Privacy Policy

1. Introduction

ABAIQ ("the Service") is an AI-powered documentation assistant for Applied Behavior Analysis (ABA) professionals. The Service is operated by Hybreu Digital LLC (DBA ABAIQ), a Florida limited liability company ("we", "us", or "our"). This Privacy Policy explains how we collect, use, store, and protect your information when you use ABAIQ.

2. Information We Collect

When you use ABAIQ, we collect the following types of information:

• Account information: Name, email address, phone number, and license type (e.g., RBT, BCBA) provided during registration.
• Session inputs: Clinical session details you provide or that the extension reads from your screen to generate notes, including behavior descriptions, interventions, place of service, and session duration. ABAIQ reads only data that is already visible to you on your screen.
• Usage metadata: Features used, number of notes generated, timestamps, and the website domain (URL) where the autocomplete or note generation feature is activated. This domain information is collected solely for internal analytics and platform compatibility statistics. We do not store the content of generated notes on our servers.
• Payment information: Billing details are processed securely through our third-party payment provider. We never store, access, or see your full credit card number.
• Terms acceptance records: When you create an account, we automatically record the timestamp of your acceptance, the version of the Terms of Service accepted, your IP address, device information (user agent), platform, and language preference. These records serve as evidence of your agreement and are retained for legal and compliance purposes.
• Communications data: If you contact us or interact with us through WhatsApp, SMS, support email, in-app feedback, cancellation surveys, or a call-back request, we store the content of those messages together with your phone number or email address, in order to provide support and improve the Service.
• Shipping information: If you choose to take part in an optional promotion (such as a merchandise giveaway), we collect the postal address and contact details you submit so we can fulfill it.

3. How the Chrome Extension Works

Transparency about how the ABAIQ extension operates is important to us:

• The extension reads clinical session data that is already visible to you on your screen within any web-based practice management system you use.
• It only accesses information that you, the authenticated user, can already see in your browser window.
• The extension does not access internal APIs, databases, backend systems, or servers of any third-party platform.
• The extension does not intercept network traffic, access data from other users, or read information from other browser tabs.
• Its functionality is comparable to accessibility tools or spell-checkers that read visible on-screen content to assist the user.

4. Local Browser Storage (Cache)

The ABAIQ extension stores certain data locally in your browser to improve your experience:

• What is stored: Per-client preferences such as behavior functions, training objectives, and additional clinical details you have entered; your authentication token; and your language preference.
• Purpose: To pre-fill recurring data fields for the same client in future sessions, saving you time and reducing repetitive data entry.
• Where it is stored: Locally on your device within Chrome's extension storage. This data is not synced to the cloud, not transmitted to our servers, and not accessible to other extensions or websites.
• How to clear it: You can clear this data at any time through the extension settings or by uninstalling the extension from your browser.

5. AI Processing and Clinical Data

This section is especially important for ABA professionals handling sensitive clinical information:

• Session inputs are sent to our AI providers solely for the purpose of generating clinical note drafts. We maintain Business Associate Agreements (BAAs) with our AI providers, and our backend is hosted on Amazon Web Services (AWS) HIPAA-eligible infrastructure under a BAA.
• Data is processed in real-time via secure streaming under a Zero Data Retention configuration and is not permanently retained by our AI providers.
• Our AI providers do not use your clinical data to train, improve, or develop AI models.
• We do not sell, share, license, or use your clinical data for advertising, marketing, or any purpose other than generating your requested notes.
• ABAIQ does not control what information you choose to input. You are responsible for not including direct patient identifiers (full names, dates of birth, Social Security numbers) in session inputs.

6. What We Do NOT Store

We want to be clear about what data we do not retain:

• Generated notes are NOT stored on ABAIQ servers or in our database. Notes exist only in your browser's memory during your active session.
• Once you close the extension sidebar or export a note to your practice management system, no copy of that note remains in our systems.
• We store only usage metadata: the number of notes generated and timestamps for billing and analytics purposes. The content of your notes is never recorded.
• We do not store full credit card numbers, bank account details, or other sensitive financial data.

7. Data Storage and Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS/SSL.
• Account data is stored on secure infrastructure hosted by SOC 2 certified providers.
• Multi-factor authentication (SMS) is available, and is required at web login for accounts created on or after March 25, 2026.
• Authentication tokens have defined expiration periods.
• Access to production data is restricted to authorized personnel only.
• We conduct regular security reviews and follow industry best practices.

