Privacy Policy

RCMHELPER is a company registered in the Arab Republic of Egypt. We operate a cloud-based SaaS platform providing AI-assisted clinical documentation, revenue cycle management, and prior authorisation tools for healthcare professionals globally. Registered address: Egypt Data enquiries: info@rcmhelper.com

We collect the following categories of data: • Account information: Name, email address, professional credentials, job title, and organisational affiliation. • Clinical content: Medical notes, diagnoses, procedure codes, medication lists, and clinical narratives submitted by users for AI analysis. This data may constitute personal data or sensitive health data depending on its content. • Usage data: Feature interactions, session logs, API call metadata, and performance metrics. • Billing data: Payment method type, transaction history, and invoice records. Full card numbers are never stored — payment processing is handled by our PCI-DSS compliant payment provider. • Technical data: IP addresses, browser type, device identifiers, and authentication timestamps for security and audit purposes.

We process your data for the following purposes and legal bases: • Service delivery (Contract): To provide AI-assisted CDI, prior authorisation, and RCM analysis features. • Security and fraud prevention (Legitimate Interest): To authenticate users, detect abuse, and maintain platform integrity. • Billing and subscription management (Contract): To process payments and manage your subscription. • Legal compliance (Legal Obligation): To comply with applicable laws including Egypt Law 151/2020, Saudi PDPL, and EU GDPR as applicable to your jurisdiction. • Service improvement (Legitimate Interest): Aggregated, non-identifiable analytics to improve platform performance. We do not train AI models on your clinical content.

Your data is stored on servers located within the European Union. All data at rest is encrypted using AES-256. All data in transit is protected using TLS 1.3. We do not store data on servers in the Kingdom of Saudi Arabia at this time. If you are a Saudi-based user or institution requiring in-country data residency, please contact us at info@rcmhelper.com to discuss enterprise data residency arrangements.

We engage the following third-party AI providers as data subprocessors. Content submitted to AI-powered features is subject to automated de-identification processing by RCMHELPER prior to transmission; notwithstanding the foregoing, users bear sole responsibility for ensuring that submissions do not contain personally identifiable health information (see Section 6). • OpenAI, L.L.C. (United States) Purpose: AI analysis through CDI, prior authorisation, and documentation modules. Transfer basis: EU Standard Contractual Clauses (SCCs) and OpenAI Data Processing Agreement. OpenAI has contractually agreed not to use submitted content for model training. • Anthropic, PBC (United States) Purpose: Supplementary AI processing capacity. Transfer basis: EU Standard Contractual Clauses (SCCs). We do not sell, rent, or share your personal data with third parties for marketing purposes.

Users bear sole and exclusive responsibility for all content submitted to the Platform. By submitting any content for AI analysis, the user represents and warrants that: (a) The submission complies with all applicable laws, including but not limited to patient consent requirements, professional confidentiality obligations, and applicable data protection regulations in the user's jurisdiction; (b) The user has independently verified that the submission does not include personally identifiable health information beyond what is strictly necessary and lawfully authorised. RCMHELPER applies automated technical de-identification measures to content prior to AI processing. Notwithstanding the foregoing, no automated de-identification process guarantees the complete elimination of all personally identifiable information. RCMHELPER expressly disclaims any warranty, express or implied, that such measures will achieve full anonymisation. Residual identification risk remains, and the user assumes all associated liability. RCMHELPER will not be liable for any privacy breach, regulatory penalty, or claim arising from a user's failure to ensure that submitted content was lawfully de-identified or that required consents were in place prior to submission.

We retain your data for the following periods: • Account data: For the duration of your subscription plus 3 years after account closure. • Clinical content and AI analysis results: 2 years from the date of submission, or until deletion is requested. • Billing records: 7 years in compliance with Egyptian commercial law. • Audit logs: 1 year. You may request earlier deletion at any time by contacting info@rcmhelper.com, subject to our legal retention obligations.

Depending on your jurisdiction, you have the following rights regarding your personal data: Under EU GDPR: • Right of access, rectification, and erasure • Right to data portability • Right to restrict or object to processing • Right to lodge a complaint with your national supervisory authority Under Saudi PDPL: • Right to access and correct your personal data • Right to request deletion of data where no legitimate retention basis exists • Right to withdraw consent at any time Under Egypt Law 151/2020: • Right of access, correction, and objection to processing • Right to request data deletion To exercise any of these rights, contact us at info@rcmhelper.com. We will respond within 30 days.

We use strictly necessary cookies to maintain your authenticated session. We do not use advertising, behavioural tracking, or third-party analytics cookies without your explicit consent. You may manage cookie preferences through your browser settings at any time.

We will notify registered users by email at least 14 days before any material changes to this Privacy Policy take effect. Continued use of the platform after the effective date constitutes acceptance of the updated policy.