CareBot — Privacy Policy
Effective Date: March 1, 2026
Last Updated: February 24, 2026
This Privacy Policy ("Policy") describes how TimeAI LLC d/b/a EnsanAI LLC, a Delaware limited liability company ("EnsanAI," "Company," "we," "us," or "our"), collects, uses, stores, shares, and protects information in connection with the CareBot platform and all related services (collectively, the "Service").
This Policy applies to two categories of individuals:
- Clients: Healthcare clinics and practices that subscribe to the Service, including their Authorized Users (administrators, doctors, nurses, and receptionists).
- Patients: Individuals who interact with the Service through communication channels operated on behalf of a Client clinic.
By using the Service, Clients agree to this Policy on behalf of themselves and their Authorized Users. Clients are responsible for ensuring that their patients are informed of this Policy in accordance with applicable law.
1. Information We Collect
1.1 Patient Information
When patients interact with the Service on behalf of a Client clinic, we may collect the following categories of information:
Personal Identification Data:
- Full name
- Phone number
- Date of birth
- Email address
- Gender
Health-Related Data:
- Symptoms and chief complaints
- Known allergies
- Current medications
- Medical and dental history
Clinical Session Data:
- Audio recordings of clinical sessions (when the Doctor's Assistant feature is in use)
- Transcriptions generated from recorded sessions
Communication Data:
- The content of messages exchanged between patients and the Service through Supported Channels (WhatsApp and web chat). Note: message content is processed in real time to deliver the Service but is not stored in persistent logs by EnsanAI.
1.2 Client and Authorized User Information
When clinics subscribe to and use the Service, we collect:
- Clinic legal name, address, and contact details
- Authorized User names, email addresses, and assigned roles
- Billing and payment information (processed by Stripe)
- Service configuration and preference settings
- Usage and calorie consumption data
1.3 Information We Do Not Collect
We do not collect:
- National identification or government-issued ID numbers through the Service
- Insurance or financial information from patients
- IP addresses, browser fingerprints, or device identifiers
- Location or geolocation data
- Cookies, analytics, or tracking data on any interface
- WhatsApp profile names or profile photos (phone number only)
2. How We Use Information
2.1 Patient Information
We process Patient Information solely on behalf of the Client clinic for the following purposes:
- Delivering the Service: Processing patient inquiries, scheduling appointments, completing registrations, conducting pre-visit intake, and managing emergency escalation.
- Clinical Support: Recording sessions, generating transcriptions, and producing clinical notes for review by the Client's licensed healthcare professionals.
- Personalization: Maintaining session-level context to enable coherent, personalized interactions within a single conversation. We do not currently maintain long-term patient memory across sessions, though this capability is under development and will be disclosed in an updated version of this Policy before activation.
- AI Processing: Transmitting anonymized, PII-stripped message content to third-party AI model providers for natural language processing. See Section 4 for details.
2.2 Client and Authorized User Information
We use Client information for:
- Account provisioning, authentication, and access management
- Billing, invoicing, and payment processing
- Usage metering and calorie tracking
- Service configuration and delivery
- Technical support and communication
- Service improvement through aggregated, de-identified usage analytics
2.3 Purposes We Do Not Pursue
We do not:
- Sell, rent, or trade personal information to third parties
- Use Patient Information for advertising, marketing, or profiling by EnsanAI
- Use Patient Information to train AI models
- Make automated decisions that produce legal or similarly significant effects on patients without human oversight
3. Data Storage and Security
3.1 Infrastructure
All data is hosted on Google Cloud Platform (GCP), in the Middle East region. GCP provides the following default protections:
- Encryption in transit: All data transmitted between services, and between users and the Service, is protected using TLS (Transport Layer Security).
- Encryption at rest: All data stored on GCP infrastructure, including Cloud SQL (PostgreSQL) databases and Cloud Storage, is encrypted at rest using Google-managed encryption keys (AES-256) by default.
We are actively implementing additional application-level encryption and customer-managed encryption keys (CMEK) to provide enhanced data protection beyond GCP defaults.
3.2 Multi-Tenant Isolation
The Service employs a multi-tenant architecture with strict logical data isolation between Client clinics. Each Client's data is segregated at the database level. No Client or their Authorized Users can access another Client's data.
3.3 Access Controls
EnsanAI employees do not access Patient Information directly. Our systems are designed so that Patient Information is processed programmatically by the Service without requiring human review. Client access to data within the Service is governed by role-based access controls as described in the Terms of Use.
3.4 Data Retention
| Data Category | Retention Period |
|---|---|
| Patient registration data | Duration of Client subscription + 30 days |
| Health-related data (symptoms, allergies, medications, history) | Duration of Client subscription + 30 days |
| Audio recordings (Doctor's Assistant) | 14 days from date of recording |
| Session transcriptions | 14 days from date of recording |
| Conversation message content | Not stored persistently |
| Client account and billing data | Duration of subscription + 12 months for legal and tax compliance |
| Usage and calorie consumption data | Duration of subscription + 12 months |
Upon termination of a Client's subscription, the Client has thirty (30) days to export their data. After this period, data is deleted in accordance with the above schedule, except where longer retention is required by applicable law.
3.5 Data Breach Response
In the event of a security incident involving unauthorized access to, disclosure of, or loss of personal information, EnsanAI will:
- Investigate and contain the incident promptly.
- Notify affected Client(s) within seventy-two (72) hours of becoming aware of the breach, with details of the nature of the breach, the categories of data affected, and recommended mitigation steps.
- Notify relevant regulatory authorities as required by applicable law.