8. HIPAA Compliance

ABAIQ is designed with healthcare data sensitivity at its core:

• We implement administrative, technical, and physical safeguards consistent with HIPAA requirements.
• We maintain Business Associate Agreements with our AI providers and with Amazon Web Services (AWS), which hosts our backend on HIPAA-eligible infrastructure, to ensure compliant handling of session data.
• We make a Business Associate Agreement (BAA) available under which ABAIQ acts as your business associate. You can review and accept it at abaiq.ai/baa.html (and from your account dashboard). Only users who accept the BAA are covered by it; accepting it is your responsibility if you process PHI through the Service.
• ABAIQ is a documentation assistance tool and does not serve as an electronic health record (EHR) or medical record system.
• You are responsible for ensuring your use of ABAIQ complies with HIPAA and applicable state regulations.
• We strongly recommend that you do not include direct patient identifiers (full names, dates of birth, Social Security numbers) in session inputs.
• Questions about your BAA or HIPAA compliance? Contact us at support@abaiq.ai.

9. Third-Party Services

We use the following categories of third-party services to operate ABAIQ:

• Cloud infrastructure (Amazon Web Services): Our backend is hosted on AWS HIPAA-eligible infrastructure under a Business Associate Addendum.
• Authentication and database infrastructure: For secure user authentication, account storage, and backend services. This provider stores account, usage, and billing data only — no patient PHI — so a Business Associate Agreement is not required.
• Payment processing: For subscription billing and payment handling. We never store your full credit card information. No PHI is shared with our payment processor.
• AI providers: For real-time clinical note generation. BAAs are in place with these providers under a Zero Data Retention configuration, and session data is not retained or used for model training.
• SMS verification: For multi-factor authentication delivery. No PHI is transmitted.

Each of these providers maintains their own privacy policies, security certifications, and compliance standards.

10. Third-Party Platform Integrations

ABAIQ operates as an independent browser-based tool:

• ABAIQ is not affiliated with, endorsed by, or sponsored by any third-party practice management system or platform.
• The extension reads data that is already visible on your screen and can write user-approved content (such as generated notes) back into form fields at your direction. It does not access the backend systems, APIs, databases, or internal infrastructure of any third-party platform.
• ABAIQ does not store, copy, or redistribute any proprietary data belonging to third-party platforms. It processes visible on-screen data solely to generate notes for your personal professional use.
• All third-party trademarks, trade names, and logos referenced within the Service are the property of their respective owners.

11. Data Retention

We retain your data as follows:

• Account data: Retained while your account is active. Following a verified account deletion request, we delete your account data within 30 days, except for records we are required to retain by law (such as payment and tax records).
• Generated notes: Not retained. Notes exist only in your browser's memory during the active session.
• Local browser cache: Persists on your device until you clear it manually or uninstall the extension.
• Payment records: Retained as required by applicable financial and tax regulations.
• Usage logs: Retained for up to 12 months for service improvement and billing verification.

12. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and all associated data.
• Export your account information.
• Opt out of non-essential communications.

To exercise any of these rights, contact us at support@abaiq.ai. We will respond to requests within 30 days.

13. Data Breach Notification

In the event of a data breach that affects your personal information:

• We will notify affected users within 72 hours of confirming the breach.
• We will notify applicable regulatory authorities as required by law.
• Notification will include a description of the breach, the types of data affected, and steps we are taking to address it.

14. Children's Privacy

ABAIQ is designed exclusively for licensed ABA professionals and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will promptly delete it.

15. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Florida, United States, without regard to its conflict of law provisions. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Florida.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify registered users of material changes via email at least 15 days before they take effect. The "Effective Date" at the top of this page indicates the most recent revision.

17. Related Policies

For additional information about how we handle your data and the terms governing the Service, please review:

• Terms of Service — Usage terms, professional responsibility, and liability limitations
• Security & Development Practices — Technical safeguards, HIPAA compliance posture, and data architecture
• Business Associate Agreement (BAA) — Our HIPAA business associate obligations to you, available to review and accept (you are covered once you accept it)

18. Contact Us

For questions or concerns about this Privacy Policy or our data practices, please contact us:

Hybreu Digital LLC (DBA ABAIQ)
Email: support@abaiq.ai