Aimé
Join early access

Legal

Privacy Policy

Last updated: June 4, 2026

Effective Date: June 4, 2026

Behavioral health clinicians hold some of the most sensitive information a person can share. When you choose to bring that work into Aimé, we treat it with care.

We built Aimé for clinicians who understand the weight of that trust. This Privacy Policy is our plain account of how we handle what you bring here — how we use it, how we protect it, and what we do not use it for.

This Privacy Policy describes how AidMi Health, Inc. (the “Company”, “we”, “us”, or “our”) collects, uses, stores, discloses, and protects information when you use Aimé, including the public website at aime.med, the Aimé web application, Ask Aimé, the Aimé Chrome Extension, voice and recording features, clinical documentation features, supported EHR/browser workflows, connected practice-context features, APIs, support, and related services that link to this Privacy Policy (collectively, the “Service”).

If you use the Service as a covered entity or business associate under HIPAA, our Business Associate Agreement (“BAA”) may also apply to Protected Health Information (“PHI”). You may request a copy of the BAA, including an executed or countersigned version where required for your records or procurement process. If there is a conflict regarding PHI, the BAA controls.

Behavioral Health Privacy Commitments

Aimé is built for clinicians who handle deeply sensitive behavioral-health information. Our commitments include:

  • we do not sell personal information;
  • we do not share personal information for cross-context behavioral advertising;
  • we do not use Customer Content, PHI, raw audio, transcripts, clinical notes, Ask Aimé prompts, chat messages, patient context, or clinical narratives to train first-party or third-party AI models without explicit, opt-in written consent;
  • we do not use the Chrome Extension to collect general browsing history;
  • we do not use PHI for advertising;
  • we do not silently record audio. Recording, dictation, and voice features begin only when you initiate or direct them;
  • we delete or discard raw audio after transcription, voice processing, or note generation unless you explicitly enable or request an audio-storage feature, or retention is required for legal hold, security investigation, support troubleshooting with appropriate permission, or a similar compliance need;
  • we do not have humans review session content for product improvement without customer permission. Human review of session content may occur only with customer permission, for support or security needs, to comply with law, or to investigate safety, privacy, security, compliance, or service-integrity issues;
  • if we receive a legal demand for Customer Content or PHI, we will make reasonable efforts to notify the relevant customer first so the customer may seek a protective order, move to quash, or pursue another available remedy, unless notice is legally prohibited, immediate disclosure is required, or notice would create a risk of harm, fraud, security compromise, or legal violation;
  • some actions — such as writing to an EHR, sending a patient message, changing an appointment, or preparing billing-related information — are available only where supported and may require review, confirmation, role permission, or other controls;
  • Aimé is not a substitute for your professional judgment, patient relationship, legal obligations, payer guidance, or emergency protocols.

How Aimé works with context

Aimé works best when it can see the context you choose to connect, select, upload, or direct it to use. Depending on the features you use, Aimé may process information from your account, your organization, recordings you start, transcripts and notes, patient context, supported EHR pages, calendar or scheduling context, inbox or patient-communication context, payer or claim-readiness context, files, and prior Aimé activity.

Some context is stored so Aimé can support continuity, documentation, support, security, and your organization’s records. Some context is processed only temporarily to complete a task. Some context is captured from a supported browser/EHR page only when you use a feature that needs it. We design these flows around user direction, minimum necessary access, human approval for sensitive actions, and workflow records or receipts where the product supports them.

Not every category of information applies to every customer, plan, EHR, integration, or workflow. Aimé processes the categories needed for the features you use and the systems you connect or direct Aimé to use.

Notice at Collection for California Residents

California residents: this Privacy Policy, including the California Privacy Notice below, is our notice at collection. The California Privacy Notice describes the categories of personal information we collect, the sources, purposes, disclosures, and California privacy rights. We do not sell personal information or share personal information for cross-context behavioral advertising as those terms are defined under California privacy law.

