🚀 Exciting news, Contracts.ai is now free to sign up for everyone.
Sign up for free
cross icon

HIPAA Compliance Statement

CONTRACTS.AI, Inc. ("Contracts.ai", "we", "us", or "our") is committed to protecting the privacy and security of your personal information. This page describes how Contracts.ai supports compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the applicable HIPAA Privacy and Security Rules. It is intended to provide transparency into our data protection practices for customers, prospects, and partners handling protected health information (PHI).
last updated
January 29th, 2026
1. Overview

Contracts.ai is committed to safeguarding the confidentiality, integrity, and availability of protected health information (PHI) in accordance with HIPAA regulations. This statement summarizes the technical, administrative, and physical safeguards implemented to support HIPAA compliance.

2. Scope

This statement applies to all PHI processed or stored by Contracts.ai on behalf of customers, including data incorporated into AI-assisted features, documents, and platform usage metadata.

3. Roles and Responsibilities
  • Covered Entity / Customer: Responsible for determining the purpose and manner of PHI processing and compliance obligations under HIPAA.
  • Business Associate / Processor: Contracts.ai, handling PHI strictly according to documented customer instructions.
  • HIPAA Oversight: CTO / Security and Engineering Leadership

Contracts.ai executes its responsibilities under HIPAA through contractual Business Associate Agreements (BAAs) with covered entities.

4. Safeguards and Security Controls

Contracts.ai implements appropriate administrative, technical, and physical safeguards to protect PHI, including:

  • Access Control: Role-based access, strong authentication, and least privilege principles
  • Data Encryption: TLS 1.2+ for data in transit; encryption at rest for stored PHI where applicable
  • Audit Logging: Comprehensive logging of PHI access, modifications, and system events
  • Secure SDLC: All development follows secure software development lifecycle practices
  • Regular Security Testing: Internal vulnerability scans and third-party penetration testing
  • Incident Response: Documented procedures for breach detection, reporting, and remediation
5. Business Associate Agreement (BAA)

Contracts.ai executes BAAs with all customers processing PHI to document roles, responsibilities, and compliance commitments under HIPAA. The BAA addresses:

  • Permitted uses and disclosures of PHI
  • Safeguards and security controls
  • Reporting of breaches
  • Subcontractor / subprocessor obligations
6. Subprocessors

Any subprocessors engaged by Contracts.ai to support HIPAA-covered operations are contractually obligated to comply with HIPAA-equivalent safeguards and execute a flow-down agreement consistent with HIPAA Business Associate requirements.

7. Data Retention and Deletion
  • PHI is retained only as necessary to provide services or as required by law
  • Customers may request secure deletion of PHI in accordance with contractual agreements
8. Incident Response and Breach Notification

Contracts.ai maintains procedures for promptly detecting, containing, and responding to PHI security incidents. Breaches affecting PHI are reported to covered entities in accordance with HIPAA breach notification requirements.

9. Governance and Review

This HIPAA Compliance Statement is reviewed periodically and updated to reflect changes in regulations or internal practices. All HIPAA-related compliance documentation is maintained internally and is available to customers under executed BAAs.

10. Contact and Privacy Inquiries

Questions regarding this HIPAA Compliance Statement or Contracts.ai practices related to PHI may be directed to:

Email: hello@contracts.ai

Covered entities should submit PHI-related inquiries or requests through their designated contacts at Contracts.ai or under the executed BAA.

Built with love and care in Silicon Valley, USA
Sign Up
Sign Up
SOC 2 and SOC 3 certified
Company
AboutContactPrivacyTerms
Legal
GDPRCCPAHIPAASubprocessors
Support
hello@contracts.ai
© Contracts AI, Inc. All rights reserved.
Contracts.ai provides technology, not legal services, and its AI generated output is not legal advice, and may contain errors and misstatements or may be incomplete.  Use of Contracts.ai platform does not create an attorney-client relationship.

DISCLAIMER: All logos and trademarks appearing on this website are the property of their respective owners. Their use is for informational purposes only and does not constitute an endorsement, sponsorship, or affiliation.