HIPAA Notice | The Diabetic AI

Effective Date: April 26, 2026 · Last Updated: April 26, 2026

Important clarification: The Diabetic AI is an educational technology platform, not a covered healthcare provider, health plan, or healthcare clearinghouse as defined by HIPAA. We are therefore not a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA). However, we take your health information seriously and apply strong privacy and security practices that align with HIPAA’s intent. This notice explains what that means for you in plain language.

1. What This Means in Plain English

HIPAA is a federal law that protects health information handled by doctors, hospitals, pharmacies, and health insurance companies. Because The Diabetic AI is an educational platform — not a clinical provider or insurer — HIPAA’s formal requirements do not legally apply to us.

What does apply? Our commitment to treat your health information with the same respect and care that HIPAA was designed to ensure. We voluntarily adopt HIPAA-aligned practices because we believe you deserve that protection regardless of what the law technically requires.

2. What Health Information We May Receive

When you interact with Emma AI or complete our health assessment, you may voluntarily share information such as:

Your current or past A1c, blood glucose readings, or other lab values
Medications you are currently taking (e.g., metformin, insulin, GLP-1 agonists)
Dietary patterns, weight, and exercise habits
Symptoms, comorbidities, or other health context you choose to share

This information is used solely to personalize Emma’s educational responses to you. It is not stored permanently unless you explicitly save your progress, is not shared with your insurance company or employer, and is not sold to third parties.

3. No Doctor-Patient Relationship

Sharing health information with Emma AI does not create a doctor-patient relationship. Emma is an AI educational companion, not a licensed medical professional. The Diabetic AI does not have access to your medical records, does not communicate with your healthcare providers on your behalf, and does not make clinical decisions.

Your physician remains solely responsible for your medical care. Emma is designed to help you have better, more informed conversations with your doctor — not to replace those conversations.

4. Your Rights Over Your Health Information

Even though HIPAA does not technically apply to us, we honor the spirit of your health privacy rights:

Right to access: You can request a copy of any health-related data we have stored for you
Right to correct: You can ask us to correct inaccurate information
Right to delete: You can ask us to delete your health information and account at any time
Right to know: You can ask us how your information is used and with whom it is shared
Right to withdraw consent: You can stop sharing information with Emma AI at any time simply by ending your session

To exercise any of these rights, contact us at privacy@thediabeticai.com. We will respond within 30 days.

5. How We Protect Your Information

We implement technical and organizational safeguards consistent with HIPAA’s Security Rule principles:

Encryption in transit: All data transmitted between your browser and our platform uses HTTPS/TLS encryption
Access controls: Only authorized personnel can access stored user data, governed by role-based permissions
Session isolation: Emma AI conversations are processed in isolated sessions; conversation content is not stored in shared logs accessible to other users
Vendor agreements: AI infrastructure providers (including Anthropic) are bound by data processing agreements that restrict use of your data
Minimal data collection: We collect only first name and health context you voluntarily provide — never Social Security numbers, full medical records, or insurance information

6. If You Are a Healthcare Provider

If you are a physician or other licensed healthcare provider using The Diabetic AI’s Physician Series, please note that any patient information you enter into the Platform is subject to your own HIPAA obligations as a covered entity. Do not enter identifiable patient health information (Protected Health Information / PHI) into the Platform. Use de-identified or anonymized data when exploring the Platform’s features.

We are happy to discuss Business Associate Agreement (BAA) arrangements for healthcare organizations wishing to formally integrate our platform. Contact us at legal@thediabeticai.com.

7. Breach Notification

Although not legally required to follow HIPAA’s breach notification rules, we commit to notify affected users promptly (within 72 hours of discovery) if a security incident occurs that compromises their health information. We will describe what happened, what information was affected, what steps we took, and what you can do to protect yourself.

8. Children and Minors

Our platform is intended for adults 18 and older. We do not knowingly collect health information from minors. If a minor has shared health information with our platform, please contact us immediately and we will delete it.

9. Questions and Contact

If you have questions about how we handle your health information, or if you believe your privacy has been violated, please contact us:

The Diabetic AI, LLC
Privacy Inquiries: privacy@thediabeticai.com
Legal / BAA Inquiries: legal@thediabeticai.com
Website: thediabeticai.com

We are committed to being a trustworthy partner in your health journey. If you ever have concerns about your privacy, please reach out — we take every inquiry seriously and will respond promptly.