AI Regent Inc. (dba “Doc Talk”) - Privacy Policy

Last Updated: 10.7.2025

1. Who We Are and Scope

This Privacy Policy explains how AI Regent Inc. (dba “Doc Talk,” “we,” “us,” “our”) collects, uses, discloses, and protects information when you:

  • Visit or use our websites, applications, products, and services (collectively, the “Services”)
  • Communicate with us (e.g., email, phone, SMS, in-app messaging)
  • Interact with features used by healthcare organizations (“Providers”) and their staff and patients.

We primarily serve U.S. users. If you are a patient using our Services at the direction of your Provider, your Provider’s HIPAA Notice of Privacy Practices governs how your Protected Health Information (PHI) is used and disclosed by the Provider. Our handling of PHI as a Business Associate is governed by our Business Associate Agreement (BAA) with the Provider. This Privacy Policy supplements (but does not replace) the BAA for PHI processing. If there is a conflict:

  • PHI: the BAA and your Provider's HIPAA Notice control.
  • Non-PHI consumer data (e.g., website analytics, marketing): this Privacy Policy controls.

2. Roles Under Privacy Laws (Controller/Processor; Covered Entity/Business Associate)

  • For Provider PHI processed to deliver Provider-directed Services (telehealth, AI-assisted documentation, secure messaging, scheduling, billing tools), we act as a Business Associate under HIPAA/HITECH and as a processor/service provider under applicable state privacy laws.
  • For our own business operations (e.g., website analytics, product telemetry, marketing, security, fraud prevention, compliance), we act as an independent business/controller.

3. Information We Collect

3.A Information You Provide

  • Account & Profile: name, credentials, NPI/DEA (if applicable), specialty, organization, role, contact info.
  • Professional Verification: licenses, affiliations, documents you upload.
  • Communications: messages, call/text metadata, telehealth session information, support tickets.
  • Transactional: subscription selections, billing details (processed by our payment partners).
  • Patient/Encounter Data (Provider-directed): clinical notes, transcripts, attachments, scheduling, demographics, insurance info, coding/RCM artifacts — may constitute PHI.

3.B Information Collected Automatically

  • Device/Usage: IP address, device identifiers, app/browser type, pages visited, timestamps, diagnostics, crash logs, performance metrics.
  • Cookies/Similar Tech: pixels, SDKs, local storage for session continuity, authentication, preferences, analytics. See Cookies & Tracking below.

3.C Information From Third Parties

  • Integrations (Provider-authorized): EHR/PM/RCM systems, telephony/SMS vendors, identity verification, authentication tools.
  • Partners/Vendors: analytics, fraud prevention, payment processors, support platforms.
  • Public/Professional Sources: NPI registry, licensing boards, public websites.

4. How We Use Information

4.A Provider-Directed (as BA/Processor)

  • Deliver, maintain, and support clinical/operational workflows (telehealth, secure messaging, documentation, coding, scheduling, billing).
  • AI-assisted features (draft notes, summaries, coding suggestions, suggested orders/templates) under Provider direction.
  • Security, audit logs, fraud/abuse prevention, quality assurance, availability, incident response.
  • Compliance with law, regulatory reporting as permitted by the BAA/HIPAA.

4.B Our Own Business (as Controller/Business)

  • Operate websites/apps; authenticate and secure accounts; debug and improve performance.
  • Analyze usage to improve features, safety, and usability.
  • Provide customer support and training.
  • Send service and transactional emails/SMS; with consent or as allowed by law, send product updates and marketing.
  • Comply with legal obligations, enforce Terms, protect rights, safety, and integrity.

4.C. AI & Model Improvement

  • PHI: Used only as permitted by the BAA and HIPAA, and not to train public models.
  • Non-PHI/De-identified data: We may use de-identified and/or aggregated data to develop, test, and improve algorithms and features.
  • You may request to opt out of using your non-PHI content for model improvement where legally required or offered ([email: ollie@doctok.co]).

We do not use automated decision-making to make medical diagnoses or treatment decisions. AI outputs are assistive and require human review.

5. When We Disclose Information

We disclose information consistent with HIPAA, our BAA, and applicable law:

  • At the Provider's Direction: to Provider staff, systems, and authorized third parties (e.g., EHR, RCM, telephony, labs) necessary to deliver the Services.
  • Vendors/Service Providers: cloud hosting, security, analytics, customer support, payment processing, communications; bound by contractual confidentiality and (when applicable) BAAs or DPAs.
  • Legal/Safety: to comply with law, court orders, government requests; to protect users, patients, our Services, or the public from harm or fraud.
  • Corporate Transactions: in mergers, acquisitions, financing, or sale of assets, subject to continued protections.
  • De-identified/Aggregated: analytics and research that does not identify individuals.

We do not “sell” PHI. We do not sell or share PHI for targeted advertising. For non-PHI personal information, see State Privacy Disclosures.

6. Cookies & Tracking Technologies

We use cookies, pixels, and SDKs to:

  • Keep you signed in and secure sessions;
  • Remember preferences;
  • Measure product performance and improve features;
  • Provide limited, privacy-respectful marketing analytics.

You can manage cookies via your browser/app settings. Some features may not work if you disable essential cookies. We honor Global Privacy Control (GPC) signals where legally required (e.g., California).

