Privacy Policy

# Kinesi Ai Privacy Policy

Last revised on: April 27, 2026

This Privacy Policy explains how eRx.ai, Inc. (“eRx.ai,” “Company,” “we,” “us,” or “our”) collects, uses, discloses, protects, and otherwise processes information in connection with Kinesi Ai and any related websites, applications, software, plug-ins, features, tools, documentation, support services, and other services that we make available to you (collectively, the “Services”).

Kinesi Ai is operated by eRx.ai, Inc. References to “Kinesi Ai,” “Company,” “we,” “us,” or “our” mean eRx.ai, Inc. and the Services offered under the Kinesi Ai name. We may update this Privacy Policy if our legal, corporate, or brand structure changes.

This Privacy Policy is incorporated into and forms part of our Terms and Conditions. By accessing or using the Services, you acknowledge this Privacy Policy.

If you are using the Services on behalf of an organization, practice, clinic, company, or other entity, this Privacy Policy applies to information processed through that organization’s account. Your organization may have additional privacy obligations to its patients, clients, workforce members, customers, or other individuals.

1. Scope of This Privacy Policy

This Privacy Policy applies to information we collect or process when you:

- visit our websites or online properties;

- create or use an account;

- use, access, test, purchase, subscribe to, or interact with the Services;

- submit, upload, record, import, transcribe, process, edit, generate, export, or otherwise use audio, text, documents, files, prompts, templates, notes, data, or other content through the Services;

- communicate with us by email, chat, web form, phone, social media, support request, demo request, or other method;

- interact with our marketing, educational content, advertisements, surveys, or events.

This Privacy Policy does not apply to third-party websites, products, applications, integrations, payment processors, EHRs, analytics providers, AI providers, or other services that we do not control. Those third parties may have their own privacy policies and terms.

2. Healthcare, HIPAA, and PHI

The Services may be used in healthcare-related workflows. Depending on your use of the Services, information submitted to the Services may include protected health information (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended (“HIPAA”), or similar state health privacy laws.

If you are a covered entity, business associate, healthcare provider, healthcare organization, health plan, healthcare clearinghouse, or other regulated healthcare entity, you are responsible for determining whether your use of the Services involves PHI and whether a Business Associate Agreement (“BAA”) is required.

You may not submit PHI to the Services unless a BAA with eRx.ai, Inc. is in effect, if a BAA is required by law or by our policies. If a BAA applies, the BAA governs our permitted uses and disclosures of PHI. If there is a conflict between this Privacy Policy and a signed BAA regarding PHI, the BAA controls with respect to PHI.

You are responsible for obtaining all required patient, client, employee, contractor, organizational, and third-party consents, authorizations, notices, approvals, and legal bases before submitting information to the Services, including any required consent to record, transcribe, summarize, document, or otherwise process a session, encounter, meeting, conversation, or other interaction.

This Privacy Policy is not intended to replace any Notice of Privacy Practices that a covered entity or healthcare provider is required to provide to patients under HIPAA or applicable state law.

Except as expressly agreed in a signed BAA or other written agreement, eRx.ai, Inc. does not assume obligations that apply specifically to your role as a healthcare provider, covered entity, payer, employer, professional, record custodian, or regulated organization.

3. Information We Collect

We may collect the following categories of information:

Account and Contact Information

We may collect information such as your name, email address, phone number, organization name, role, practice name, mailing address, billing address, login credentials, account settings, user permissions, and other information you provide when creating or managing an account.

Professional and Organizational Information

We may collect information used to configure, verify, or personalize the Services, including provider name, credentials, license information, National Provider Identifier (“NPI”), group practice NPI, practice address, business email, business phone, business fax, EIN, logo, provider photo, organization information, specialty, practice type, and similar professional or business information.

User Content

We may process information you submit, upload, record, import, transcribe, process, edit, generate, export, or otherwise use through the Services, including audio, transcripts, notes, prompts, templates, documents, files, reports, summaries, comments, edits, metadata, and other materials (“User Content”).

Depending on your use of the Services, User Content may include personal information, sensitive information, PHI, clinical information, behavioral health information, session content, patient or client identifiers, provider information, administrative information, or other regulated data.

Outputs

The Services may generate drafts, notes, summaries, documentation, reports, transcripts, templates, or other AI-assisted content based on your inputs (“Outputs”). We may process Outputs to provide, maintain, secure, support, and improve the Services, subject to applicable law and any written agreement between you and us.

Payment and Billing Information

If you purchase or subscribe to paid Services, we may collect billing information such as plan type, subscription status, billing contact, payment status, invoice history, transaction records, and limited payment details. Payment card information may be processed by third-party payment processors such as Stripe. We generally do not store full payment card numbers.