1. Information We Collect

1.1 Account, Profile, and Organization Information

When you create an account, sign in, join an organization, request access, start a trial, subscribe to a plan, or communicate with us, we may collect:

  • name;
  • email address;
  • phone number;
  • professional role, specialty, credentials, clinical persona, practice size, organization, and workplace details;
  • country, timezone, and preferences;
  • authentication credentials, password hashes, OAuth identifiers, two-factor settings, session data, account status, and terms-acceptance records;
  • billing email, plan, subscription status, payment metadata, and purchase records;
  • support messages, demo requests, feedback, and administrative communications.

1.2 Clinical and Customer Content

When you use Aimé for clinical documentation, voice, Ask Aimé, patient context, supported EHR workflows, scheduling, follow-up, claim-readiness, billing-support, or related features, we may process Customer Content such as:

  • audio recordings or audio chunks that you initiate for recording, dictation, transcription, or voice commands;
  • transcripts, transcript chunks, diarization, speaker labels, timestamps, confidence data, and transcription metadata;
  • generated notes, draft notes, edited notes, note templates, note sections, citations, note metadata, and related attachments;
  • patient identifiers and context you enter, select, upload, query, import, connect, or direct Aimé to use, such as names, MRNs, dates of birth, demographics, diagnoses, medications, allergies, conditions, assessments, clinical documents, goals, treatment plans, risk assessments, session summaries, forms, consent status, and other health-related information;
  • EHR, calendar, scheduling, inbox, patient-message, payer, claim-readiness, eligibility, copay, authorization, or billing-support context where you connect, enable, or direct Aimé to use those workflows;
  • Ask Aimé prompts, chat messages, evidence queries, retrieved sources, answers, citations, safety/provenance signals, and related interaction history;
  • workflow records, audit logs, and related records used to show what Aimé did or could not complete;
  • files, documents, imported content, EHR snippets, or other materials you provide.

Customer Content may include PHI when the Service is used in a clinical context.

Specially protected information

Behavioral-health records may include information that receives extra protection under federal, state, or professional rules, such as substance-use-disorder records, psychotherapy notes, minor records, reproductive-health-related information, or other sensitive categories. Aimé does not decide those rules for your practice. You are responsible for deciding what information may be recorded, uploaded, connected, or used with Aimé, and for configuring your workflows accordingly.

1.3 Chrome Extension and Browser Information

The Aimé Chrome Extension may collect or process information needed to provide extension features, including:

  • authentication tokens and configuration stored locally in your browser;
  • UI preferences, sidebar state, enabled domains, and extension settings;
  • selected patient, session, template, or workflow context;
  • active-tab information when you invoke extension features;
  • supported EHR domain, hostname, URL pattern or path, page type, page title, structural information, headings, landmarks, form-field labels, selectors, visible text, page state, and other limited page-structure metadata used to detect supported EHR surfaces and support Aimé workflows;
  • source snapshots or browser-action state needed to prepare, verify, or complete a supported task;
  • the text you direct the extension to insert into EHR fields or other supported connected systems;
  • microphone, tab-audio, or recording state when you initiate recording, dictation, or voice features;
  • local queue data for first-party analytics events and service reliability.

The extension may request broad browser permissions so it can work across different EHRs and clinical workflows. We design extension features to operate for user-directed Service functions, such as showing the sidebar, detecting supported clinical surfaces, generating notes, capturing context you choose to use with Aimé, preparing or completing supported EHR actions, and filling or pasting content at your direction. We do not use extension permissions for advertising or general browsing-history tracking.

1.4 Usage, Analytics, Device, and Log Data

We may collect information about how the Service is used, such as:

  • event names and limited event parameters, such as recording started or stopped, note generated, template changed, field fill attempted, action prepared, action completed, action failed, or chat response completed;
  • anonymous or pseudonymous client identifiers;
  • user ID and organization ID associated with authenticated events;
  • device type, browser, operating system, IP address, approximate location derived from IP, user agent, timestamps, request IDs, route paths, status codes, performance metrics, errors, and diagnostic logs;
  • security, audit, compliance, access, workflow, and administrative logs.

