PRIVACY POLICY

INFORMATION WE COLLECT

We collect information, including both Personal Information and Protected Health Information, when you interact with us and the Services, for example when you:

• Access or use the Services
• Create an account with us
• Integrate with Electronic Health Record (EHR) systems
• Interact with our AI agents through voice or text messages
• Opt-in to receive SMS text messages
• Open or respond to our emails or text messages
• Contact customer service or support
• Apply for employment

PERSONAL INFORMATION

Personal Information" means information about you that specifically identifies you or, when combined with other information we have, can be used to identify you. We collect Personal Information about medical practice staff and administrators when you choose to provide such information to us. Submitting Personal Information through the Services is voluntary. By doing so, you are giving us your permission to use the information for the stated purpose.

Your Personal Information may include:

• Your name
• Email address
• Telephone number and mobile phone number
• Practice name and address
• Healthcare provider credentials and licenses
• Payment and billing information
• Other similar information necessary to provide Services

PROTECTED HEALTH INFORMATION (PHI)

As part of our Services to medical practices, we collect, process, and store Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). PHI includes individually identifiable health information that we receive from or create on behalf of Covered Entities for purposes of performing our Services.

PHI we may process includes:

• Patient names, contact information, and demographics
• Patient mobile phone numbers for SMS communications
• Medical history and health conditions
• Appointment and scheduling information
• Procedure details and preparation instructions
• Billing and insurance information
• Communications between patients and AI agents via phone and SMS
• Other health information necessary to coordinate patient care and practice operations

SMS OPT-IN DATA

When patients opt-in to receive SMS text messages from their medical practice through our Services, we collect and maintain records of their SMS opt-in consent, including the date, time, method of consent (verbal or digital), and the phone number provided. This SMS opt-in data is treated as PHI and protected under HIPAA regulations.

NON-PERSONAL INFORMATION

We collect and temporarily store certain information about your usage of the Services. Non-Personal Information means information that alone cannot identify you, including data such as cookies, pixel tags, web beacons, and device information. This information includes, without limitation:

Device Data

We may collect information such as: the type of computer and/or mobile device you use; the unique device ID; the IP address; the operating system; and the type of internet browsers you use.

Usage Details

When you access and use the Services, we may automatically collect certain details of your access to and use of the Services, including traffic data, location data, logs, AI agent interaction patterns, escalation events, SMS delivery status, and other communication data and the resources that you access and use on or through the Services.

AI Interaction Data

We collect information about how our AI agents interact with patients and practice staff, including conversation patterns, escalation triggers, workflow performance metrics, SMS delivery success rates, and quality assurance data. This data is used to improve our Services and ensure optimal performance.

LEGAL BASIS FOR COLLECTING YOUR INFORMATION

We collect, process, and use your information for the purposes described in this Privacy Policy, based on at least one of the following legal grounds:

With Your Consent

We ask for your agreement to process your information for specific purposes, including obtaining your express consent to receive SMS text messages. You have the right to withdraw your consent at any time by replying STOP to any text message or contacting your healthcare provider.

When Performing Our Agreement

We collect and process your information in order to provide you with the Services, following your acceptance of this Privacy Policy and our Terms and Conditions; to maintain and improve our Services; to develop new AI capabilities and features for our users; and to personalize the Services to provide better user experiences.

Legitimate Interests

We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. This includes detecting, preventing, or addressing fraud, abuse, security, usability, functionality, or technical issues; protecting against harm to the rights, property, or safety of our properties, users, or the public; enforcing legal claims; and complying with applicable laws, regulations, industry standards, and contractual requirements.

HIPAA Compliance

For PHI, we process information in accordance with our Business Associate Agreement (BAA) with your medical practice and as permitted or required under HIPAA regulations.

HOW WE USE YOUR INFORMATION

We process your information for a variety of purposes, depending on how
you interact with our Services, including:

• To provide and maintain our automated medical practice operations platform
• To facilitate patient communications through AI-powered voice and SMS text message agents
• To send SMS text messages for appointment scheduling, reminders, and confirmations
• To automate procedure coordination and preparation instructions via SMS
• To provide billing support and respond to patient inquiries via text message
• To integrate with EHR systems and manage healthcare workflows
• To orchestrate agentic workflows across multiple touchpoints in the patient journey
• To implement human-in-the-loop escalation for high-risk or sensitive situations
• To monitor AI agent and SMS delivery performance and ensure quality of service
• To improve our Services through analysis, machine learning, and product development
• To respond to user inquiries and provide customer support
• To ensure compliance with healthcare regulations, TCPA, and SMS messaging standards
• To communicate with you regarding service updates, billing, and support

SMS TEXT MESSAGING AND DATA SHARING

LegitimaCRITICAL DISCLOSURE REGARDING SMS OPT-IN DATA:te Interests

We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages.

All of the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties for purposes unrelated to delivering SMS services to you.

SMS Service Providers

We use third-party SMS platform providers and telecommunications carriers to deliver text messages to you. These service providers have access to your mobile phone number and SMS opt-in status solely for the purpose of delivering text messages on our behalf. These providers are contractually obligated to maintain the confidentiality and security of your information and are prohibited from using it for any other purpose.

SMS Consent is Separate

Your consent to receive SMS text messages is separate and independent from your consent to receive emails or phone calls. Opting in to SMS communications does not mean you have consented to receive emails or phone calls, and vice versa. Each communication channel requires separate consent.

