AI Disclaimer: Kevin! is an AI assistant for documentation support only. It does not provide medical advice, diagnosis, or treatment. All outputs require review by licensed healthcare professionals. Learn more
Back to home
Effective: November 29, 2025

Privacy Policy

This policy explains how Rushin InTegrations LLC (“Rushin InTegrations,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with Kevin!, our AI-powered clinical documentation assistant, and related services.

Because our Services are designed for healthcare professionals and may involve Protected Health Information (PHI), we maintain safeguards consistent with HIPAA and applicable state privacy laws.

1. Information We Collect

1.1 Information You Provide

  • Account & Profile Data: Name, email, phone number, organization, specialty, NPI (if applicable), and similar details supplied when you register, join our waitlist, or configure your practice settings.
  • Communications: Content of messages you send to us, including support tickets, feedback, and feature requests.
  • Clinical Inputs (including PHI): Voice dictations, typed encounter notes, patient demographics, diagnoses, treatment plans, orders, and other clinical content you submit through Kevin.
  • Audio Recordings: When you use voice dictation features, we temporarily process audio to generate transcripts. Raw audio is deleted immediately after transcription unless you explicitly opt in to extended storage.
  • Patient-Submitted Images (PHI): Clinical images submitted via MMS by patients at their healthcare provider's request, such as wound photos, skin condition images, insurance cards, and intake documents.
  • Payment Information: Billing address and payment method details (processed securely through third-party payment processors).

1.2 Information Collected Automatically

  • Device & Usage Data: IP address, device identifiers, browser type, operating system, app version, pages viewed, referring URLs, session duration, and timestamps.
  • Diagnostic & Analytics Data: Crash logs, performance metrics, feature usage patterns, and interaction events. This data is collected in a manner that does not include PHI.
  • Audit Logs: Records of who accessed what data and when, maintained for security monitoring and HIPAA compliance.
  • Location Data: General geographic location derived from IP address (not precise GPS location).

1.3 Information from Third Parties

When you enable integrations (e.g., EHR systems, practice management software, calendar services) we receive the limited profile, token, or clinical data required to provide the integrated functionality. Each integration requires your explicit consent.

2. How We Use Information

2.1 Core Service Delivery

  • AI-Powered Documentation: Process your voice dictations and clinical inputs through our AI models to generate encounter notes, orders, and patient education materials.
  • Personalization: Learn your documentation preferences, templates, and specialty-specific terminology to improve accuracy over time.
  • Integration Fulfillment: Transmit generated documentation to connected EHR systems or other platforms you authorize.

2.2 Operations & Improvement

  • Deliver waitlist confirmations, product updates, SMS/text notifications, and transactional notices.
  • Analyze de-identified, aggregated usage metrics to improve features, reliability, and AI accuracy.
  • Detect, investigate, and prevent security incidents, fraud, or misuse.
  • Maintain audit trails for HIPAA compliance and quality assurance.

3. AI Processing & Model Training

3.1 How Kevin Processes Your Data

Kevin! uses artificial intelligence, including large language models (LLMs), to transcribe dictations, structure clinical notes, generate orders, and create patient-friendly summaries. Your clinical inputs are processed in real-time to deliver these features.

3.2 Your Data Is Not Used to Train AI Models

We do not use your PHI or clinical inputs to train, fine-tune, or improve general-purpose AI models. Your data is used solely to provide Services to you. Any model improvements are developed using fully de-identified, aggregated data sets or synthetic data that cannot be traced back to individual patients or providers.

3.3 Third-Party AI Services

We may use third-party AI infrastructure providers (subprocessors) to power certain features. All subprocessors are contractually bound to:

  • Process data only as instructed by us for service delivery
  • Not use your data for their own model training
  • Maintain security standards equivalent to our own
  • Enter into Business Associate Agreements where required
  • Delete data upon termination of services

3.4 Audio Recording Retention

When you use voice dictation features, audio is processed in real-time to generate transcripts. Raw audio recordings are deleted immediately after transcription and are not retained unless you explicitly opt in to extended storage.