We maintain controls designed to prevent PHI from being included in analytics event names or analytics payloads. Some operational, security, support, workflow, or audit logs may include personal information or PHI where necessary for security, compliance, support, or service operation.

1.5 Website, Cookies, and Similar Technologies

We and our service providers may use cookies, local storage, pixels, analytics tools, and similar technologies on our websites and within the Service to:

  • operate the Service;
  • keep you signed in;
  • remember settings and preferences;
  • secure accounts and sessions;
  • measure performance and usage;
  • troubleshoot issues;
  • improve our products and communications.

You can control cookies through browser settings. Disabling cookies or local storage may limit functionality.

1.6 Information We Do Not Collect for Advertising

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We do not use PHI for advertising. We do not use the Chrome Extension to collect general browsing history for advertising or tracking.

2. How We Use Information

We use information to:

  • provide, operate, maintain, secure, and support the Service;
  • authenticate users and administer accounts, organizations, roles, permissions, sessions, and subscriptions;
  • record, transcribe, diarize, process, and generate documentation when you initiate or direct those features;
  • generate, edit, store, retrieve, export, and fill clinical notes, templates, summaries, and related documentation;
  • provide Ask Aimé answers, evidence retrieval, citations, source summaries, safety/provenance signals, and related clinical evidence workflows;
  • provide patient-context features, pre-session briefs, readiness checks, post-session closeout, follow-up drafts, patient-message drafts, claim-readiness checks, billing-support outputs, and end-of-day summaries where available;
  • provide supported EHR detection, EHR workflow support, note filling, field mapping, navigation, scheduling, paste-back, and extension functionality at your direction;
  • connect and refresh practice context where you enable integrations, imports, or connected-context workflows;
  • prepare, fill, paste, or submit information inside supported EHR or workflow surfaces only as directed by you, your organization, or the product configuration;
  • create and maintain workflow records, source references, and audit logs for supported workflows;
  • route prompts to Ask Aimé, evidence retrieval, patient-context tools, EHR action tools, or other helper systems needed to answer or complete a task;
  • provide dashboards, session history, patient context, transcript views, compliance tools, and organization administration;
  • process payments, trials, invoices, subscriptions, and billing records;
  • communicate with you about the Service, support, security, billing, updates, and policy changes;
  • monitor, debug, improve, and develop the Service, subject to the privacy commitments and AI-training limits in this Privacy Policy;
  • detect, prevent, investigate, and respond to fraud, abuse, security incidents, privacy incidents, service misuse, and legal claims;
  • comply with legal, regulatory, contractual, and professional obligations.

3. AI, Transcription, and Model Processing

Aimé uses models, transcription tools, retrieval tools, and related systems to provide the features you choose to use. Depending on configuration, Customer Content may be processed by our systems and by service providers or Subcontractors that help us provide hosting, storage, transcription, AI/model, retrieval, analytics, security, support, or other services.

Where features involve multi-step tasks, Aimé may gather context, select tools, or prepare outputs to help complete a supported workflow. These flows work within defined permissions, may require human review or confirmation, and may maintain workflow records where available. We do not treat model output as a substitute for professional judgment.

When PHI is processed in production, we use provider configurations and contractual safeguards intended for healthcare use where applicable. We do not use Customer Content, PHI, raw audio, transcripts, clinical notes, Ask Aimé prompts, chat messages, patient context, or clinical narratives to train first-party or third-party AI models without explicit, opt-in written consent. We do not permit our AI/model providers to use PHI or Customer Content to train their general-purpose models for their own purposes.

4. Audio and Recording Data

Aimé processes audio only when you initiate or direct a recording, dictation, transcription, or voice feature. Audio may be processed to generate transcripts, notes, voice responses, task routing, or related features.

