Legal
Privacy Policy
Last updated: April 1, 2026
Nancy Morgan Wound Care ("we," "us," or "our") is committed to protecting the privacy and security of the information entrusted to us by our users. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our clinical intelligence platform and related services.
Healthcare Data Notice: Our platform is designed for use by healthcare professionals. We understand the sensitivity of clinical information and have built our systems with HIPAA alignment as a foundational principle. This policy should be read in conjunction with any Business Associate Agreement (BAA) executed between your organization and Nancy Morgan Wound Care.
1. Information We Collect
Account Information
When you register for an account, we collect:
- Name and professional credentials
- Email address
- Organization or practice name
- Professional role and specialty
- Billing information (processed by our payment provider)
Platform Usage Data
When you use the platform, we may collect:
- Chat queries and conversation history
- Documents you upload to the knowledge base
- Transcription session data (if you use the transcription module)
- Images you upload for annotation (if you use the imaging module)
- Usage patterns, feature access, and session duration
Technical Data
- IP address and approximate location
- Browser type and device information
- Operating system
- Access timestamps
2. How We Use Your Information
We use collected information to:
- Provide, operate, and maintain the platform
- Process and respond to your clinical queries
- Generate transcriptions and documentation from your audio input
- Analyze and annotate uploaded wound images
- Maintain your chat history and document library
- Improve platform accuracy and performance
- Communicate with you about your account and service updates
- Process payments and manage subscriptions
- Comply with legal obligations
3. Protected Health Information (PHI)
We recognize that information entered into the platform by healthcare professionals may constitute Protected Health Information under HIPAA. Our approach to PHI:
- PHI is not stored on our servers unless explicitly approved by the customer through a signed BAA
- Audio data from transcription sessions is processed locally on the device by default and is not transmitted to our servers unless the user explicitly saves the session
- Uploaded wound images are stored in encrypted, access-controlled environments when image annotation is enabled
- Chat conversations that may contain PHI are encrypted at rest and in transit
- We do not use PHI for marketing, advertising, or any purpose unrelated to providing the clinical intelligence service
4. Data Storage and Security
We implement appropriate technical and organizational measures to protect your information:
- All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
- Platform infrastructure is hosted on AWS with SOC 2 compliance
- Role-based access controls limit data access to authorized personnel
- Regular security assessments and vulnerability testing
- Audit logging for all data access and modifications
- Employee access is restricted on a need-to-know basis
5. Data Sharing and Disclosure
We do not sell your personal information or PHI. We may share information with:
- Service Providers: Third-party vendors who assist in operating the platform (cloud hosting, payment processing, transcription APIs) under contractual obligations to protect your data
- AI Processing: Queries are processed through our AI engine (powered by Anthropic's Claude) with appropriate data handling agreements in place
- Legal Requirements: When required by law, regulation, or legal process
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users
6. Data Retention
We retain your information for as long as your account is active or as needed to provide services. Specifically:
- Account information: retained while your subscription is active and for 90 days after cancellation
- Chat history: retained until you delete it or close your account
- Uploaded documents: retained until you remove them or close your account
- Transcription data: retained only if you explicitly save sessions; otherwise deleted at session end
- Image data: retained until you remove images or close your account
- Usage and technical data: retained for up to 12 months for analytics purposes
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access and receive a copy of your personal data
- Request correction of inaccurate information
- Request deletion of your personal data
- Object to or restrict certain processing activities
- Data portability -- receive your data in a structured format
- Withdraw consent where processing is based on consent
To exercise these rights, contact us at privacy@nancymorganwoundcare.com.
8. Cookies and Tracking
We use essential cookies to maintain your session and authentication state. We do not use third-party advertising cookies or cross-site tracking technologies. Analytics cookies, if used, are first-party only and do not track you across other websites.
9. Children's Privacy
Our platform is designed for use by healthcare professionals and is not directed at individuals under 18 years of age. We do not knowingly collect information from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the platform. Your continued use of the platform after such notice constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
Nancy Morgan Wound Care
Email: privacy@nancymorganwoundcare.com
If you are an organization that requires a Business Associate Agreement (BAA) or has specific compliance requirements, please contact us to discuss your needs before using the platform with PHI.