account, we collect personal information such as your name, email address, phone number, and professional credentials.
  • Authentication Data: For multi-factor authentication (MFA), we collect your mobile phone number to send SMS messages.

2.2. Protected Health Information (PHI)

  • Input Data: Any health information you input into the Software that relates to an individual's past, present, or future physical or mental health condition.
  • Generated Content: Documentation generated by the AI technology based on your input, which may include PHI.

2.3. Usage Data

  • User Activity: We collect information about how you use the Software, including access times, pages viewed, and features used.
  • Device Information: Information about the device you use to access the Software, including IP address, operating system, and browser type.

3. How We Use Your Information

3.1. To Provide and Maintain Our Services

  • Facilitate account creation and authentication.
  • Generate medical documentation as per your requests.
  • Send SMS messages for MFA to secure your account.

3.2. To Comply with HIPAA

  • Use and disclose PHI only as permitted or required by HIPAA and other applicable laws.
  • Ensure that all uses and disclosures of PHI are for treatment, payment, or healthcare operations, or as otherwise authorized by you.

3.3. To Communicate with You

  • Respond to your inquiries and provide customer support.
  • Send administrative information, such as updates to our Terms of Use and Privacy Policy.

3.4. To Improve Our Services

  • Analyze usage patterns to enhance user experience.
  • Develop new features and services.

3.5. Legal Obligations

  • Comply with legal and regulatory requirements.
  • Enforce our Terms of Use and other agreements.

4. Disclosure of Your Information

4.1. Business Associates

We may share your PHI with third-party service providers ('Business Associates') who perform services on our behalf, such as:

  • SMS Delivery Services: Trusted third parties like Twilio to send SMS messages for MFA.
  • Cloud Storage Providers: For secure data storage and management.

All Business Associates are required to protect your PHI in compliance with HIPAA and are bound by contractual agreements (Business Associate Agreements) to safeguard your information.

4.2. Legal Requirements

We may disclose your information:

  • To comply with legal obligations, court orders, or governmental requests.
  • To protect and defend our rights and property.
  • To prevent or investigate possible wrongdoing in connection with the Software.

4.3. De-Identified Information

We may use and disclose de-identified information (information that does not identify you and cannot reasonably be used to identify you) for research, analytics, and other purposes permitted by law.

5. Your Rights Under HIPAA

5.1. Access and Copies

You have the right to access and obtain a copy of your PHI that we maintain. You may request this information by contacting us at info@thinkprompted.ai.

5.2. Amendments

If you believe that your PHI is incorrect or incomplete, you have the right to request an amendment. We may deny your request under certain circumstances, but we will provide a written explanation.

5.3. Accounting of Disclosures

You have the right to receive an accounting of certain disclosures of your PHI made by us in the past six years, excluding disclosures for treatment, payment, or healthcare operations.

5.4. Restrictions

You have the right to request restrictions on certain uses and disclosures of your PHI. While we will consider your request, we are not required to agree to the restriction.

5.5. Confidential Communications

You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.

6. Data Security

We implement appropriate administrative, technical, and physical safeguards to protect your personal information and PHI against unauthorized access, alteration, disclosure, or destruction, as required by HIPAA.

6.1. Technical Safeguards

  • Encryption: All PHI is encrypted during transmission and at rest using industry-standard encryption protocols.
  • Access Controls: Strict access controls to limit PHI access to authorized personnel only.
  • Audit Controls: Regular monitoring and logging of access to PHI.

6.2. Physical Safeguards

  • Secure Facilities: Physical security measures to protect our servers and workstations.
  • Device and Media Controls: Policies for the receipt and removal of hardware and electronic media containing PHI.

6.3. Administrative Safeguards

  • Employee Training: Regular training for all workforce members on HIPAA compliance and data protection.
  • Security Management: Risk analysis and management processes to identify and mitigate potential risks to PHI.
  • Contingency Planning: Disaster recovery and emergency operation plans to ensure the availability of PHI.

7. Data Retention

We retain your personal information and PHI only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations, including HIPAA requirements.

8. Breach Notification

In the event of a breach of unsecured PHI, we will notify you without unreasonable delay and in accordance with HIPAA breach notification requirements.

9. Your Choices and Rights

9.1. Opt-Out of SMS Communications

You may opt out of receiving SMS messages at any time by replying "STOP" to any message you receive or by contacting our customer support at info@thinkprompted.ai. Please note that opting out may affect your ability to access your account due to MFA requirements.

9.2. Deletion

You may request the deletion of your personal information and PHI by contacting us at info@thinkprompted.ai. We will process your request in accordance with HIPAA and other applicable laws.

10. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and assist in our marketing efforts. PHI is not collected through cookies or tracking technologies.

12. Children's Privacy

Our Software is not intended for use by individuals under the age of 18. We do not knowingly collect personal information or PHI from children under 18. If we become aware that we have collected such information, we will take steps to delete it.

13. International Data Transfers

Your information, including PHI, may be transferred to and maintained on servers located outside of your state, province, or country. We take appropriate measures to ensure that such transfers comply with applicable data protection laws.

14. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any significant changes by updating the "Last Updated" date at the top of this policy and, if necessary, by other means.

15. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact our Privacy Officer at:

Email: info@thinkprompted.ai

Address: 217 South Black Horse Pike, Suite B, Haddon Heights, NJ 08035

17. Compliance with Laws

We comply with all applicable data protection laws, including but not limited to:

  • Health Insurance Portability and Accountability Act (HIPAA): We handle PHI in compliance with HIPAA regulations, including the Privacy Rule, Security Rule, Breach Notification Rule, and Enforcement Rule.
  • Other Applicable Laws: We comply with other federal and state laws that govern the use and disclosure of personal and health information.

18. Business Associate Agreement

Prompted acts as a Business Associate under HIPAA when providing services to Covered Entities (healthcare providers, health plans, and healthcare clearinghouses). We enter into Business Associate Agreements with Covered Entities to ensure compliance with HIPAA requirements.

19. Uses and Disclosures

We will obtain your written authorization before using or disclosing your PHI for purposes other than those permitted or required by HIPAA. You may revoke your authorization at any time, except to the extent that we have already acted based on it.

20. Minimum Necessary Standard

When using or disclosing PHI, or when requesting PHI from another entity, we make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose, as required by HIPAA.

21. Electronic PHI Safeguards

We implement additional safeguards specific to ePHI, including:

  • Automatic Logoff: Systems that terminate an electronic session after a predetermined time of inactivity.
  • Unique User Identification: Assigning a unique name and/or number for identifying and tracking user identity.
  • Transmission Security: Measures to guard against unauthorized access to ePHI transmitted over electronic networks.

22. Right to File Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with us, contact our Privacy Officer at info@thinkprompted.ai. We will not retaliate against you for filing a complaint.

23. No Marketing Communications

We do not use or disclose your PHI for marketing purposes without your prior written authorization, as defined and required by HIPAA.

24. Sale of PHI

We do not sell your PHI. Any transfer of PHI for remuneration requires your prior written authorization, in accordance with HIPAA regulations.

25. Special Situations

25.1. Judicial and Administrative Proceedings

We may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process, as permitted or required by law.

25.2. Law Enforcement

We may disclose PHI to law enforcement officials for law enforcement purposes, as permitted by HIPAA and other applicable laws.

26. Governing Law

This Privacy Policy and our privacy practices will be subject to the laws of the United States and the state in which we are located, without regard to its conflict of law provisions.

Acknowledgment

By accessing or using our Software, you acknowledge that you have read, understand, and agree to be bound by this Privacy Policy.