Sign In
Request Demo

Privacy Policy

Last Updated: May 24, 2026

Alehra, a product of Outrun Connect (“Alehra,” “Company,” “we,” “us,” or “our”), provides electronic health record (EHR), telehealth, practice management, AI-assisted documentation, and related healthcare technology services (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you access or use our websites, applications, and Services. By accessing or using the Services, you agree to this Privacy Policy and our Terms of Service.

This Privacy Policy applies to information collected by Alehra. It does not apply to third-party websites, services, or providers that may be linked within the Services.

1. Business Associate Role Under HIPAA

When Alehra provides Services to healthcare providers, clinics, or healthcare organizations (“Covered Entities”), Alehra acts as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

  • We process Protected Health Information (“PHI”) solely on behalf of and under the direction of the Covered Entity.
  • Our use and disclosure of PHI is governed by a Business Associate Agreement (“BAA”) and applicable law.
  • We do not use PHI for marketing, advertising, or data sale purposes.
  • We implement administrative, physical, and technical safeguards consistent with HIPAA Security Rule requirements.

If you are a patient or client of a healthcare provider using Alehra, your provider is the Covered Entity responsible for medical decisions and certain privacy obligations.

2. Information We Collect

A. Personal Information

We collect information that identifies or can reasonably be linked to an individual, including:

  • Name
  • Email address
  • Phone number
  • Mailing address
  • Practice or organization information
  • Login credentials
  • Payment information
  • Communications with us

B. Protected Health Information (PHI)

When used by healthcare providers, the Services may collect and store PHI, including:

  • Clinical documentation
  • Appointment information
  • Treatment notes
  • Claims and billing data
  • Uploaded medical records
  • Telehealth session data (if enabled)

PHI is handled in accordance with HIPAA and applicable law.

C. Non-Personal Information

We collect certain information that does not directly identify you, including browser type, device information, general location derived from IP address, usage statistics, and log data.

3. How We Use Information

We use collected information to:

  • Provide, operate, and maintain the Services
  • Authenticate users and protect account security
  • Process payments
  • Support telehealth functionality
  • Provide AI-assisted documentation features
  • Improve system performance and usability
  • Respond to customer service inquiries
  • Comply with legal obligations

We do not sell Personal Information or PHI, and we do not use PHI for targeted advertising.

4. Artificial Intelligence and Third-Party AI Processors

Alehra uses the following third-party AI services to power its clinical documentation, chat, and transcription features:

  • Google Vertex AI (Gemini) — Used for AI-assisted note generation, session summarization, clinical chat, and document embeddings. Processed under our Google Cloud BAA. Google does not use your data to train its AI models under this agreement.
  • OpenAI (Whisper and GPT-4o) — Used for audio transcription of uploaded session recordings and as a backup language model. Processed under our OpenAI BAA. OpenAI does not use your data to train its models under this agreement.

Patient health information (PHI) transmitted to these services is governed by executed Business Associate Agreements and is never used to train AI models, shared with third parties for advertising, or retained beyond what is necessary to fulfill the requested feature.

5. Google API Services — Limited Use Disclosure

Alehra’s use of information received from Google APIs (including Google Calendar) adheres to the Google API Services User Data Policy, including the Limited Use requirements. Google Calendar data is accessed solely to display provider availability and create or manage appointments. This data is not shared with AI models, used for advertising, or transferred to any third party outside of the core scheduling functionality.

6. Cookies & Tracking Technologies

We use cookies and similar technologies for secure authentication, session management, performance optimization, and analytics (on public-facing pages only).

We configure analytics to avoid collecting PHI. Advertising or tracking technologies are not deployed within authenticated clinical environments.

Please refer to our Cookie Policy for more details.

7. Information Sharing & Disclosure

Service Providers

We share information with vendors that assist with hosting, payment processing, security monitoring, and infrastructure support. Where vendors may access PHI, we execute appropriate Business Associate Agreements.

Legal Compliance

We may disclose information when required by law, subpoena, court order, or regulatory authority.

Business Transfers

In the event of merger, acquisition, or asset sale, information may be transferred as part of that transaction.

We do not sell Personal Information or PHI.

8. Data Security

We implement safeguards including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest
  • Role-based access controls
  • Multi-factor authentication (where enabled)
  • Audit logging
  • Session timeout protections

No system can guarantee absolute security.

9. Data Retention

We retain Personal Information and PHI for as long as necessary to provide the Services, comply with legal and regulatory obligations, resolve disputes, and enforce agreements. Retention periods may vary depending on regulatory requirements applicable to healthcare providers.

10. Your Privacy Rights (U.S. Residents)

Depending on your state of residence, you may have rights including:

  • Right to access
  • Right to correct
  • Right to delete
  • Right to portability
  • Right to opt out of targeted advertising
  • Right to non-discrimination

To exercise these rights, contact: info@Alehra.com. We will verify identity before responding.

Note: Requests regarding medical records should be directed to your healthcare provider.

11. Children’s Privacy

The Services are not directed to children under 13. We do not knowingly collect Personal Information from children without appropriate consent.

12. Do Not Track

The Services do not currently respond to Do Not Track browser signals.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised “Last Updated” date.

14. Contact Information

Alehra – Privacy & Compliance

Email: info@Alehra.com

Scroll to Top

Fill the form below to request demo