Legal

Privacy Policy

Last updated: April 16, 2026

1. Introduction

Annalis AI (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our platform and services.

2. Information We Collect

Account information: Name, email address, professional credentials, and firm affiliation provided during registration.

Case materials: Medical records, case documents, and related materials uploaded to the platform for analysis.

Usage data: Information about how you interact with the Service, including pages visited, features used, and session duration.

Communications: Messages sent through the platform between attorneys and expert witnesses.

Payment information: Billing details processed through our payment provider (Stripe). We do not store credit card numbers on our servers.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Service
  • Process and analyze uploaded medical records
  • Match attorneys with appropriate expert witnesses
  • Process payments and manage billing
  • Communicate with you about the Service
  • Ensure the security and integrity of the platform
  • Comply with legal obligations

4. Protected Health Information (PHI)

We handle PHI in compliance with the Health Insurance Portability and Accountability Act (HIPAA). Specific protections include:

  • Automatic redaction of patient identifiers (SSN, MRN, DOB, phone, email) before AI processing
  • Encryption of all PHI in transit (TLS 1.2+) and at rest (AES-256)
  • Zero data retention on AI processing — records are not retained after analysis
  • Access controls limiting visibility to authorized parties only
  • Business Associate Agreements (BAA) available for covered entities

5. Information Sharing

We do not sell your personal information. We may share information only in the following circumstances:

  • Expert witness sharing: When you explicitly share a case with an expert, they receive access to the case materials and AI analysis you authorize.
  • Service providers: We use third-party services (hosting, authentication, payment processing) that process data on our behalf under contractual obligations.
  • Legal requirements: We may disclose information if required by law, subpoena, or court order.

6. AI and Data Processing

Medical records uploaded to the platform are processed by our AI analysis engine. We do not use your case data to train AI models. Document text is processed in memory for analysis purposes and is not retained by the AI system after processing is complete. Analysis results are stored in your account and accessible only to you and parties you explicitly authorize.

7. Data Retention

We retain your account information and case data for as long as your account is active or as needed to provide the Service. You may delete individual documents or cases at any time. Upon account deletion, we will remove your data from active systems within 30 days. Backups may retain data for up to 90 days before automatic deletion.

8. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, access controls, audit logging, and regular security assessments. For detailed information about our security practices, see our Security page.

9. Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of marketing communications
  • Revoke shared access to your case materials at any time

To exercise these rights, contact us at privacy@annalis.ai.

10. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. Analytics, if used, are privacy-respecting and do not involve cross-site tracking.

11. Children’s Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Service. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact

For questions about this Privacy Policy or our data practices, contact us at privacy@annalis.ai.

Annalis AI
Dallas, Texas