Usage and Device Information

We may collect information about how you access and use the Services, including log data, IP address, device identifiers, browser type, operating system, referring pages, pages viewed, features used, actions taken, timestamps, session information, error logs, crash reports, performance data, authentication events, audit logs, and security-related information.

Communications

We may collect information you provide when you contact us, request support, request a demo, submit feedback, respond to surveys, participate in user research, communicate through social media, or otherwise interact with us.

Cookies and Similar Technologies

We may use cookies, pixels, local storage, software development kits, analytics tools, and similar technologies to operate the Services, remember preferences, authenticate users, improve performance, analyze usage, secure the Services, and support marketing or educational outreach.

4. How We Use Information

We may use information for the following purposes:

- to provide, operate, maintain, secure, troubleshoot, and support the Services;

- to create, manage, authenticate, and administer accounts;

- to process User Content and generate Outputs;

- to configure templates, reports, headers, documentation fields, administrative settings, and other features;

- to verify eligibility, credentials, organizational affiliation, or authorized use;

- to process subscriptions, invoices, payments, renewals, taxes, and billing communications;

- to provide customer support, respond to inquiries, and communicate with you;

- to send service-related, security-related, legal, administrative, billing, and account notices;

- to personalize and improve the Services;

- to develop new features, products, workflows, models, templates, and functionality;

- to monitor usage, performance, reliability, and security;

- to detect, prevent, investigate, and respond to fraud, abuse, security incidents, unlawful activity, policy violations, or misuse of the Services;

- to comply with legal, regulatory, contractual, professional, accounting, tax, and reporting obligations;

- to enforce our Terms and Conditions, agreements, rights, and policies;

- to send marketing, educational, survey, product update, and promotional communications where permitted by law;

- to conduct analytics, research, and business operations.

If a BAA, data processing agreement, order form, or other written agreement applies, our use of information covered by that agreement will be limited by that agreement.

5. AI Processing and Service Improvement

The Services may use artificial intelligence, machine learning, natural language processing, speech recognition, transcription, summarization, automation, or other computational techniques to process User Content and generate Outputs.

Outputs may contain errors, omissions, inaccuracies, hallucinations, formatting issues, or incomplete information. You are responsible for reviewing, verifying, correcting, approving, exporting, and retaining Outputs before using them for patient care, clinical documentation, billing, coding, legal, compliance, administrative, or other professional purposes.

We may use de-identified, aggregated, or anonymized information to analyze, maintain, secure, improve, and develop the Services, provided such use is permitted by applicable law and any written agreement between you and us.

We do not use PHI to train generalized AI models. If any use of PHI for service improvement, quality assurance, model-related processing, or similar purposes is ever proposed, it will occur only as permitted by a signed BAA, applicable law, and any applicable written agreement between you and us.

6. How We Disclose Information

We may disclose information in the following circumstances:

Service Providers

We may disclose information to vendors, contractors, subprocessors, and service providers that help us provide, operate, secure, support, analyze, bill for, or improve the Services. These may include cloud hosting providers, database providers, transcription providers, AI infrastructure providers, analytics providers, payment processors, customer support tools, email providers, security tools, and professional service providers.

Integrations and Third-Party Services

If you choose to connect or use integrations with third-party systems, such as EHRs, storage services, communication tools, analytics tools, identity providers, or other platforms, we may disclose information as needed to enable the integration or as directed by you or your organization.

Third-party services are not controlled by us and may process information under their own terms and privacy policies.

Your Organization or Account Administrator

If you use the Services through an organization, practice, employer, clinic, company, or other entity, information associated with your account may be accessible to that organization and its authorized administrators. Administrators may be able to manage accounts, access usage data, configure settings, view or export content, and enforce organizational policies.

Legal and Compliance

We may disclose information if we believe disclosure is necessary or appropriate to comply with law, regulation, subpoena, court order, legal process, governmental request, professional obligation, contractual obligation, or similar requirement.

Safety, Security, and Enforcement

We may disclose information if we believe it is necessary or appropriate to protect the rights, privacy, safety, security, property, or operations of eRx.ai, Inc., Kinesi Ai, our users, patients, clients, service providers, business partners, or others; to detect or prevent fraud, abuse, security incidents, or unlawful activity; or to enforce our Terms and Conditions or other agreements.

Business Transactions

We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, diligence process, corporate transaction, or transfer of part or all of our business.

With Your Direction or Consent

We may disclose information when you or your organization direct us to do so, authorize us to do so, or consent to the disclosure.

De-Identified or Aggregated Information

We may disclose de-identified, aggregated, or anonymized information that does not reasonably identify you or another individual, subject to applicable law and any written agreement.