4. How We Share Information

We do not sell your personal information or PHI. We share data only in the following circumstances:

  • Service Providers & Subprocessors: Cloud hosting, AI infrastructure, analytics, logging, support, SMS/messaging, and email vendors operating under written data-processing agreements.
  • Your Authorized Integrations: EHR systems, practice management platforms, or other services you connect. Data flows only as you configure.
  • Professional Advisors: Auditors, attorneys, or insurers when necessary to protect our business, subject to confidentiality obligations.
  • Legal or Safety Requirements: When required by law, subpoena, or court order, or when disclosure is necessary to prevent imminent harm.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred subject to the same privacy protections.

5. Mobile Information & SMS/MMS Messaging

NO MOBILE INFORMATION WILL BE SHARED WITH THIRD PARTIES OR AFFILIATES FOR MARKETING OR PROMOTIONAL PURPOSES.

5.1 SMS/MMS Message Consent

When you provide your phone number and consent to receive SMS/MMS messages:

  • We use your number only to send messages you have consented to receive
  • Message frequency varies based on your account activity and care coordination needs
  • Standard message and data rates may apply
  • Consent is not required to receive medical care or use our services

5.2 Healthcare Provider Messages

Healthcare providers using Kevin! may receive:

  • Account alerts, security notifications, and verification codes
  • Patient messages for care coordination (prescription requests, appointment scheduling, clinical questions)
  • Product updates, training materials, and feature guides with images (MMS)
  • Billing and subscription notices

5.3 Patient Messages & Two-Way Communication

Patients of enrolled healthcare providers may send and receive messages for care coordination:

  • Prescription refill requests and confirmations — Request medication refills and receive notification when prescriptions are sent to pharmacy
  • Appointment scheduling and reminders — Schedule, confirm, or reschedule appointments via text
  • Clinical follow-up communications — Receive post-visit instructions and ask follow-up questions
  • Lab result notifications — Get notified when results are available
  • Pre-visit and post-procedure care instructions

All patient-provider messages may contain Protected Health Information (PHI) and are encrypted using TLS 1.2+ in transit and AES-256 at rest. This messaging is not intended for medical emergencies.

5.4 Patient Image Submissions (MMS)

Patients may submit clinical images via MMS when requested by their healthcare provider:

  • Explicit patient consent is required before any image submission
  • Images are treated as Protected Health Information (PHI)
  • Images are encrypted using TLS 1.2+ in transit and AES-256 at rest
  • Image types include: wound photos, skin conditions, post-surgical sites, insurance cards, and intake documents

5.5 Patient Opt-In

Patients opt in to SMS/MMS messaging through their healthcare provider, including:

  • Signing a consent form at their provider's office
  • Opting in through the provider's patient portal
  • Responding YES to an opt-in confirmation message

5.6 Opt-Out

You may opt out of SMS/MMS messages at any time by:

  • Replying STOP to any message
  • Contacting support@rushin.ai
  • Updating preferences in your account settings or notifying your healthcare provider

Opting out of messages does not affect your ability to receive medical care from your healthcare provider.

5.7 No Sharing of Opt-In Data

Text/multimedia messaging originator opt-in data and consent information will NOT be shared with any third parties, except as required to deliver messages through our SMS/MMS provider, comply with legal requirements, or enforce our Terms of Service. Patient mobile information is used solely for care coordination with their enrolled healthcare provider.

6. HIPAA Compliance & Business Associate Agreements

6.1 Our Role Under HIPAA

When healthcare providers (Covered Entities) use Kevin! to process PHI, Rushin InTegrations acts as a Business Associate under HIPAA. We implement administrative, physical, and technical safeguards required by the HIPAA Security Rule.

6.2 Business Associate Agreements

Before you transmit PHI through the Services, we require a signed Business Associate Agreement (BAA) that defines our respective responsibilities for protecting patient information. To request a BAA, contact legal@rushin.ai.

