Privacy Policy

Table of Contents

1. Introduction

ABSON.ai (“ABSON.ai,” “we,” “us,” or “our”) provides an AI-powered medicolegal workflow and case-management platform designed for attorneys, physician expert witnesses, independent medical examiners (IMEs), peer review professionals, healthcare organizations, nurse consultants, and other professionals involved in medical-legal review, litigation support, claims analysis, and related workflows. The Platform assists with medical record organization, chronology generation, document analysis, report drafting, case collaboration, workflow management, and related professional support tools.

This Privacy Policy describes how we collect, use, share, and protect information when you use the Abson Platform (the “Platform”), visit our website at abson.ai, or interact with us through any other channel. We handle sensitive professional and clinical information with care proportional to the responsibility that medicolegal practice places on the clinicians who use us.

This Privacy Policy is incorporated into and governed by our Terms of Service. Capitalized terms not defined here carry the meanings assigned in those Terms.

2. Who This Policy Applies To

This Policy applies to all users of the Platform, including:

• Attorneys and their support staff using the Platform
• Physician expert witnesses using the Platform to manage case engagements, generate reports, and maintain medicolegal practice infrastructure
• Independent medical examiners and peer review physicians preparing evaluations for workers' compensation, personal injury, or payer-directed assessments
• Nurse practitioners and advanced practice providers engaging in expert witness or peer review work
• Organizational administrators managing multi-provider accounts
• Any individual who visits our website or communicates with us

If you access the Platform on behalf of an organization, this Policy applies to your individual use. Your organization may have its own data governance policies governing the information it processes through the Platform.

3. Information We Collect

3.1 Information You Provide

Account Information

When you create an account, we collect your name, email address, phone number, professional role, organization, mailing address, and account credentials. For clinician users, we may also collect:

• Medical license numbers and states of licensure
• Board certifications and specialty designations
• CV or professional biography
• Malpractice insurance carrier and policy information
• Fee schedules and engagement preferences

For attorneys, we may verify your bar license. For organizational users, we may also collect your EIN.

Case Content

When you use the Platform, you may upload medical records, clinical documents, imaging reports, pharmacy and billing records, and other case materials. This content may include Protected Health Information (PHI) as defined under HIPAA. You are responsible for ensuring that any PHI uploaded to the Platform is uploaded in compliance with applicable law and any applicable authorizations or agreements.

Protected Legal Workflow Content

Reports, chronologies, memoranda, and annotations you generate or draft within the Platform may be stored and associated with your account or organizational workspace. ABSON.ai treats this content as confidential and applies safeguards designed to protect it.

3.2 Information Generated Automatically

When you use the Platform, we automatically collect usage data including login timestamps, features accessed, document upload and processing events, and session duration. We also collect standard device and browser metadata: IP address, browser type and version, operating system, and device identifiers. This information is used to maintain security, diagnose issues, and understand how the Platform is used at an aggregate level. We do not use this information to build consumer advertising profiles or to serve targeted third-party advertising.

3.3 Information from Third Parties

If you connect the Platform to third-party services — including EHR systems via FHIR integration, case management platforms, or authentication providers such as Azure AD — we may receive information through those connections as configured by you. Third-party data sharing is governed by your agreements with those services.

4. How We Use Information

We may use the information we collect to:

• Provide, operate, and improve the Platform and its features
• Process uploaded records and generate AI-assisted chronologies, report sections, and clinical analysis
• Track multi-state licensure, certification, and compliance deadlines on your behalf
• Support case and revenue management workflows
• Maintain security, audit trails, and access controls
• Communicate with you about your account, Platform updates, and support requests
• Comply with legal obligations and respond to lawful requests

We do not use Your Content for generalized public AI model training, unrelated foundation model development, or cross-customer commercial AI training.

We may process Your Content, usage data, metadata, and technical information as reasonably indicated to provide, secure, support, troubleshoot, and improve the Platform and authorized customer workflows, consistent with our Terms, Privacy Policy, and applicable agreements. We do not use Your Content to serve third-party targeted advertising, and we do not sell your personal information to third parties.

5. AI Processing

The Platform uses artificial intelligence and machine learning technologies to assist with record processing, structured extraction, chronology generation, document analysis, and report drafting. Records uploaded to the Platform may be processed using AI systems and subprocessors operating within the United States to provide requested Platform functionality. ABSON.ai does not use Your Content for generalized public AI model training or unrelated commercial AI development.

6. Data Sharing

We share information only in the following circumstances:

6.1 At Your Direction

Case content is shared with other Platform users or external parties only as directed by you, your organization, or authorized organizational administrators through the Platform's access controls and sharing functionality. Subject to applicable organizational permissions, you and your organization control which users and external parties may access your case materials.

