Privacy Policy

Effective date: February 1, 2025

This Privacy Policy explains how LukeAIS (operated by Two Doves Harvest LLC) ("LukeAIS," "we," "us," or "our") collects, uses, and protects information when you use our marketing website at lukeais.com, the LukeAIS Provider web app, and our LukeAIS mobile applications (including the iOS and Ionic-based apps) (collectively, the "Services"). This Policy is intended to be consistent with applicable U.S. federal law and Florida state privacy laws. It is not legal advice and you should consult your own attorney for compliance decisions.

1. Scope

This Policy applies to information we collect from:

• Healthcare providers and their staff who create or use LukeAIS accounts.
• Visitors to our marketing website and support channels.
• Patient and encounter information processed through our Services on behalf of healthcare providers.

When we handle patient information that is Protected Health Information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA"), we generally act as a "business associate" to the healthcare provider (the "covered entity"). Our use and disclosure of PHI is governed by HIPAA, applicable Florida health privacy laws, and our Business Associate Agreement ("BAA") with the provider. If this Policy conflicts with a BAA, the BAA will control for PHI.

2. Information We Collect

a. Information you provide to us

• Account and profile information: name, email address, password, role, practice or organization details, and billing information.
• Clinical encounter data: audio recordings, transcripts, summaries, note review content, and any other clinical information you choose to submit through the Services, including PHI about your patients.
• Support and communications: information you provide via email, in-app feedback, or contact forms on the website (such as name, email, and message content).

b. Information collected automatically

• Usage and device information: IP address, browser type, device identifiers, app version, operating system, and log data about how you use the Services.
• Cookies and similar technologies: we may use cookies or similar tools to remember your preferences, keep you signed in, and understand aggregate usage. You can usually control cookies through your browser settings, but disabling cookies may affect certain features.

3. How We Use Information

We use the information described above for the following purposes:

• To provide, operate, and maintain the Services, including transcription, note generation, and note review features.
• To create transcripts and clinical summaries from audio recordings using AI services (for example, AWS HealthScribe and related Amazon Web Services).
• To secure the Services, prevent abuse, detect and investigate security incidents, and enforce our terms and policies.
• To communicate with you about your account, respond to inquiries, provide support, and send important updates.
• To analyze usage and improve the Services, including developing new features and optimizing performance.
• To comply with applicable laws, regulations, and legal processes, including HIPAA and Florida state requirements.

4. How We Share Information

We share information in the following circumstances:

• With service providers: We use trusted third-party vendors to host and operate the Services (such as Amazon Web Services, including AWS HealthScribe and related storage and security services), process payments, send emails, and provide analytics or logging. These providers may access personal information only to perform services for us and are required to protect it.
• With your direction: We share information with systems and individuals you authorize, such as other members of your practice, EHR or practice management systems you connect, or third parties you instruct us to integrate with.
• For legal and safety reasons: We may disclose information if we believe it is reasonably necessary to satisfy applicable law, regulation, legal process, or governmental request; to protect the rights, property, or safety of LukeAIS, our users, or others; or to detect, prevent, or address fraud or security issues.
• Business transfers: If we are involved in a merger, acquisition, financing, or sale of all or part of our business, information may be transferred as part of that transaction, subject to appropriate confidentiality protections.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising or targeted advertising. We do not use PHI for marketing or advertising purposes.

5. Data Retention

We retain personal information, including PHI processed on behalf of providers, for as long as necessary to provide the Services, comply with our legal and contractual obligations (including under HIPAA and our BAAs), resolve disputes, and enforce our agreements. Providers may have configuration options to control how long certain recordings or transcripts are stored; where such options exist, those settings will govern retention. We may retain de-identified or aggregated data that does not reasonably identify an individual for analytics, security, and service improvement.

6. Security

We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, encryption at rest for stored data, access controls, and logging. No system can be guaranteed to be perfectly secure, and we cannot promise or guarantee absolute security, but we work to protect information consistent with HIPAA requirements and industry best practices.

7. Your Choices and Rights

If you are a healthcare provider user, you may access and update certain account information directly in the LukeAIS Provider app or by contacting us at support@lukeais.com. We will respond to reasonable requests subject to our legal and contractual obligations.

If you are a patient of a healthcare provider who uses LukeAIS, your healthcare provider controls your PHI. You should contact your provider directly to exercise rights of access, correction, or deletion under HIPAA or other health privacy laws. We will support the provider in responding to such requests as required by our BAA and applicable law.

8. Florida Residents

To the extent Florida privacy laws, including the Florida Digital Bill of Rights and other state privacy and consumer protection laws, apply to our processing of your personal information, Florida residents may have certain rights, such as the right to request access to or deletion of certain personal information, and the right to be free from retaliation for exercising privacy rights. Because LukeAIS primarily processes PHI on behalf of healthcare providers, some of these rights may not apply to PHI or may need to be exercised through your provider rather than directly with us. To submit a request related to your personal information held by LukeAIS, contact us at support@lukeais.com. We may need to verify your identity and, where appropriate, confirm the request with the relevant provider.

9. Children's Privacy

The Services are designed for use by healthcare professionals, not for direct use by children. We do not knowingly collect personal information directly from children under 13 through our marketing website or apps. Healthcare providers may use the Services in the course of treating minor patients, and such information is handled as PHI as described above.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will change the "Effective date" at the top of the Policy and, where required by law, provide additional notice. Your continued use of the Services after an update indicates your acceptance of the revised Policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

Email: support@lukeais.com

Mailing address: LukeAIS / Two Doves Harvest LLC, United States (Florida-based). Please include enough detail in your request so we can understand and respond to it.