7. Data Retention

  • PHI (Provider-directed): Retained per Provider instructions, BAA, law, or as necessary to provide Services, maintain audit/security logs, and meet legal obligations.
  • Non-PHI: Retained for as long as needed for the purposes described, then deleted or de-identified under NIST-aligned methods.
  • We maintain documented retention schedules and secure deletion protocols.

8. Security

We employ industry-standard safeguards, including encryption in transit and at rest, strict access controls, role-based permissions, audit logging, vulnerability management, and incident response. No system is 100% secure; please safeguard your credentials and notify us promptly of suspected unauthorized access.

9. Children's Privacy

The Services are not directed to children under 13 and we do not knowingly collect their personal information without verifiable parental consent or Provider authorization consistent with law. If you believe a child provided information to us, contact ollie@doctok.co.

10. Your Choices & Rights

Email, SMS, Calls

  • Transactional messages (account/security/operational) are required for service.
  • You can opt out of marketing emails by using unsubscribe links or emailing ollie@doctok.co.
  • For SMS, reply STOP to opt out; reply HELP for help. Message/data rates may apply. See TCPA section in our Terms.

Access, Correction, Deletion (Non-PHI) Depending on your state, you may request:

  • Access/portability of your personal information;
  • Correction of inaccuracies;
  • Deletion (subject to legal/operational exceptions);
  • Opt-out of certain processing (targeted ads, “sale”/“share,” profiling for significant decisions).

Submit requests via:

  • Email: ollie@doctok.co

We will verify your identity and respond within statutory timeframes. Agents must provide authorization and we may require user verification.

PHI Requests

For medical records, corrections, or restrictions relating to PHI, please contact your Provider directly. We process PHI as a Business Associate and cannot fulfill PHI requests without Provider direction.

11. State Privacy Disclosures (U.S.)

California (CPRA/“CCPA”)

  • We do not “sell” or “share” PHI.
  • For non-PHI personal information, we do not sell personal information for money. We may “share” limited personal information for cross-context behavioral advertising when you use our marketing sites/apps, subject to your right to opt-out.
  • Use the “Do Not Sell or Share My Personal Information” link in the footer or submit a request as described above.
  • We do not use or disclose Sensitive Personal Information for purposes requiring a Right to Limit under CPRA, other than to provide requested Services or as permitted by law.
  • We honor GPC signals for opt-out.

We provide the following CPRA categories disclosure for the past 12 months (non-PHI context):

Category Examples Collected Disclosed for Business Purposes Sold/Shared
Identifiers Name, email, IP Yes Vendors; security; analytics No sale, possible share for ads (opt-out available)
Customer Records Account details Yes Hosting/support No
Internet/Network Device IDs, usage Yes Analytics/security Possible share (opt-out)
Geolocation (coarse) Approximate Limited Security/fraud No
Professional/Employment Role, org Yes Verification No
Inferences Product preferences Limited Product improvement No
Sensitive PI Login, auth Yes Security/auth No "sale/share"

Colorado, Connecticut, Virginia, Utah

You may have rights to access, correct, delete, obtain copies, and opt out of targeted advertising, sale, or profiling for significant decisions. Use the request methods above. If we deny your request, you may appeal by emailing ollie@doctok.co with subject “Privacy Appeal.”

Nevada

We do not sell covered information; Nevada residents may still email ollie@doctok.co to record an opt-out preference.

12. International Users

Our Services and data systems are primarily located in the United States. If you access the Services from outside the U.S., you understand your information may be transferred to, stored, and processed in the U.S., where laws may differ from those in your jurisdiction. If we later intentionally market to the EEA/UK/Switzerland, we will appoint an EU/UK representative (as applicable) and implement appropriate transfer mechanisms (e.g., SCCs).

13. Third-Party Links & Services

Third-party services linked or integrated with the Services (e.g., EHRs, cloud telephony, payments, analytics) are governed by their own privacy policies and terms. We are not responsible for their practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new Effective Date and, where required, provide additional notice. Your continued use of the Services after changes are posted constitutes acceptance.

15. Contact Us

  • Privacy Requests / Questions: ollie@doctok.co
  • Security / Incident Reports: ollie@doctok.co
  • Postal: AI Regent Inc. (Doc Talk)

16. HIPAA Notice & Complaints (PHI)

For PHI handled on behalf of your Provider, please contact your Provider for their HIPAA Notice and to exercise HIPAA rights. You may also submit a complaint to the U.S. Department of Health & Human Services, Office for Civil Rights without fear of retaliation.

FAQ

Frequently asked questions

Everything you need to know about our medical billing solution

How do you handle data privacy and security?

We maintain full compliance with HIPAA and other security regulations, ensuring that all patient data is handled and stored securely. Our platform employs state-of-the-art encryption and robust access controls to protect sensitive information. Additionally, we conduct regular security audits and updates to safeguard against potential threats.

How is your approach different from traditional telehealth platforms?

In contrast to traditional telehealth platforms that center around one-time urgent care visits, our service offers physician-led, message-based support, allowing for continuous, asynchronous communication to address any clinical questions.

How does DocTalk ensure HIPAA compliance?

We take security and compliance seriously. DocTalk is fully HIPAA compliant with end-to-end encryption, secure user authentication, comprehensive audit logs, and regular security assessments. We sign Business Associate Agreements (BAAs) with all our clients.

What kind of support does DocTalk Billing provide?

We offer full customer support via phone, email, and chat. All clients receive access to our comprehensive knowledge base, video tutorials, and regular webinars.