AI Disclaimer: Kevin! is an AI assistant for documentation support only. It does not provide medical advice, diagnosis, or treatment. All outputs require review by licensed healthcare professionals. Learn more
Back to home
Effective: November 29, 2025

Privacy Policy

This policy explains how Rushin InTegrations LLC (“Rushin InTegrations,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with Kevin!, our AI-powered clinical documentation assistant, and related services.

Because our Services are designed for healthcare professionals and may involve Protected Health Information (PHI), we maintain safeguards consistent with HIPAA and applicable state privacy laws.

1. Information We Collect

1.1 Information You Provide

  • Account & Profile Data: Name, email, phone number, organization, specialty, NPI (if applicable), and similar details supplied when you register, join our waitlist, or configure your practice settings.
  • Communications: Content of messages you send to us, including support tickets, feedback, and feature requests.
  • Clinical Inputs (including PHI): Voice dictations, typed encounter notes, patient demographics, diagnoses, treatment plans, orders, and other clinical content you submit through Kevin.
  • Audio Recordings: When you use voice dictation features, we temporarily process audio to generate transcripts. Raw audio is deleted immediately after transcription unless you explicitly opt in to extended storage.

1.2 Information Collected Automatically

  • Device & Usage Data: IP address, device identifiers, browser type, operating system, app version, pages viewed, referring URLs, session duration, and timestamps.
  • Diagnostic & Analytics Data: Crash logs, performance metrics, feature usage patterns, and interaction events. This data is collected in a manner that does not include PHI.
  • Audit Logs: Records of who accessed what data and when, maintained for security monitoring and HIPAA compliance.

1.3 Information from Third Parties

When you enable integrations (e.g., EHR systems, practice management software, calendar services) we receive the limited profile, token, or clinical data required to provide the integrated functionality. Each integration requires your explicit consent.

2. How We Use Information

2.1 Core Service Delivery

  • AI-Powered Documentation: Process your voice dictations and clinical inputs through our AI models to generate encounter notes, orders, and patient education materials.
  • Personalization: Learn your documentation preferences, templates, and specialty-specific terminology to improve accuracy over time.
  • Integration Fulfillment: Transmit generated documentation to connected EHR systems or other platforms you authorize.

2.2 Operations & Improvement

  • Deliver waitlist confirmations, product updates, SMS/text notifications, and transactional notices.
  • Analyze de-identified, aggregated usage metrics to improve features, reliability, and AI accuracy.
  • Detect, investigate, and prevent security incidents, fraud, or misuse.
  • Maintain audit trails for HIPAA compliance and quality assurance.

3. AI Processing & Model Training

3.1 How Kevin Processes Your Data

Kevin! uses artificial intelligence, including large language models (LLMs), to transcribe dictations, structure clinical notes, generate orders, and create patient-friendly summaries. Your clinical inputs are processed in real-time to deliver these features.

3.2 Your Data Is Not Used to Train AI Models

We do not use your PHI or clinical inputs to train, fine-tune, or improve general-purpose AI models. Your data is used solely to provide Services to you. Any model improvements are developed using fully de-identified, aggregated data sets or synthetic data that cannot be traced back to individual patients or providers.

3.3 Third-Party AI Services

We may use third-party AI infrastructure providers (subprocessors) to power certain features. All subprocessors are contractually bound to:

  • Process data only as instructed by us for service delivery
  • Not use your data for their own model training
  • Maintain security standards equivalent to our own
  • Enter into Business Associate Agreements where required

4. How We Share Information

We do not sell your personal information or PHI. We share data only in the following circumstances:

  • Service Providers & Subprocessors: Cloud hosting, AI infrastructure, analytics, logging, support, SMS/messaging, and email vendors operating under written data-processing agreements.
  • Your Authorized Integrations: EHR systems, practice management platforms, or other services you connect. Data flows only as you configure.
  • Professional Advisors: Auditors, attorneys, or insurers when necessary to protect our business, subject to confidentiality obligations.
  • Legal or Safety Requirements: When required by law, subpoena, or court order, or when disclosure is necessary to prevent imminent harm.

Mobile Information & Text Messaging

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties.

5. HIPAA Compliance & Business Associate Agreements

5.1 Our Role Under HIPAA

When healthcare providers (Covered Entities) use Kevin! to process PHI, Rushin InTegrations acts as a Business Associate under HIPAA. We implement administrative, physical, and technical safeguards required by the HIPAA Security Rule.

5.2 Business Associate Agreements

Before you transmit PHI through the Services, we require a signed Business Associate Agreement (BAA) that defines our respective responsibilities for protecting patient information. To request a BAA, contact kevin@rushin.ai.

5.3 Minimum Necessary Standard

We access and use only the minimum PHI necessary to provide the Services you request. Our workforce members receive HIPAA training and are bound by confidentiality obligations.

6. Data Security

Technical Safeguards

  • TLS 1.2+ encryption in transit
  • AES-256 encryption at rest
  • Role-based access controls
  • Multi-factor authentication
  • Continuous monitoring & intrusion detection

Administrative Safeguards

  • Designated Privacy & Security Officers
  • Workforce HIPAA training
  • Documented security policies
  • Incident response procedures
  • Regular risk assessments

7. Breach Notification

In the event of a breach of unsecured PHI, we will:

  • Notify affected Covered Entities without unreasonable delay and no later than 60 days after discovery
  • Provide information necessary for you to fulfill your breach notification obligations
  • Cooperate with investigations and remediation efforts
  • Document the breach and our response for at least six years

8. Data Retention

Clinical Data & PHI

Retained for minimum 6 years per HIPAA requirements

Voice Recordings

Deleted immediately after transcription

Account Data

Retained while active + 24 months after inactivity

Diagnostic Logs

30-90 days; audit logs retained 6+ years

9. Your Rights & Choices

General Privacy Rights

Depending on your jurisdiction, you may have rights to:

  • Access, correct, or delete your personal information
  • Object to or restrict certain processing activities
  • Receive a copy of your data in a portable format
  • Opt out of marketing communications

How to Submit Requests

Submit privacy requests to kevin@rushin.ai or through the privacy settings within the App. We will verify your identity before fulfilling requests and respond within applicable legal timeframes.

10. Additional Provisions

International Data Transfers

Rushin InTegrations operates in the United States. If you access the Services from another jurisdiction, your information may be transferred to, stored in, or processed in the U.S. We use approved safeguards such as Standard Contractual Clauses when required.

Children's Privacy

The Services are designed for healthcare professionals and are not directed to individuals under 18. We do not knowingly collect personal information from minors.

Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. For material updates, we will provide at least 30 days' notice before new terms take effect.

Contact Us

For questions, privacy requests, BAA inquiries, or concerns about this Privacy Policy:

Rushin InTegrations LLC
Attn: Privacy & Security Office
4459 Chapman St.
The Colony, TX 75056 USA

Email: kevin@rushin.ai