6.3 Minimum Necessary Standard

We access and use only the minimum PHI necessary to provide the Services you request. Our workforce members receive HIPAA training and are bound by confidentiality obligations.

6.4 Subcontractors

All subcontractors and service providers who may access PHI are required to enter into BAAs with Rushin InTegrations, implement appropriate security safeguards, and report any security incidents promptly.

7. Data Security

Technical Safeguards

  • TLS 1.2+ encryption in transit
  • AES-256 encryption at rest
  • Role-based access controls
  • Multi-factor authentication
  • Continuous monitoring & intrusion detection
  • Regular vulnerability scanning

Administrative Safeguards

  • Designated Privacy & Security Officers
  • Workforce HIPAA training
  • Documented security policies
  • Incident response procedures
  • Regular risk assessments
  • Vendor security assessments

8. Breach Notification

In the event of a breach of unsecured PHI, we will:

  • Conduct a prompt investigation to determine the nature and scope of the breach
  • Notify affected Covered Entities without unreasonable delay and no later than 60 days after discovery
  • Provide information necessary for you to fulfill your breach notification obligations
  • Cooperate with investigations and remediation efforts
  • Document the breach and our response for at least six years
  • Implement measures to prevent similar breaches in the future

9. Data Retention

Clinical Data & PHI

Retained for minimum 6 years per HIPAA requirements

Patient-Submitted Images

Minimum 6 years per HIPAA (treated as PHI)

Voice Recordings

Deleted immediately after transcription

Account Data

Retained while active + 24 months after inactivity

Diagnostic Logs

30-90 days; audit logs retained 6+ years

Billing Records

7 years for tax and accounting compliance

SMS/MMS Consent Records

6 years after last message sent or opt-out

Non-Clinical MMS Images

90 days after delivery confirmation

Upon termination of your account, you may request export of your data within 30 days. PHI is retained per HIPAA requirements and your BAA.

10. Your Rights & Choices

General Privacy Rights

Depending on your jurisdiction, you may have rights to:

  • Access, correct, or delete your personal information
  • Object to or restrict certain processing activities
  • Receive a copy of your data in a portable format
  • Opt out of marketing communications
  • Withdraw consent for processing based on consent

HIPAA Rights (For Patients)

If you are a patient whose information is processed through our Services, your HIPAA rights are exercised through your healthcare provider (the Covered Entity), not directly through Rushin InTegrations.

How to Submit Requests

Submit privacy requests to privacy@rushin.ai or through the privacy settings within the App. We will verify your identity before fulfilling requests and respond within applicable legal timeframes (typically 30-45 days).

11. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt out of “sales” of personal information
  • Right to non-discrimination for exercising privacy rights

Note: We do not “sell” personal information as defined by California law. To exercise California privacy rights, contact privacy@rushin.ai.

12. Additional Provisions

International Data Transfers

Rushin InTegrations operates in the United States. If you access the Services from another jurisdiction, your information may be transferred to, stored in, or processed in the U.S. We use approved safeguards such as Standard Contractual Clauses when required.

Children's Privacy

The Services are designed for healthcare professionals and are not directed to individuals under 18. We do not knowingly collect personal information from minors. If we learn that we have collected personal information from a child under 18, we will promptly delete that information.

Do Not Track Signals

Our Services do not currently respond to “Do Not Track” browser signals. However, you can manage tracking through your browser's cookie settings.

Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. For material updates, we will provide at least 30 days' notice before new terms take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

Contact Us

For questions, privacy requests, BAA inquiries, or concerns about this Privacy Policy:

Rushin InTegrations LLC
PO Box 1033
Van Alstyne, TX 75495-1033

General Inquiries: info@rushin.ai
Privacy Officer: privacy@rushin.ai
Legal & BAA Requests: legal@rushin.ai
Support: support@rushin.ai

Summary of Key Points

  • We do NOT sell your personal information
  • We do NOT use your data to train AI models
  • We do NOT share mobile info for marketing
  • We implement HIPAA-compliant safeguards
  • We offer BAAs for healthcare providers
  • You can opt out of SMS at any time