Product Pricing Company Blog
Sign In Get Started
Draft — pending legal review. This is a baseline template. Replace with finalized counsel-reviewed version before launch.
Cagnea

Privacy Policy

Last updated: May 2, 2026

Cagnea is operated by Atlas Medical Solutions Inc. ("Cagnea," "we," "our," or "us"). This Privacy Policy describes how we collect, use, store, and protect information when you use our website, application, and services (collectively, the "Services"). It also describes your rights and choices regarding that information.

If you are a healthcare provider using Cagnea to document patient encounters, the Protected Health Information (PHI) you process through Cagnea is governed by the Business Associate Agreement (BAA) we have with your organization. The BAA, together with the Health Insurance Portability and Accountability Act (HIPAA), takes precedence over this Privacy Policy with respect to PHI.

1. Information we collect

Information you provide directly

  • Account information: name, email address, professional credentials, organization affiliation
  • Billing and payment details (processed by our third-party payment processor; we do not store full card numbers)
  • Customer support communications
  • Content you submit through forms, surveys, or feedback channels

Information collected automatically

  • Device, browser, and operating system information
  • IP address and approximate location derived from it
  • Usage information (pages visited, features used, time spent)
  • Cookies, local storage, and similar technologies (see "Cookies" below)

Protected Health Information (PHI)

When you use Cagnea to document a patient encounter, audio and/or transcript content containing PHI is transmitted to, processed by, and stored by Cagnea on behalf of your organization as a business associate under HIPAA. Our handling of PHI is governed by the BAA and the protections described in Section 4 below.

2. How we use information

We use the information we collect to:

  • Provide, operate, and improve the Services
  • Authenticate users and secure accounts
  • Process payments and manage subscriptions
  • Communicate with you about the Services, security, and product updates
  • Diagnose technical problems, monitor performance, and prevent abuse
  • Comply with legal obligations

We do not use PHI to train, fine-tune, or evaluate machine learning models. Patient data processed through Cagnea is used only to deliver the contracted documentation service to your organization.

3. How we share information

We share information only as follows:

  • Subprocessors: Service providers that help us operate the Services (cloud hosting, analytics, payment processing, customer support tooling). Each subprocessor is contractually bound to confidentiality and security obligations consistent with this Policy and, where applicable, with our BAA obligations.
  • Within your organization: Information you generate using the Services may be accessible to administrators of your organization's Cagnea account.
  • Legal compliance: When required by law, subpoena, or other lawful process, or to protect the rights, safety, and property of Cagnea, our customers, or others.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets, with appropriate confidentiality protections.

We do not sell personal information. We do not share PHI for marketing purposes.

4. How we protect PHI and personal information

  • Encryption: All data is encrypted in transit (TLS) and at rest using industry-standard algorithms.
  • Access controls: Access to PHI and personal information is limited to authorized personnel with a legitimate operational need, logged, and reviewed.
  • Zero-data-retention by default: Audio recordings of patient encounters are deleted immediately after documentation generation. Generated notes are retained according to the data retention configuration agreed with your organization (default: 14 days for trial accounts, configurable for paid accounts).
  • No model training on PHI: Customer data, including PHI, is never used to train, fine-tune, or evaluate Cagnea's machine learning models.
  • BAA: Cagnea executes a Business Associate Agreement with every customer organization before clinical use of the Services.
  • Independent assessments: We undergo regular third-party security assessments and maintain compliance with applicable healthcare security frameworks.

5. Data retention and deletion

We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. PHI retention is governed by your organization's BAA configuration. Upon termination of services, we will return or destroy PHI in accordance with the BAA. You may request deletion of personal information by contacting us at the address below.

6. Your rights

Depending on where you live, you may have rights to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of personal information
  • Object to or restrict certain processing
  • Receive a copy of your personal information in a portable format
  • Withdraw consent (where consent is the basis for processing)

To exercise these rights, contact us at hello@atlasmedical.solutions. We will respond within the timeframes required by applicable law.

If you are a patient whose PHI is being processed by a healthcare provider that uses Cagnea, please direct PHI-related requests to your provider, who controls the data under HIPAA.

7. Cookies and similar technologies

We use cookies and similar technologies to operate the Services, remember preferences, analyze usage, and improve performance. Most browsers allow you to control cookies through settings. Disabling cookies may affect Service functionality.

8. International data transfers

Cagnea is operated from the United States. If you access the Services from outside the U.S., your information may be transferred to and processed in the U.S. We use appropriate safeguards for international transfers as required by applicable law.

9. Children's privacy

The Services are intended for use by healthcare professionals and are not directed to children under 13. We do not knowingly collect personal information from children under 13.

10. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by email. The "Last updated" date at the top of this page reflects the date of the most recent revision.

11. Contact us

For questions about this Privacy Policy or our privacy practices:

Atlas Medical Solutions Inc.
Studio City, Los Angeles, CA
Email: hello@atlasmedical.solutions