Privacy policy

Last Updated: 10/25/2025

1. Introduction

Welcome to Specode.ai ("Specode," "we," "our," or "us"). We are an AI-powered healthcare application builder that provides HIPAA-compliant components and tools to enable healthcare organizations to rapidly develop, deploy, and manage custom health applications. This privacy policy explains how we collect, use, disclose, and safeguard information when you visit our website specode.ai (the "Website"), use our platform (the "Platform"), and interact with our services.

This privacy policy applies to:

  • Healthcare organizations and developers using our Platform
  • End users of applications built with Specode
  • Visitors to our Website
  • Any other users of our services

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Website or use the Platform.

2. Information We Collect

We collect different types of information depending on how you interact with Specode:

2.1 For Platform Users (Healthcare Organizations and Developers)

Account Information:

  • Organization name and details
  • Contact person name and title
  • Business email address
  • Phone number
  • Account credentials

Platform Usage Data:

  • Components and features utilized
  • Application configurations
  • API usage and integration data
  • Development activity logs
  • Support tickets and communications
  • Training and documentation access

Technical Information:

  • IP address
  • Browser type and version
  • Operating system
  • Access times and usage patterns
  • Error logs and debugging information

2.2 For End Users of Specode-Built Applications

Important Note: Healthcare applications built on Specode may collect Protected Health Information (PHI) and other sensitive data. The collection and use of such data by these applications are governed by the privacy policies of the healthcare organizations operating those applications, not by this Specode privacy policy.

We may collect:

  • Basic usage analytics (anonymized)
  • Performance metrics
  • Error reporting data
  • Security event logs

2.3 For Website Visitors

Automatically Collected Information:

  • IP address
  • Browser information
  • Device information
  • Pages visited
  • Referring websites
  • Time spent on pages

Voluntarily Provided Information:

  • Name and contact details (via contact forms)
  • Demo request information
  • Newsletter subscriptions
  • Inquiry details

3. How We Use Your Information

3.1 Platform Operations

We use collected information to:

  • Provide and maintain the Specode Platform
  • Process registrations and manage accounts
  • Enable development of healthcare applications
  • Provide technical support and customer service
  • Monitor platform performance and security
  • Ensure HIPAA compliance across the platform
  • Process payments and maintain billing records

3.2 Platform Improvement

  • Analyze usage patterns to improve features
  • Develop new components and functionalities
  • Optimize AI-powered workflows
  • Enhance user experience and interface
  • Conduct research and development

3.3 Communication

  • Send service updates and announcements
  • Provide technical alerts and security notices
  • Respond to support requests
  • Share educational content and best practices
  • Send marketing communications (with consent)

3.4 Compliance and Security

  • Ensure platform security and prevent fraud
  • Comply with legal obligations
  • Enforce our terms of service
  • Protect the rights and safety of users
  • Maintain audit logs for HIPAA compliance

4. HIPAA Compliance and Healthcare Data

4.1 Our Role

Specode operates as a Business Associate under HIPAA when healthcare organizations use our Platform to build applications that process Protected Health Information (PHI). We maintain appropriate administrative, technical, and physical safeguards to protect PHI.

4.2 Business Associate Agreements

We enter into Business Associate Agreements (BAAs) with all healthcare organizations using our Platform for PHI processing. These agreements detail our obligations regarding PHI protection.

4.3 Security Measures

Our HIPAA-compliant infrastructure includes:

  • End-to-end encryption for data in transit and at rest
  • Role-based access controls
  • Comprehensive audit logging
  • Regular security assessments and penetration testing
  • Incident response procedures
  • Employee training on HIPAA requirements

4.4 Data Isolation

Each healthcare organization's data is logically separated and isolated within our multi-tenant architecture, ensuring data privacy and security.

5. Disclosure of Your Information

We may share information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers that help us operate our Platform, including:

  • Cloud infrastructure providers (AWS, Google Cloud, Azure)
  • Payment processors
  • Analytics services
  • Customer support tools
  • Security and compliance vendors

All service providers are required to maintain confidentiality and security of the information.

5.2 Legal Requirements

We may disclose information when required by:

  • Law enforcement requests with proper legal authority
  • Court orders or subpoenas
  • Government regulatory requirements
  • Legal proceedings or to establish/exercise legal rights

5.3 Business Transfers

In the event of merger, acquisition, or sale of assets, user information may be transferred to the successor entity, subject to the same privacy protections.

5.4 Consent-Based Sharing

We may share information with third parties when you provide explicit consent.

5.5 Anonymized Data

We may share aggregated, anonymized data that cannot identify individuals for research, marketing, or other purposes.

6. Data Retention

We retain information for as long as necessary to:

  • Provide our services
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements
  • Meet HIPAA retention requirements (minimum 6 years)

Healthcare organizations control retention periods for PHI within applications they build on our Platform.

7. Security of Your Information

We implement comprehensive security measures including:

  • Industry-standard encryption 
  • Multi-factor authentication options
  • Regular security audits and assessments
  • Secure development practices
  • Physical security at data centers
  • Employee background checks and training
  • Incident response and disaster recovery plans

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of information.

8. Your Data Protection Rights

8.1 Access and Portability

You have the right to:

  • Access your personal information
  • Receive a copy of your data in a structured format
  • Know what information we collect about you

8.2 Correction

You can request correction of inaccurate or incomplete information.

8.3 Deletion

You may request deletion of your information, subject to legal retention requirements and contractual obligations.

8.4 Restriction

You can request we restrict processing of your information in certain circumstances.

8.5 Objection

You have the right to object to certain processing activities, such as marketing communications.

To exercise these rights, contact us at [Insert Privacy Email].

9. International Data Transfers

Specode operates primarily in the United States. If you access our services from outside the US, your information may be transferred to, stored, and processed in the US or other countries. We ensure appropriate safeguards are in place for international transfers.

10. California Privacy Rights (CCPA)

This section applies to California residents:

10.1 Categories of Information Collected

Category

Examples

Collected

Identifiers

Name, email, organization name, IP address

YES

Commercial Information

Services purchased, usage history

YES

Internet Activity

Browsing behavior, platform usage

YES

Professional Information

Job title, company details

YES

Geolocation

General location from IP address

YES

Inferences

User preferences, usage patterns

YES

10.2 Your California Rights

  • Right to know what information we collect
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell personal information)
  • Right to non-discrimination

To exercise rights, contact: support@specode.ai

10.3 Do Not Sell

We do not sell personal information to third parties.

11. Children's Privacy

The Specode Platform is not intended for use by children under 18. We do not knowingly collect information from children. If we discover we've collected information from a child, we will promptly delete it.

Note: Healthcare applications built on Specode may serve pediatric populations under appropriate parental consent and healthcare provider supervision. Such use is governed by the healthcare organization's policies.

12. Third-Party Websites and Services

Our Website and Platform may contain links to third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Marketing Communications

With your consent, we may send marketing emails about:

  • New platform features and components
  • Healthcare technology insights
  • Webinars and educational content
  • Product updates and announcements

You can opt-out of marketing communications at any time via the unsubscribe link in emails or by contacting us.

14. Changes to This Privacy Policy

We may update this privacy policy periodically. We will notify you of material changes by:

  • Posting the new policy on our Website
  • Sending email notifications to registered users
  • Displaying a notice on the Platform

The "Last Updated" date reflects the most recent revisions.

15. Contact Us

For questions about this privacy policy or our privacy practices, please contact:

Specode
30 N Gould St Ste R, Sheridan, WY 82801

Email: joe@specode.aiPhone: (307) 285-9354