Privacy Policy

Last Updated: February 24, 2026

​

Turnkey AI Practice Inc respects your privacy and is committed to handling information responsibly. This Privacy Policy explains how we collect, use, and disclose information in connection with our website and services.

​

1. Our Role

Turnkey AI Practice Inc operates as a Business Associate to covered healthcare entities. When providing services to our customers, we may create, receive, maintain, or transmit Protected Health Information (“PHI”) on their behalf in accordance with applicable Business Associate Agreements and HIPAA requirements

2. Information We Collect

​

Website Information
When you visit our website or request information, we may collect contact details such as your name, email address, phone number, and practice information that you voluntarily provide.

​

Service-Related Information
In the course of providing services to covered entities, we may process PHI as defined under HIPAA. PHI may include patient identifiers, electronic medical records, patient accounting information, diagnostic images, test results, and other electronic health-related records

​

3. How We Use Information

We use information to:

• Provide and support our services
• Fulfill contractual obligations with covered entities
• Respond to inquiries and provide customer support
• Communicate product or service updates
• Comply with legal and regulatory requirements

​

We do not sell personal information.

​

4. Sharing of Information

We may disclose information:

• To covered entities in accordance with our agreements
• To subcontractors and service providers who are contractually required to safeguard PHI

• When required by law, regulation, or legal process

​

We require subcontractors to provide satisfactory assurance that PHI will be appropriately safeguarded before they create, receive, maintain, or transmit PHI on our behalf

5. HIPAA and Protected Health Information

PHI processed by Turnkey AI Practice Inc is governed by our agreements with covered entities and applicable HIPAA requirements. Our compliance scope includes all system components that interact with our sensitive data environment

​

6. Data Retention

We maintain written policies and procedures to comply with HIPAA and retain required documentation, including compliance and breach-related records, for a minimum of six (6) years

7. Breach Notification

A breach is defined as the acquisition, access, use, or disclosure of PHI in a manner not permitted under HIPAA that compromises its security or privacy. If a breach of unsecured PHI occurs, we notify the covered entity without unreasonable delay and no later than sixty (60) days after discovery and assist with required regulatory notifications.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.

​​