Sign In
Request Demo

Privacy Policy

Last Updated: February 17, 2026

Alehra, a product of Outrun Connect (“Alehra,” “Company,” “we,” “us,” or “our”), provides electronic health record (EHR), telehealth, practice management, AI-assisted documentation, and related healthcare technology services (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you access or use our websites, applications, and Services. By accessing or using the Services, you agree to this Privacy Policy and our Terms of Service.

This Privacy Policy applies to information collected by Alehra. It does not apply to third-party websites, services, or providers that may be linked within the Services.

1. Business Associate Role Under HIPAA

When Alehra provides Services to healthcare providers, clinics, or healthcare organizations (“Covered Entities”), Alehra acts as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

  • We process Protected Health Information (“PHI”) solely on behalf of and under the direction of the Covered Entity.
  • Our use and disclosure of PHI is governed by a Business Associate Agreement (“BAA”) and applicable law.
  • We do not use PHI for marketing, advertising, or data sale purposes.
  • We implement administrative, physical, and technical safeguards consistent with HIPAA Security Rule requirements.

If you are a patient or client of a healthcare provider using Alehra, your provider is the Covered Entity responsible for medical decisions and certain privacy obligations.

2. Information We Collect

A. Personal Information

We collect information that identifies or can reasonably be linked to an individual, including:

  • Name
  • Email address
  • Phone number
  • Mailing address
  • Practice or organization information
  • Login credentials
  • Payment information
  • Communications with us

B. Protected Health Information (PHI)

When used by healthcare providers, the Services may collect and store PHI, including:

  • Clinical documentation
  • Appointment information
  • Treatment notes
  • Claims and billing data
  • Uploaded medical records
  • Telehealth session data (if enabled)

PHI is handled in accordance with HIPAA and applicable law.

C. Non-Personal Information

We collect certain information that does not directly identify you, including browser type, device information, general location derived from IP address, usage statistics, and log data.

3. How We Use Information

We use collected information to:

  • Provide, operate, and maintain the Services
  • Authenticate users and protect account security
  • Process payments
  • Support telehealth functionality
  • Provide AI-assisted documentation features
  • Improve system performance and usability
  • Respond to customer service inquiries
  • Comply with legal obligations

We do not sell Personal Information or PHI, and we do not use PHI for targeted advertising.

4. AI & Automated Processing

Alehra may offer AI-enabled features, including transcription, note assistance, or workflow support.

Where AI tools process PHI:

  • Processing occurs under HIPAA-compliant safeguards.
  • AI vendors, where applicable, are contractually bound to confidentiality and security requirements.
  • PHI is not used to train public or external AI models without authorization.

Users remain responsible for reviewing and verifying AI-generated outputs.

5. Cookies & Tracking Technologies

We use cookies and similar technologies for secure authentication, session management, performance optimization, and analytics (on public-facing pages only).

We configure analytics to avoid collecting PHI. Advertising or tracking technologies are not deployed within authenticated clinical environments.

Please refer to our Cookie Policy for more details.

6. Information Sharing & Disclosure

Service Providers

We share information with vendors that assist with hosting, payment processing, security monitoring, and infrastructure support. Where vendors may access PHI, we execute appropriate Business Associate Agreements.

Legal Compliance

We may disclose information when required by law, subpoena, court order, or regulatory authority.

Business Transfers

In the event of merger, acquisition, or asset sale, information may be transferred as part of that transaction.

We do not sell Personal Information or PHI.

7. Data Security

We implement safeguards including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest
  • Role-based access controls
  • Multi-factor authentication (where enabled)
  • Audit logging
  • Session timeout protections

No system can guarantee absolute security.

8. Data Retention

We retain Personal Information and PHI for as long as necessary to provide the Services, comply with legal and regulatory obligations, resolve disputes, and enforce agreements. Retention periods may vary depending on regulatory requirements applicable to healthcare providers.

9. Your Privacy Rights (U.S. Residents)

Depending on your state of residence, you may have rights including:

  • Right to access
  • Right to correct
  • Right to delete
  • Right to portability
  • Right to opt out of targeted advertising
  • Right to non-discrimination

To exercise these rights, contact: info@Alehra.com. We will verify identity before responding.

Note: Requests regarding medical records should be directed to your healthcare provider.

10. Children’s Privacy

The Services are not directed to children under 13. We do not knowingly collect Personal Information from children without appropriate consent.

11. Do Not Track

The Services do not currently respond to Do Not Track browser signals.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised “Last Updated” date.

13. Contact Information

Alehra – Privacy & Compliance

Email: info@Alehra.com

Scroll to Top

Fill the form below to request demo