6.2 Subprocessors and Third-Party Service Providers

We rely on a limited number of third-party service providers to support operation of the Platform, including providers of cloud infrastructure, AI processing, authentication, and related technical services. Certain services may be delivered through our contracted service providers, which maintain the necessary agreements and licenses with their own subprocessors, vendors, or infrastructure providers. We require our service providers to implement and maintain appropriate technical, organizational, and contractual safeguards designed to protect personal data in accordance with applicable privacy laws, this Privacy Policy, and our Terms.

6.3 Legal Requirements

We may disclose information where required by applicable law, subpoena, court order, regulatory request, or other legal process, or where we reasonably determine disclosure is necessary to protect the rights, property, safety, security, or integrity of ABSON.ai, the Platform, our users, patients, or the public. Where legally permitted and reasonably practicable, we may provide notice before making such a disclosure.

6.4 Business Transfers

If we are acquired by or merge with another entity, your information may be transferred as part of that transaction. We will provide notice of any such transfer and ensure that the receiving entity is bound by privacy obligations consistent with this Policy.

7. Data Retention

Account information is generally retained for the duration of your account and for a reasonable period thereafter as necessary to comply with applicable law, contractual obligations, security requirements, dispute resolution needs, and operational requirements.

Unless otherwise configured by the applicable organization, required by applicable law, or governed by a separate written agreement, case content, uploaded records, workflow materials, and related work product are generally retained for seven (7) years following the last material activity associated with the applicable case.

Retention periods may vary based on organizational settings, legal holds, contractual obligations, security practices, backup schedules, operational requirements, and applicable law.

You may request deletion of your information, subject to applicable legal, contractual, regulatory, security, audit, retention, and operational requirements. Following a validated deletion request, applicable data may be deleted or de-identified from active production systems within a commercially reasonable period.

Deletion from active systems does not guarantee immediate deletion from backups, archives, disaster recovery systems, logs, retained audit records, de-identified datasets, embeddings, trained models, or other retained operational records that ABSON.ai may maintain as permitted by applicable law, contractual obligations, or its Terms of Service.

8. Data Security

The Platform operates on infrastructure and hosting environments located within the United States, including U.S.-based cloud infrastructure provided by Microsoft and related service providers. Customer data is stored within United States-based systems; however, ABSON.ai may utilize authorized employees, contractors, developers, technical support personnel, and service providers located in the United States or other jurisdictions in connection with the operation, maintenance, support, security, and improvement of the Platform.

In limited circumstances, incidental temporary copies of customer data may be accessed, cached, processed, or stored outside the United States on a transient basis as reasonably necessary to perform authorized support, maintenance, development, troubleshooting, or security functions. Such activities remain subject to applicable confidentiality, security, and access-control obligations.

ABSON.ai implements commercially reasonable administrative, technical, physical, and organizational safeguards designed to protect the confidentiality, integrity, availability, and security of customer data. Security measures may include encryption in transit and at rest, role-based access controls, authentication controls, logging and monitoring systems, and other security technologies and practices designed to support Platform security and operational integrity.

The Platform may maintain audit logs, access records, workflow activity records, document processing records, security logs, sharing records, and related operational telemetry associated with Platform activity. Audit and system records are generally retained for seven (7) years unless a different retention period applies based on organizational settings, legal requirements, contractual obligations, operational requirements, or retention policies.

Although ABSON.ai implements measures designed to maintain the integrity and security of audit and operational records, such records may be subject to technical limitations, system failures, delays, corruption, inadvertent alteration, or unavailability, and ABSON.ai does not guarantee that audit or operational records will be complete, immutable, continuously available, or suitable for every legal, evidentiary, forensic, regulatory, or compliance purpose.

If ABSON.ai determines that a Security Incident affecting customer data requires notification under applicable law or contractual obligations, ABSON.ai will provide notice without unreasonable delay and in accordance with applicable law. Notification timing and content may vary depending on the nature of the incident, applicable legal requirements, law enforcement considerations, containment efforts, and reasonable incident investigation procedures.

9. Your Rights and Choices

Subject to applicable law and organizational account settings, you may access, correct, update, or modify certain account information through the Platform or by contacting ABSON.ai.

You may also request access to, export of, or deletion of certain personal information associated with your account, subject to applicable legal, regulatory, contractual, security, audit, retention, and operational requirements. Certain information may be retained as required or permitted under applicable law, professional obligations, legal holds, dispute resolution requirements, security practices, backup procedures, or ABSON.ai's Terms of Service.

You may opt out of non-essential communications by following the unsubscribe instructions included in such communications or by adjusting your account settings where available.

To exercise applicable privacy rights or submit a privacy-related request, contact our Privacy Officer using the information provided in Section 17.