Voice-command sessions may process spoken instructions, partial transcripts, tool results, and short-lived session state so Aimé can respond or route a task. Unless a feature clearly stores a transcript or note for your record, voice-command audio is treated as temporary processing data.

We delete or discard raw audio after transcription, voice processing, or note generation unless you explicitly enable or request an audio-storage feature, or retention is required for legal hold, security investigation, support troubleshooting with appropriate permission, or a similar compliance need. Transcripts, notes, metadata, audit records, and workflow records may be retained as described in this Privacy Policy and any applicable BAA or customer agreement.

5. How We Share Information

We do not sell personal information. We do not rent personal information. We may share information:

  • Service providers and Subcontractors. We use providers for hosting, storage, databases, AI/model processing, transcription, authentication, security, monitoring, analytics, payment processing, email, support, and operations. They are required to protect information and use it only to provide services to us, subject to applicable agreements.
  • Your organization. Organization administrators and authorized clinicians or users may access information according to your organization’s settings, roles, permissions, and workflows.
  • Connected systems. Where you direct Aimé to use a supported EHR, calendar, inbox, payer portal, clearinghouse, or other connected system, information may be shared with or written to that system as part of the supported workflow.
  • Payment processors. We use providers to process subscriptions and related transactions.
  • Professional advisors. We may disclose information to lawyers, auditors, insurers, accountants, and advisors under confidentiality obligations.
  • Business transfers. We may disclose information in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, subject to appropriate protections.
  • Legal and safety. We may disclose information to comply with law, regulation, subpoena, court order, legal process, professional obligation, or governmental request, or to protect rights, safety, security, and the integrity of the Service, subject to our notification commitments above where applicable.
  • With your consent or at your direction.

You may request a current list of applicable subprocessors by emailing team@aime.med with the subject line “Subprocessor List Request”.

6. Security

We use administrative, technical, and physical safeguards designed to protect information processed by the Service. These safeguards may include access controls, authentication, encryption in transit and at rest where appropriate, audit logging, monitoring, least-privilege practices, vendor review, environment separation, backup and recovery measures, and security incident response processes.

For supported workflow actions, Aimé may also use controls such as human approval prompts, confirmation states, workflow records, and source references where available. These controls are designed to make supported actions visible and accountable, but they do not replace your obligation to review outputs, verify source systems, and comply with your clinical, legal, billing, payer, and professional responsibilities.

No system is perfectly secure. You are responsible for maintaining the confidentiality of your credentials, devices, browser profiles, connected systems, and account access.

7. Chrome Extension Permissions

The Aimé Chrome Extension may request permissions needed to support browser-based workflows, such as access to supported EHR domains, local storage, tabs, scripting, audio, or other browser capabilities. We use these permissions to provide the Service features you use, such as showing Aimé inside supported clinical systems, detecting page context, recording when initiated, preparing or filling content, and supporting clinician-approved workflow actions.

We do not use extension permissions for advertising, resale of data, or general browsing-history tracking.

8. Data Retention

We retain information for as long as reasonably necessary to provide the Service, support continuity of care and practice operations, comply with legal and contractual obligations, resolve disputes, enforce agreements, maintain security, support customers, and preserve auditability.

Retention periods vary depending on the type of information, customer settings, product configuration, legal requirements, and applicable agreements. For example:

  • raw audio is generally deleted or discarded after transcription, voice processing, or note generation unless retention is enabled or required for a permitted purpose;
  • transcripts, clinical notes, patient context, artifacts, workflow records, and audit logs may be retained to support documentation, clinical review, organization records, support, compliance, and continuity;
  • account, billing, security, and audit records may be retained as required for business, legal, and security purposes;
  • information in connected systems, such as an EHR, calendar, inbox, payer portal, or clearinghouse, is controlled by that system and your relationship with that system.