- Cooperate with affected Clients in fulfilling their own breach notification obligations to patients and authorities.
4. Data Sharing and Sub-Processors
4.1 Sub-Processors
We engage the following third-party sub-processors to deliver the Service:
| Sub-Processor | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform (GCP) | Infrastructure, database hosting, cloud storage, audio storage | All data (protected by GCP default encryption) |
| Anthropic | AI language model processing | Anonymized, PII-stripped message content only |
| OpenAI | AI language model processing | Anonymized, PII-stripped message content only |
| Meta (WhatsApp Business API) | Patient communication channel | Patient phone numbers and message content |
| Stripe | Payment processing | Client billing information only; no Patient Information |
All sub-processors are bound by data processing agreements that impose confidentiality, security, and data protection obligations no less protective than those in this Policy. We will notify Clients of material changes to this sub-processor list with reasonable advance notice.
4.2 PII Stripping for AI Processing
Before transmitting any patient message to third-party AI model providers (Anthropic and OpenAI), the Service strips personally identifiable information from the content. This means that AI providers process anonymized conversational content and do not receive patient names, phone numbers, dates of birth, email addresses, or other direct identifiers.
4.3 Other Disclosures
We may disclose information in the following limited circumstances:
- Legal Compliance: When required by law, regulation, legal process, or enforceable governmental request.
- Protection of Rights: To enforce our Terms of Use, protect the safety of any person, or protect EnsanAI's legal rights.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, in which case the acquiring entity will be bound by the terms of this Policy.
We do not proactively share data with government or regulatory bodies. Disclosure occurs only when legally compelled.
5. AI Disclosure and Transparency
5.1 AI-Powered Interactions
The Service uses artificial intelligence to communicate with patients. Clients are required to ensure that patients are informed that they are interacting with an AI system, not a human. EnsanAI recommends that Clients implement an introductory disclosure at the beginning of each patient conversation (e.g., "You are now chatting with CareBot, an AI assistant for [Clinic Name].").
5.2 Clinical Decision-Support
Where the Service generates clinical outputs — including session notes, diagnostic suggestions, or prescription recommendations — these are provided solely as decision-support tools. They are not independent medical judgments. All clinical outputs must be reviewed and approved by a licensed healthcare professional before any action is taken.
5.3 AI Limitations
AI systems may occasionally produce inaccurate, incomplete, or unexpected outputs. EnsanAI does not guarantee the accuracy of any AI-generated content. Clients are responsible for supervising the Service's interactions with their patients and reviewing AI outputs.
6. Patient Rights
6.1 Exercising Rights
Because EnsanAI processes Patient Information on behalf of Client clinics, patients should direct all data-related requests to their clinic. The Client clinic is the data controller responsible for responding to patient requests. EnsanAI will cooperate with Clients in fulfilling such requests.
6.2 Available Rights
Depending on applicable law, patients may have the following rights in relation to their personal information:
- Access: The right to request a copy of the personal information held about them.
- Correction: The right to request correction of inaccurate or incomplete personal information.
- Deletion: The right to request deletion of their personal information, subject to legal retention requirements.
- Restriction: The right to request restriction of processing in certain circumstances.
- Objection: The right to object to certain types of processing.
- Portability: The right to receive personal information in a structured, commonly used format.
6.3 Response Timeframe
Client clinics, supported by EnsanAI, will respond to verified patient requests within thirty (30) days. If a request is complex or voluminous, the response period may be extended by an additional thirty (30) days with notice to the patient.
7. Applicable Data Protection Frameworks
7.1 HIPAA (United States)
The Service is designed to support compliance with the Health Insurance Portability and Accountability Act. Where applicable, EnsanAI will execute a Business Associate Agreement (BAA) with the Client clinic governing the handling of Protected Health Information (PHI).
7.2 Egypt Personal Data Protection Law No. 151 of 2020
For clinics operating in Egypt, EnsanAI complies with the provisions of Egypt's PDPL regarding lawful basis for processing, data subject consent, data minimization, and cross-border data transfer requirements.
7.3 Regional MENA Data Protection Laws
For clinics operating in the UAE, Saudi Arabia, or other MENA jurisdictions, EnsanAI will comply with applicable local data protection requirements, including the UAE's Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and Saudi Arabia's Personal Data Protection Law.
7.4 Cross-Border Data Transfers
Patient Information is stored and processed in the GCP Middle East region. Where data is transmitted to sub-processors located outside the region (e.g., AI model providers), such transfers are protected by contractual safeguards, including standard data processing agreements, and PII is stripped before transmission as described in Section 4.2.
8. Children's Privacy
The Service is intended for use by and on behalf of adult patients only. CareBot is not designed to collect or process personal information from individuals under the age of eighteen (18). If you become aware that a minor's information has been processed through the Service, please contact the Client clinic or EnsanAI immediately so that appropriate steps can be taken to delete such information.
9. Changes to This Policy
EnsanAI may update this Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will notify Clients of material changes by posting an updated Policy on the Client Dashboard and providing at least thirty (30) days' advance notice via email. The "Last Updated" date at the top of this Policy indicates when it was most recently revised. Continued use of the Service after the effective date of changes constitutes acceptance.
10. Contact
For questions or concerns regarding this Privacy Policy or our data practices, please contact:
TimeAI LLC d/b/a EnsanAI LLC
Email: privacy@ensanai.com
Support: support@ensanai.com
For patient data requests, please contact your healthcare provider (the Client clinic) directly.
By proceeding with onboarding, you confirm that you have read and understood this Privacy Policy.