Canary Doctor LLC (“DisabilityProAI,” “we,” “our”) provides an AI-enabled document-summarization platform used by licensed attorneys and their staff. We act as a service provider to law-firm customers and are not a “business” under the California Consumer Privacy Act (CCPA) nor a “covered entity” under HIPAA.
This Policy explains how we collect, use, protect, and disclose personal information about account holders (attorneys and staff). If you are a claimant whose medical records are processed, please contact your attorney for any privacy requests.
1. Scope & Eligibility
- This Policy covers the website https://disabilityproai.com and related sub-domains (the “Service”).
- Age 18+ only: The Service is intended exclusively for adults. We do not permit individuals under 18 to create accounts or submit information directly.
2. What We Collect
| Category | Examples | Purpose | Retention |
|---|---|---|---|
| Account details | Name, work e-mail, firm name, bar ID | Create & secure account | Life of account + 30 d |
| Auth & usage data | OAuth tokens, IP, logs, device info | Security, debugging, analytics | 2 yrs |
| Billing | Sent directly to Stripe | Payment processing | Stripe policy |
| User Content | Medical records you upload; AI summaries | Provide the Service | Auto-deleted after 30 days |
PHI notice: We are not a HIPAA “covered entity,” but we treat all medical records as highly sensitive and apply the safeguards described in §7.
3. How & Why We Use Information
- Operate, deliver, and improve the Service
- Authenticate users, prevent fraud, ensure security
- Communicate essential account or product updates (opt-out of marketing at any time)
- Comply with applicable laws and defend legal claims
Legal bases for EEA/UK visitors: contract performance, legitimate interests, and your consent for marketing e-mails.
4. Sharing & Disclosure
| Type | Recipient(s) | Safeguard |
|---|---|---|
| Cloud hosting & AI | Vercel (hosting), Supabase (database), Google Cloud / Vertex AI (OCR & LLM) | SOC 2, encryption, DPAs |
| Payments | Stripe | PCI-DSS compliance |
| Analytics | Google Analytics (IP truncated) | Privacy-focused config |
| Legal / safety | Courts, regulators, or law enforcement when legally required | Only as mandated |
We do not sell personal information or use your data to train independent AI models.
5. International Transfers
Data is stored on U.S. servers. By using the Service from another jurisdiction you consent to the transfer, storage, and processing of your data in the United States.
6. Your Rights & Choices
| Right | How to exercise |
|---|---|
| Access / Deletion / Correction | Use the Data Management tab in your dashboard or e-mail privacy@disabilityproai.com |
| Opt-out of marketing | Click “unsubscribe” in any non-transactional e-mail |
| Global Privacy Control | We honour the Sec-GPC: 1 header and will mark your account as “do-not-share” |
| ERASURE / GDPR rights | Contact us to object, restrict, or request portability |
Claimant whose records are processed: Please contact your attorney, who can delete the entire matter via the portal; we cannot identify your data without their help.
7. Security Measures
8. Data Retention Schedule
| Data Set | Retention | Disposal |
|---|---|---|
| Raw uploads (PDF/images) | Auto-deleted 30 days after upload | GCS lifecycle + scheduled cleanup |
| AI summaries & reports | Auto-deleted 30 days after case creation | Scheduled cleanup + hard delete |
| Account & billing | Account life + 30 days | Anonymization |
| Auth & usage logs | 2 years | Purged quarterly |
| Incident & audit logs | 2 years | Cold storage erase |
We may retain information longer if required by law, court order, or to defend legal claims.
9. Cookies & Analytics
We use first-party cookies and Google Analytics to understand site usage. Disabling cookies may reduce analytics accuracy but will not break core functionality.
10. AI Transparency
Uploaded documents are processed with Google’s Gemini (via Vertex AI) for OCR and language-model analysis. Files are not used by Google to train its models; they are sent to Google’s Vertex AI endpoint for on-demand processing only. Reports are automatically deleted 30 days after case creation. AI summaries are drafts; attorneys retain responsibility for human review.
11. Accessibility
We aim for WCAG 2.1 AA conformance. Contact accessibility@disabilityproai.com with feedback; we respond within two business days.
12. Children (Under 18)
The Service is not directed to, and must not be used by, anyone under 18 years old. We do not knowingly collect personal information from minors. If you believe a minor has provided us information, contact privacy@disabilityproai.com so we can delete it.
13. Changes to This Policy
We will post any material changes here and e-mail account holders at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.
14. Contact Us
Privacy & Security Officer
Alex Mohseni
Canary Doctor LLC
350c Fortune Terrace #227, Potomac, MD 20854
privacy@disabilityproai.com