Updated: January 2026

All Hail AI is committed to protecting personal and confidential information. This Privacy Policy describes how we handle information in connection with our professional consulting services.

This policy applies to information All Hail AI processes, accesses, or collects when providing technical consulting services to healthcare organizations. We operate exclusively within the United States.

• Client business information accessed during consulting engagements.
• Protected Health Information (ePHI) accessed as a HIPAA Business Associate.
• Technical data processed in development, testing, and production environments.
• Communications and project documentation.

• Information collected through our website or marketing activities (we do not collect personal information via these channels).
• Client-specific data handling governed by individual service agreements and Business Associate Agreements (BAAs).

All Hail AI provides technical consulting services including platform architecture, software development, healthcare technology systems consulting, and integration services. In providing these services, we operate as a HIPAA Business Associate.

• ePHI: Patient records, health data, and clinical information subject to HIPAA.
• Client Business Data: Proprietary systems, business processes, and technical specifications.
• Technical Data: System logs, performance metrics, and code repositories.
• Business Contact Information: Client point-of-contact names, emails, and billing information.

We use information only for:

• Service Delivery: Providing contracted consulting and development services.
• Quality Assurance: Ensuring accurate and secure service delivery.
• Compliance: Meeting HIPAA, SOC2, and contractual obligations.
• Legal Requirements: Responding to valid legal processes.
• Business Operations: Invoicing, contract management, and audit support.

We implement comprehensive security controls aligned with HIPAA Security Rule and SOC2 requirements:

• Technical Safeguards: TLS 1.2+ encryption in transit, AES-256 at rest, multi-factor authentication, and secure development practices.
• Administrative Safeguards: Annual workforce training, documented access authorization, and 24-hour breach detection procedures.
• Physical Safeguards: Restricted facility access, encrypted endpoints, and secure media destruction.

• Locations: All data processing occurs exclusively within the United States.
• Subprocessors: We use trusted third-party services (such as AWS, GitHub, and Google Workspace) that store data exclusively in the U.S. and are subject to BAAs where applicable.
• Sharing: We do not sell any personal, business, or health information. We share information only as required by BAAs, by law, or to prevent a serious threat to health or safety.

• ePHI & Client Data: Retained per BAA terms (typically 0–30 days post-project).
• Project Documentation & Audit Logs: Retained for 7 years per HIPAA and business requirements.
• Secure Deletion: Upon completion, we use NIST 800-88 compliant methods to securely delete or return data.

• HIPAA Rights: Rights regarding ePHI must be exercised through the Covered Entity (your healthcare provider), not directly with All Hail AI.
• State Privacy Rights: Residents of CA, VA, CO, CT, and UT may have rights to know, correct, or delete their business contact information. We do not sell or share personal information for behavioral advertising.

For questions about this Privacy Policy or to exercise your rights:

• Privacy Inquiries: privacy@allhail.ai
• Security Incidents: security@allhail.ai
• General Business: help@allhail.ai
• Website: https://allhail.ai

We respond to privacy inquiries within 10 business days and rights requests within 45 days.