Certuma LinkPrivacy Policy
Last updated: March 28, 2026
Your trust matters more than convenience. This policy explains what data we collect when you use Certuma Link, how we use it, and the choices you have. We do not sell personal data, ever.
1 · What we collect
Account information, name, email, medical credentials (NPI, license number) and your practice details.
Clinical conversations, messages between patients and your AI assistant, the AI's drafts, your reviews and replies. These are protected health information (PHI).
Operational metadata, timestamps, device info, IP address, and approximate location used for security, fraud prevention and product analytics.
2 · How we use it
We use clinical content only to operate the service, routing messages to your AI assistant, generating drafts for your review, and surfacing case activity to you. We do not train external AI models on patient PHI. We use de-identified, aggregated metrics to improve the product itself.
3 · Your rights
You can request export or deletion of your data at any time by writing to privacy@certuma.test or via Settings → Privacy. Patients can request the same with respect to their own records.
4 · Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to clinical content is limited to: (a) the doctor associated with the Certuma Link, and (b) our security team for incident response, under contractual obligations and audited access. We sign Business Associate Agreements with all relevant subprocessors.
5 · Retention
Clinical content is retained for as long as your practice requires for continuity of care, plus the minimum period required by applicable law (typically 7-10 years). You may delete individual cases or your entire account; deletion is final after a 30-day grace period.
6 · Subprocessors
We use a small set of trusted subprocessors: AWS (hosting · us-east-1), Stripe (payments), and a HIPAA-eligible LLM provider (clinical drafts). Each has a current BAA on file.
7 · Cookies
We use essential cookies only, for authentication and security. We do not use third-party advertising cookies. No cross-site tracking. You can clear cookies any time without losing access.
8 · Children
Certuma Link is intended for use by US-licensed clinicians and the patients they care for. Minors must be onboarded by a parent or guardian who agrees to these terms on their behalf.
9 · Changes & contact
We'll notify you by email when we make material changes to this policy. For anything else, email privacy@certuma.test.