7. Data Retention

We retain information for as long as reasonably necessary to provide the Services, maintain accounts, comply with legal and contractual obligations, resolve disputes, enforce agreements, maintain security, prevent fraud or abuse, support business operations, and fulfill the purposes described in this Privacy Policy.

Retention periods may vary depending on the type of information, your account settings, your organization’s configuration, applicable law, our legal obligations, and any written agreement between you and us.

The Services are not intended to serve as an EHR, medical record system, legal record system, billing system of record, or long-term record retention system unless expressly agreed in writing. You are responsible for exporting, saving, maintaining, and retaining records in your own compliant systems.

After termination or expiration of your account or subscription, we may delete or de-identify information according to our retention practices, applicable law, and any written agreement.

8. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, and destruction. These safeguards may include access controls, authentication, encryption, logging, monitoring, vendor controls, and security procedures.

No method of transmission, storage, or processing is completely secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials, using appropriate devices and networks, configuring your account securely, limiting access to authorized users, and notifying us promptly of suspected unauthorized access or security incidents.

9. Your Choices

Depending on your relationship with us, your account settings, your organization’s configuration, and applicable law, you may have choices regarding:

- accessing, correcting, updating, or deleting certain account information;

- exporting certain User Content or Outputs;

- closing your account;

- changing communication preferences;

- opting out of marketing emails;

- managing cookies through browser settings;

- requesting information about certain data practices.

You may opt out of marketing emails by following the unsubscribe instructions in those emails. Even if you opt out of marketing communications, we may still send transactional, legal, security, billing, and service-related communications.

If you use the Services through an organization, requests related to information controlled by that organization may need to be directed to the organization. For example, if your healthcare provider, employer, clinic, or practice uses the Services, that organization may be responsible for responding to certain privacy requests.

10. State Privacy Rights

Depending on where you live and how you interact with us, you may have rights under state privacy laws, such as rights to access, correct, delete, obtain a copy of, or opt out of certain processing of personal information.

To submit a privacy request, contact us at allison@erx.ai. We may need to verify your identity and authority before responding. If your information is controlled by an organization that uses the Services, we may direct you to that organization or process your request according to our agreement with that organization.

We do not sell personal information in the traditional sense of exchanging it for money. We also do not knowingly sell or share personal information of children under 18. Certain analytics, advertising, or tracking technologies may be considered “sharing” or “targeted advertising” under some state privacy laws. Where required, we will provide mechanisms to opt out of such practices.

We will not discriminate against you for exercising privacy rights, although some features may not be available if certain information is deleted or restricted.

11. Children’s Privacy

The Services are directed to adults and professional users. We do not knowingly collect personal information directly from children under 18.

If you believe a child under 18 has provided personal information to us directly, please contact us at allison@erx.ai so we can take appropriate action.

If a healthcare organization, provider, parent, guardian, or other authorized user submits information involving a minor through the Services, that organization or user is responsible for ensuring it has the required legal authority, consent, authorization, and compliance basis to do so.

12. International Users

The Services are intended primarily for use in the United States. If you access or use the Services from outside the United States, your information may be processed and stored in the United States or other jurisdictions where we or our service providers operate.

Those jurisdictions may not provide the same level of privacy protection as your country of residence. By using the Services, you understand that your information may be transferred to and processed in the United States and other jurisdictions.

You are responsible for determining whether your use of the Services complies with laws that apply to you outside the United States.

13. Cookies and Analytics

We may use cookies and similar technologies for:

- essential site and service functionality;

- authentication and session management;

- remembering preferences;

- security and fraud prevention;

- usage analytics and performance monitoring;

- product improvement;

- marketing, attribution, or educational outreach, where permitted by law.

You may be able to control cookies through your browser settings. If you disable cookies, some features of the Services may not function properly.

We may use analytics tools to understand how users interact with our websites and Services. These tools may collect usage data, device data, pages viewed, referral information, and similar information.

14. Third-Party Links and Services

The Services may include links to or integrations with third-party websites, products, services, applications, EHRs, payment processors, analytics tools, AI providers, storage providers, or other platforms.

We are not responsible for the privacy, security, content, accuracy, practices, or policies of third-party services. Your interactions with third-party services are governed by the third party’s terms and privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will post the updated Privacy Policy and revise the “Last revised” date.

If we make material changes, we may provide additional notice by email, account notice, website notice, or other reasonable means. Your continued use of the Services after the updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy.

16. Contact Us

If you have questions, comments, requests, or concerns about this Privacy Policy or our privacy practices, please contact us at:

eRx.ai, Inc.  

412 S. Second Street  

St. Charles, IL 60174  

Email: allison@erx.ai

© 2026 eRx.ai, Inc. All rights reserved. Kinesi Ai is a product, service line, branch, or brand operated by eRx.ai, Inc.