AI Data Use Policy
Last updated: August 5, 2025
This document describes how Elation Health (“Elation”) utilizes artificial intelligence (“AI”) within Elation’s products and services (individually and collectively, the “Service”), and how such use conforms to Elation’s privacy commitment as described below. When you use AI features within the Service, Elation handles all such inputs in accordance with its Service Agreement.
Table of Contents
Elation’s Privacy Commitment
You control your data. As your service provider, Elation processes information in support of the Service (as described in Elation’s Product Documentation) and in accordance with our Privacy Policy, your Order Form and/or Elation’s Service Agreement. Neither Elation nor its third party providers accesses your information, either directly or indirectly, for any purpose other than supporting your use of the Service and/or in accordance with your Service Agreement.
Elation AI:
Elation’s AI functionality may rely on the use of Large Language Models (“LLMs”) and/or other AI functionality. Elation uses third party LLMs and AI functionality under enterprise licenses to analyze your data Inputs (defined below), and other content depending on the context. Under all such licenses, Inputs shared by Elation with its third party providers are used only for the purpose of processing your specific requests and are handled in a secure environment without logging, retention or sharing. Your data is not used for model training purposes by Elation’s third party AI providers. A list of Elation’s third party AI service providers is available here.
Data You Submit and Receive; and Limitations of Outputs:
Information you submit to the Service is referred to as an “Input”. An answer, response, or other data returned by the Service is called an “Output”. Elation’s third party providers do not use your Inputs or related Outputs as data to train their models.
Because AI is a versatile technology that is still evolving, AI can generate Outputs that you don’t expect, including Outputs that are factually incorrect, unintended or unforeseen. It is important for you to understand the limitations of AI and LLMs generally to utilize the Service safely and responsibly.
Security of Data, Inputs and Outputs:
Data (including Inputs) sent to Elation, data received from Elation (including Outputs) and data stored within Elation, are secured in compliance with state and federal privacy laws, including HIPAA, using encryption and key management best practices. Additionally, Elation utilizes the following to ensure data security and integrity:
- Strong Authentication and Access Control: Administrative and privileged access is strictly controlled. Multi-factor authentication is mandatory for privileged accounts to block unauthorized access.
- Data Encryption: Patient data is safeguarded at rest and in transit, utilizing industry best practices for encryption.
- Ongoing Security Testing and Review: Elation uses third-party experts to regularly probe the Service for vulnerabilities, including structured penetration testing, code scanning, and application threat modeling.
- Audit and Risk Management: Elation maintains SOC2 compliance demonstrating careful attention to confidentiality, integrity, and system availability.