Privacy Policy
5 Dec 2025
This Privacy Policy explains how Burna AI, Inc. ("Burna AI," "we," "us," or "our") collects, uses, and protects your information when you use our platform and services.
What This Policy Covers
This Privacy Policy applies to:
- Healthcare professionals using Burna AI's CTCAE AI platform
- Visitors to our website (burna.ai)
- Anyone interacting with our marketing or support services
Important
This policy does NOT cover patient health information that healthcare customers process through Burna AI ("Customer Data"). That information is governed by:
- Our Business Associate Agreements with healthcare providers
- Your healthcare provider's own privacy practices
- HIPAA regulations
If you're a patient: Please contact your healthcare provider about how they handle your health information.
Information We Collect
Information You Provide
- Account: Name, email, credentials, role.
- Platform Use: Audio recordings (with consent), clinical notes, CTCAE grading data.
- Website: Contact info, forms, surveys.
Information We Collect Automatically
- Platform: Login times, usage patterns, device type, IP address, errors.
- Website: Pages viewed, referring site, browser type, cookies (see Cookie Policy).
How We Use Your Information
To Provide Our Service
- Process audio recordings into clinical documentation
- Generate CTCAE grades and assessments
- Provide AI-assisted clinical decision support
- Maintain your account and preferences
- Provide customer support
To Improve Burna AI
- Analyze usage patterns to enhance features
- Fix bugs and improve performance
- Develop new capabilities
Note: We only use de-identified, aggregated data for product improvements.
To Communicate
- Send service updates and notices
- Provide technical support
- Share product updates
- Process billing
For Marketing & Legal
- Send newsletters (opt-out anytime)
- Comply with laws and regulations
- Protect rights and security
- Prevent fraud
How We Share Your Information
To Provide Our Service
Microsoft Azure
Transcription, infrastructure
BAA, HIPAA-eligible
Convex
Database
SOC 2 Type II
Cloudflare
Security, performance
SOC 2 Type II
We Never:
- ✕ Sell your personal information
- ✕ Share patient health information without authorization
- ✕ Use your data for third-party advertising
- ✕ Provide information to unauthorized parties
HIPAA & Data Security
Our Role
When you use Burna AI for patient care, we serve as your HIPAA Business Associate. We execute formal BAAs, follow HIPAA requirements, and only process data as you direct.
Security Measures
- TLS 1.3 encryption (transit) & AES-256 (rest)
- Secure API connections
- Complete audit trails
- Role-based access controls
Your Privacy Rights
You have rights regarding your personal data:
- Access & Correction: View and update your account data in Settings.
- Deletion: Delete your account and personal data anytime.
- GDPR Rights: Objection, restriction, withdrawal of consent.
- CCPA Rights: Know, delete, opt-out (we don't sell data), non-discrimination.
To exercise these rights, email: contact@burna.ai. We respond within 30 days.
Account Deletion & Retention
Deletion
In the app: Settings > Account > Delete Account. All personal data is permanently deleted within 30 days.
Retention
- Account info: Account duration + 30 days
- Clinical data: Configured by customer (default 7 yrs)
- Audio:Deleted after processing (< 24 hrs)
Mobile App (iOS)
Our iOS app respects Apple's App Tracking Transparency. We use microphone and speech recognition permissions only when you initiate recording for clinical documentation. We do not track you across other apps or share data with brokers.
Contact
Updates to This Policy
Last updated: January 2026. Material changes will be communicated via email.
Questions? Contact contact@burna.ai.
Toxicity doesn't wait
for documentation.
Grade adverse events the moment they surface
with AI built for oncology.