SMS Program Details

When you opt-in to receive SMS text messages from your healthcare provider through NextDimension AI, you can expect:

• Message frequency may vary based on your appointments and healthcare needs
• Standard message and data rates may apply according to your mobile carrier plan
• Messages may be sent using an automated dialing system
• You can opt-out at any time by replying STOP to any message
• You can get help by replying HELP to any message
• Consent to receive SMS messages is not a condition of receiving medical care

SMS Security Notice

SMS text messages are not encrypted and may contain Protected Health Information (PHI). By opting in to receive SMS communications, you acknowledge and accept the inherent security risks of text messaging, including the possibility that messages could be intercepted, viewed by others who have access to your device, or sent to the wrong number if your contact information is not current. We recommend using a password or biometric lock on your mobile device to protect your privacy.

STORAGE OF INFORMATION

We take reasonable precautions, as well as physical, technical, and organizational measures in accordance with industry standards, to protect your information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. The Services are maintained in the United States of America and all servers, which store your information, are secured and located in the United States of America.Computer safeguards, such as firewalls, data encryption, multi-factor authentication, and access controls are used to protect your information. We authorize access to your information only for those employees, contractors, or agents who require it to fulfill their job responsibilities, and these individuals are required to treat this information as confidential.However, the security of information transmitted via the Internet or SMS cannot be completely guaranteed. Unauthorized entry or use, hardware or software failures, and other factors may compromise the security of your information. Users are solely responsible for protecting their passwords, limiting access to their computers and mobile devices, and signing out of their accounts after their sessions.Your information will be retained for as long as your account is active or as needed to provide you with the Services, having regard to the purposes described in this Privacy Policy and legal and regulatory requirements, including HIPAA retention requirements. SMS opt-in records will be maintained for compliance purposes as required by law.

HIPAA COMPLIANCE

NextDimension AI functions as a Business Associate under HIPAA. We enter into Business Associate Agreements (BAAs) with all Covered Entities and comply with all applicable HIPAA Privacy Rule, Security Rule, and Breach Notification Rule requirements.We will at all times use appropriate safeguards and comply with HIPAA Security Rule requirements to prevent use or disclosure of PHI other than as permitted by our BAA or required by law. We implement comprehensive administrative, physical, and technical safeguards including:

• Encryption of PHI in transit and at rest
• Role-based access controls and authentication mechanisms
• Comprehensive audit logging and monitoring of all PHI access and SMS communications
• Regular security risk assessments
• Workforce training on HIPAA requirements and SMS compliance
• Incident response and breach notification procedures

INFORMATION SHARING AND DISCLOSURE

We do not sell, rent, or trade your personal information or PHI. We may share information in the following limited circumstances:

With Medical Practices

We share information with the medical practices we serve as necessary to provide our Services and fulfill our contractual obligations. When patients opt-in to receive SMS messages, that opt-in data is shared with the medical practice that requested the service.

SMS Service Providers

We share your mobile phone number and SMS opt-in consent status with our SMS platform providers and telecommunications carriers solely for the purpose of delivering text messages to you. As stated above, we will not share your SMS opt-in data with third parties for purposes unrelated to providing SMS services to you.

Other Service Providers

We may engage other third-party service providers who assist in operating our platform (excluding SMS opt-in data), provided they agree to maintain confidentiality and comply with HIPAA requirements through appropriate Business Associate Agreements.

Legal Requirements

We may disclose information when required by law, court order, or government regulation, or when necessary to protect the rights, property, or safety of NextDimension AI, our clients, their patients, or others, in compliance with HIPAA requirements.

Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business, we may transfer your information to the successor entity, subject to appropriate data protection and HIPAA compliance measures.

AI AND MACHINE LEARNING

Our platform uses artificial intelligence and machine learning technologies to provide automated workflows and intelligent decision support. We implement multiple safeguards to protect patient information and ensure responsible AI use:

• Human-in-the-loop escalation for high-risk or sensitive situations
• Regular algorithm auditing and bias testing
• Transparent decision-making processes with audit trails
• Compliance with healthcare AI regulations and ethical guidelines
• We do not use PHI or SMS opt-in data to train general AI models without explicit authorization under a BAA

YOUR RIGHTS AND CHOICES

Depending on your location and applicable laws, you may have certain rights regarding your information:

• Access to your personal information
• Correction of inaccurate information
• Deletion of information in certain circumstances
• Data portability
• Opt-out of certain data processing activities
• Withdrawal of consent where processing is based on consent
• Opt-out of SMS text messages at any time by replying STOP


For PHI-related requests, please contact your healthcare provider directly, as they are the Covered Entity responsible for PHI under HIPAA. For SMS opt-out, reply STOP to any text message. For other privacy inquiries, contact us using the information below. We will not discriminate against you for exercising your privacy rights.

COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to track activity on our Services and hold certain information. Cookies are files with small amounts of data that may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.


We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience with our Services.

CHILDREN'S PRIVACY

Our Services are not directed to individuals under the age of 18. While we may process information about minor patients as part of our services to medical practices under appropriate HIPAA authorizations, we do not knowingly collect personal information directly from children without parental consent. If you believe we have collected information from a child under 18, please contact us immediately.

INTERNATIONAL DATA TRANSFERS

Our Services are operated from the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. By using our Services, you consent to the transfer of information to the United States, which may have data protection laws that differ from those in your country.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date at the top of this Privacy Policy. We may also provide notice through email or SMS text message. Your continued use of our Services after such changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.