You or your organization may request deletion or export of certain information as described below, subject to legal, contractual, HIPAA, BAA, professional, security, and operational requirements.

9. Your Choices and Rights

Depending on your role, location, organization settings, and applicable law, you may have rights to access, correct, export, delete, restrict, or object to certain processing of personal information. You may also have choices about cookies, marketing communications, account settings, integrations, connected systems, recording features, and product configurations.

If you use Aimé through an organization, your organization may control certain records and settings. Requests involving PHI may need to be handled by the covered entity or business associate responsible for the record. We will support applicable requests as required by law, the BAA, and our customer agreements.

To make a request, contact us at team@aime.med.

10. California Privacy Notice

This section applies to California residents and supplements the rest of this Privacy Policy.

10.1 Categories of Personal Information We Collect

Depending on your use of the Service, we may collect the following categories of personal information:

  • Identifiers, such as name, email, phone number, account ID, user ID, organization ID, MRN, device identifiers, and online identifiers;
  • Professional or employment-related information, such as clinical role, specialty, credentials, practice details, and organization affiliation;
  • Commercial information, such as plan, subscription, payment metadata, and purchase records;
  • Internet or electronic network activity information, such as usage logs, device information, browser information, extension events, route paths, and diagnostic logs;
  • Geolocation information, such as approximate location derived from IP address;
  • Audio, electronic, visual, or similar information, such as audio recordings you initiate, transcripts, and related metadata;
  • Sensitive personal information, including account credentials and health-related information when the Service is used in a clinical context;
  • Inferences, preferences, and product settings;
  • Customer Content and PHI where you or your organization use the Service for clinical or practice workflows.

10.2 Sources

We collect information from you, your organization, authorized users, your browser or device, connected systems you enable or direct Aimé to use, service providers, Subcontractors, and product interactions.

10.3 Purposes

We use the categories above for the purposes described in this Privacy Policy, including providing, securing, supporting, improving, and administering the Service; processing clinical documentation and practice workflows; maintaining auditability; communicating with you; and complying with legal obligations.

10.4 Disclosures

We disclose information to the categories of recipients described in this Privacy Policy, including service providers, Subcontractors, authorized organization users, connected systems at your direction, payment processors, professional advisors, and legal or regulatory recipients where required.

10.5 Sale or Sharing

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

10.6 Sensitive Personal Information

We use sensitive personal information only for purposes permitted by applicable law, such as providing and securing the Service, processing PHI under applicable agreements, preventing fraud and security incidents, and complying with legal obligations. We do not use sensitive personal information to infer characteristics for advertising.

10.7 California Privacy Rights

California residents may have rights to know, access, correct, delete, opt out of sale or sharing, limit certain uses of sensitive personal information, and not be discriminated against for exercising privacy rights. Because we do not sell personal information or share it for cross-context behavioral advertising, we do not offer a sale/share opt-out for those practices.

To exercise rights, email team@aime.med with the subject line “California Privacy Request”. We may need to verify your request and may direct certain requests to your organization when the organization controls the relevant record.

11. Children’s Privacy

The Service is intended for clinicians, practices, organizations, and authorized users, not for children to use directly. We do not knowingly collect personal information directly from children through the public website. The Service may process information about minors when provided or directed by an authorized clinician, practice, organization, covered entity, or business associate in connection with clinical or practice workflows.

12. International Transfers

We are based in the United States. Information may be processed in the United States and other locations where we or our service providers operate. If you use the Service from outside the United States, you understand that your information may be transferred to and processed in the United States, subject to applicable law and contractual protections.

13. Do Not Track

Some browsers send “Do Not Track” signals. The Service does not currently respond to Do Not Track signals. We do not sell personal information or share it for cross-context behavioral advertising.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date and provide notice as required by law or our agreements. Your continued use of the Service after an update means the updated Privacy Policy applies, subject to any rights you or your organization may have under applicable law or agreement.

15. Contact

Questions or requests: