Privacy Policy

Effective: March 1, 2026

Axeum Technologies, Inc. ("Axeum," "we," "us," or "our") respects your privacy. This Privacy Policy describes how we collect, use, store, and protect information across our websites, cloud-hosted software platforms, and connected device integrations (collectively, the "Services"). By using any of our Services, you agree to the practices described in this policy.

Scope

This policy applies to all Axeum websites, web applications, application programming interfaces (APIs), and device connectivity services operated by Axeum Technologies, Inc. Where our Services process data on behalf of a healthcare provider or covered entity, we act as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the terms of the applicable Business Associate Agreement govern the handling of Protected Health Information.

Information We Collect

Account and contact information. When you create an account, contact us, or are provisioned as a user by an authorized organization, we may collect your name, email address, organizational affiliation, and authentication credentials.

Health and clinical data. Certain Services process health-related information on behalf of healthcare providers, including physiologic measurements transmitted from connected medical devices, clinical records, and related care documentation. This data is collected and processed solely at the direction of the healthcare provider or covered entity that controls it.

Connected device data. When medical devices transmit data through our Services, we receive measurement values, device identifiers, and transmission metadata. Device data is received directly from authorized devices or authorized device software without routing through third-party intermediary platforms, preserving an unbroken chain of custody from the point of measurement.

Usage and access data. We collect standard technical information necessary for security and service operation, including IP addresses, browser type, access timestamps, and pages or features accessed. We do not use third-party tracking pixels or behavioral advertising technologies.

How We Use Information

We use the information we collect to:

• Provide, operate, and maintain our Services
• Process and store health data at the direction of authorized healthcare providers
• Generate verifiable, tamper-evident records of service delivery and data provenance
• Authenticate users and enforce access controls
• Respond to inquiries and provide support
• Comply with applicable laws and regulations
• Ensure security, detect fraud, and prevent abuse

Artificial Intelligence and Automated Processing

Certain Services use artificial intelligence to assist with clinical decision support, documentation, and data analysis. Before any health data is processed by AI systems, all direct patient identifiers are removed through an automated de-identification process. AI-generated outputs are provided as decision support for licensed healthcare professionals and do not constitute independent medical advice. We do not use patient data to train general-purpose AI models. AI processing occurs within our secured infrastructure and is not shared with AI providers in identifiable form.

Information Sharing

We do not sell, rent, or trade personal information or health data. We share information only in the following circumstances:

• With authorized healthcare providers who direct us to process data on their behalf
• With infrastructure service providers that host or support our Services, bound by confidentiality obligations and, where applicable, Business Associate Agreements
• When required by law, regulation, legal process, or enforceable government request
• To protect rights and safety, including enforcing our terms, protecting our operations, or protecting the safety of any person

We do not share health data with device manufacturers, wearable platform vendors, or any third party not directly necessary for service delivery.

Data Security

We implement administrative, technical, and physical safeguards designed to protect information consistent with industry standards and applicable regulatory requirements, including:

• Encryption of data in transit (TLS) and at rest
• Role-based access controls and single sign-on authentication
• Cryptographic integrity verification for critical records
• Append-only audit logging for data access and modification events
• Automated session management and idle timeout protections
• Infrastructure hosted within the United States by established cloud providers

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect information, we cannot guarantee absolute security.

HIPAA Compliance

Where our Services process Protected Health Information (PHI) on behalf of a covered entity or business associate, we comply with the privacy, security, and breach notification requirements of HIPAA and the HITECH Act. We enter into Business Associate Agreements with covered entities prior to processing PHI. We maintain policies, procedures, and technical safeguards aligned with the HIPAA Security Rule. Specific details regarding our HIPAA compliance posture are available upon request to authorized partners under appropriate confidentiality protections.

Connected Device and Medical Data Integrity

Our Services are designed to maintain the integrity and provenance of data received from connected medical devices. Device data is captured at the point of receipt, validated against expected parameters, and sealed into verifiable records that document the complete chain of custody. We do not alter, interpolate, or reconstruct device measurements after receipt. This approach supports regulatory compliance, billing integrity, and the evidentiary value of health data records.

Data Retention

We retain information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce agreements. Health data is retained in accordance with applicable healthcare record retention requirements and the terms of our agreements with healthcare providers. Upon termination of a service relationship, data is returned or securely destroyed in accordance with our data disposition procedures, unless retention is required by law.

Children's Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13 except as directed by an authorized healthcare provider for the purpose of clinical care. If you believe we have collected information from a child without proper authorization, please contact us immediately.

Your Rights

Depending on your jurisdiction and the nature of the data, you may have the right to access, correct, delete, or port your personal information. For health data processed on behalf of a healthcare provider, rights requests should be directed to the provider who controls the data, and we will cooperate with the provider to fulfill such requests. For all other inquiries, contact us at privacy@axeumai.com.

International Users

Our Services are operated from and hosted within the United States. If you access our Services from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated effective date. Where required by law, we will provide additional notice. Your continued use of our Services after changes constitutes acceptance of the updated policy.

Contact

Axeum Technologies, Inc.
Miami, FL
privacy@axeumai.com