Privacy
Altruiix is a clinical workflow platform in pre-launch pilot with design-partner organisations. A full privacy policy — covering HIPAA, GDPR, and sector-specific clinical data handling — will be published before general availability. In the interim, this page summarises our posture.
Who we are
Altruiix Technologies. Contact: privacy@altruiix.ai
What we collect
Account information (name, email, role), service usage, and any data that authorised users of a customer organisation choose to record in the platform on behalf of the people they serve.
Where the data sits
US-hosted infrastructure on AWS (clinical data) and a managed Postgres sidecar (non-clinical metadata), with encryption in transit and at rest. UK deployment will mirror this with UK-region hosting.
Sub-processors
We use the third parties below to operate the platform. Each is bound by a written data-processing agreement (DPA) before it processes personal data; international transfers, where they occur, are covered by the EU Standard Contractual Clauses / the UK International Data Transfer Addendum incorporated into those DPAs. This list will grow as additional services are wired in; the full privacy policy (with detailed retention and legal-basis information) will be published before general availability.
| Sub-processor | Role | Data it handles | DPA | Processing region |
|---|---|---|---|---|
| Cloudflare, Inc. | Application hosting / CDN / edge compute | Account & usage data in transit; clinical data in transit (until the planned browser-direct refactor); request logs (with PHI redacted) | In force (Self-Serve Subscription Agreement — Data Processing Addendum) | Global edge network |
| Medplum (self-hosted) | Clinical records system (FHIR), run in our own AWS account | Clinical and patient-identifying data at rest | Covered by the AWS agreements (software is self-hosted) | AWS (US today; UK/EU region for UK deployment) |
| Amazon Web Services, Inc. | Cloud infrastructure (compute, database, storage, key management) and AI inference | Clinical data at rest; limited staff/operational data sent to AI inference | AWS GDPR DPA | US today; UK/EU region for UK deployment |
| Neon, Inc. | Managed Postgres for non-clinical/operational data | Account & staff data, organisation configuration, operational metadata | DPA pending (with the Business-tier upgrade, before the pilot) | US today; UK/EU region for UK deployment |
| Functional Software, Inc. (Sentry) | Application error monitoring | Error/diagnostic events (no clinical data; PHI redaction in place) | Sentry standard DPA | EU |
| Twilio Inc. | SMS / voice messaging | Will be added when this feature is wired in | — | — |
| Better Stack, s.r.o. | Uptime monitoring & log retention | Will be added when this feature is wired in | — | — |
To request the current sub-processor list or a copy of a DPA, contact privacy@altruiix.ai.
How we use it
To provide the platform to the organisation that licenses it. We do not sell data. We do not use customer clinical data to train AI models.
Your choices
Customer organisations administer access, consent, and data-subject requests on behalf of the people they serve. If you are a person served by an Altruiix customer and wish to exercise your data rights, please contact the organisation that provides you services. You may also reach us directly at privacy@altruiix.ai.
Last updated: 2026-05-12