Depending on your jurisdiction, you may also have the right to submit a complaint to an applicable privacy or data protection authority if you believe your concerns have not been adequately addressed.

10. Health Information and HIPAA

To the extent the Platform processes Protected Health Information (“PHI”) subject to HIPAA, ABSON.ai may operate as a Business Associate pursuant to an applicable Business Associate Agreement (“BAA”). Organizations requiring a BAA should contact ABSON.ai before uploading PHI to the Platform.

ABSON.ai processes PHI solely as permitted under applicable law, the applicable BAA, and the Platform's Terms of Service. ABSON.ai does not use PHI subject to an applicable BAA for generalized public AI model training or unrelated commercial AI development.

11. State-Specific Privacy Disclosures

California (CCPA/CPRA)

California residents have the right to know what personal information we collect and how it is used, to request deletion of their personal information, to opt out of the sale or sharing of personal information (we do not sell or share personal information), to correct inaccurate personal information, and to limit the use of sensitive personal information. To submit a CCPA request, contact us using the information in Section 17.

Washington (My Health My Data Act)

Washington residents may have certain rights regarding consumer health data under the My Health My Data Act. We do not sell consumer health data. We collect, use, and process health-related information only as reasonably indicated to provide and support the Platform and services you have requested. Washington residents may contact our Privacy Officer to exercise their rights under the Act.

Other States

Users in Virginia, Colorado, Connecticut, Texas, and other states with applicable privacy laws may have rights, which may include access, correction, deletion, or the right to obtain a copy of certain information, subject to applicable legal exceptions and limitations. To exercise applicable privacy rights, contact our Privacy Officer using the contact information below. We will respond to verified requests in accordance with applicable law.

12. Cookies and Tracking Technologies

The Platform uses cookies and similar technologies for session management, authentication, security, performance monitoring, and related operational purposes. We may use essential cookies necessary for Platform functionality, analytic technologies that help us understand aggregate usage patterns, and preference cookies that remember your settings and configurations. We do not use advertising or third-party behavioral advertising technologies.

Regarding Do Not Track signals: the Platform does not respond differently to browser “Do Not Track” (DNT) signals because no industry-standard protocol for implementing DNT has been adopted. We may revisit this position if a consensus standard emerges.

13. Children's Privacy

The Platform is intended for attorneys, licensed healthcare professionals, physician experts, independent medical examiners, and other professionals engaged in medicolegal and related professional workflows. The Platform is not directed to or intended for use by individuals under the age of eighteen (18).

ABSON.ai does not knowingly collect personal information directly from children under 18 through the Platform. If ABSON.ai becomes aware that personal information has been collected directly from a child in violation of this policy, ABSON.ai will take commercially reasonable steps to delete or de-identify such information in accordance with applicable law and operational requirements.

14. International Data Transfers

The Platform operates on infrastructure and hosting environments located within the United States, and customer data is stored within United States-based systems. However, ABSON.ai may utilize authorized personnel and service providers located in the United States or other jurisdictions in connection with the operation, maintenance, support, security, and improvement of the Platform.

In limited circumstances, incidental temporary copies of customer data may be accessed, processed, cached, or temporarily stored outside the United States on a transient basis as reasonably necessary to perform authorized operational, support, maintenance, troubleshooting, development, or security functions.

ABSON.ai implements confidentiality, security, and access-control measures designed to protect customer data in connection with such activities.

15. Third-Party Integrations

The Platform may integrate with third-party services including EHR systems via FHIR, case management platforms, document management systems, and authentication providers. When you activate an integration, information is shared with the third-party service as configured by you. Third-party services operate under their own privacy policies. We are not responsible for the data practices of these third-party services, and we encourage you to review their policies before enabling any integration.

16. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, Platform features, or applicable law. ABSON.ai generally seeks to provide advance notice of material changes where reasonably practicable. These changes may be communicated through the Platform interface, by email to the address associated with your account, or other reasonable means.

Material changes affecting how personal information is collected, used, disclosed, or processed may be communicated separately before becoming effective where required by applicable law or where ABSON.ai determines additional notice is appropriate.

Your continued use of the Platform after the effective date of a revised Policy constitutes acceptance of the changes.

17. Contact Us

For questions about this Privacy Policy, to exercise your privacy rights, or to request a Business Associate Agreement, contact us at:

Abson.ai
Attn: Privacy Officer
[Physical Address]
[City, State, ZIP]
privacy@abson.ai

18. Third-Party Infrastructure and Service Providers

As of the Effective Date of this Privacy Policy, ABSON.ai utilizes, directly or indirectly through contracted service providers, certain third-party infrastructure, platform, security, authentication, payment, and AI service providers that may support operation of the Platform, including the following:

End of Privacy Policy
ABSON.ai — May 2026