Privacy Policy

Last updated: November 28, 2025

1. We Are HIPAA-Compliant

PI Autopilot is a HIPAA-covered entity when handling Protected Health Information (PHI). We maintain administrative, physical, and technical safeguards that meet or exceed federal HIPAA standards. We sign a Business Associate Agreement (BAA) with every clinic.

2. Information We Collect

• Patient demographics, clinical notes, and billing data you enter to generate narratives
• EOBs and attorney correspondence you upload
• Your clinic name, address, NPI, and payment information
• Usage data (which features you use and when)

3. How We Use Your Data

Only to provide and improve the PI Autopilot service. We never sell, rent, or share PHI with third parties except our HIPAA-compliant subprocessors (listed below).

4. Subprocessors

• Supabase (database & storage – signed BAA)
• Stripe (payment processing – no PHI access)
• Docmosis / Carbone (document generation – encrypted in transit)
• Postmark / Resend (transactional email – no PHI in body)

5. Data Retention & Deletion

We retain PHI for 7 years (Texas medical record requirement) or until you request deletion. You may export or delete all data from your account settings at any time.

6. Contact

Privacy questions → privacy@piautopilot.com