Privacy Policy

FormRx.ai, operated by Aether Practice Solutions Inc., handles Protected Health Information (PHI) in compliance with HIPAA and the HITECH Act. We implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI. A Business Associate Agreement (BAA) is included with every subscription.

Account Information: Name, email address, NPI number, specialty, practice name, and contact information provided during registration.

Billing Information: Payment is processed by Stripe. We never store credit card numbers. Stripe handles PCI compliance independently.

Clinical Documents: PDFs uploaded for processing — clinic notes, imaging reports, lab results, disability forms, and other clinical records. These constitute PHI and are handled accordingly.

Usage Data: Pages processed, features used, login times, and job completion metrics. No PHI is included in usage data.

• To provide the Service (form filling, chart summarization, letter generation, fax services)
• To send transactional emails (form ready notifications, review links, delivery confirmations)
• To process billing through Stripe
• To improve service accuracy and reliability (aggregate, de-identified metrics only)

• All PHI is encrypted at rest (AES-256) and in transit (TLS 1.2+)
• PHI is processed only within AWS services covered by our AWS BAA
• PHI is never used for marketing, advertising, or analytics
• Uploaded documents are retained for 90 days. Structured clinical data (summaries, extracted data) is retained while your subscription is active. After cancellation, all data is deleted within 30 days
• We do not sell PHI under any circumstances
• We do not share PHI except as necessary to provide the Service (e.g., faxing a completed form to the designated recipient at your direction)
• Access to PHI is logged and auditable

Clinical documents are processed by AI models (Claude via AWS Bedrock) under zero-data-retention agreements. The AI provider (Anthropic, via AWS Bedrock) does not store, train on, or retain any clinical data submitted through FormRx. All AI processing occurs within the AWS environment covered by our BAA.

• AWS (Amazon Web Services): Infrastructure, storage, and AI processing. BAA signed.
• Stripe: Payment processing. No PHI is transmitted to Stripe.
• Documo: Fax services for sending and receiving clinical documents. Separate BAA in place.
• Anthropic / AWS Bedrock: AI document processing. Zero data retention policy.

• Uploaded documents (PDFs): retained for 90 days, then automatically removed from storage. Structured data remains.
• Structured clinical data (summaries, form mappings, letter content): retained while subscription is active
• Account data: retained while subscription is active
• After cancellation: all data deleted within 30 days
• Audit logs: Retained for 7 years per HIPAA requirements

You have the right to:

• Request access to your personal data and clinical documents
• Request deletion of your account and all associated data
• Request export of your data in a standard format
• Receive an accounting of disclosures of your PHI

To exercise any of these rights, contact admin@formrx.ai.

FormRx uses minimal cookies for session management and authentication only. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

The Service is not intended for individuals under 18 years of age. We do not knowingly collect information from minors.

We may update this Privacy Policy from time to time. Users will be notified via email of material changes at least 30 days before they take effect.

For questions about this Privacy Policy or our data practices, contact us at admin@formrx.ai.

Aether Practice Solutions Inc.