Vailar AI
Compliance · United States

HIPAA Notice

How Vailar AI supports U.S. clinics with HIPAA-aligned practices and the responsibilities that remain with each clinic.

Version · v1.0.0Last updated · May 2026Effective · May 2026U.S. clinicsHIPAA-aligned controls
01

Our role and scope

Vailar AI is an AI consultation support and aesthetic visualization platform. It is not a healthcare provider, an electronic health record system or a medical diagnosis system.

We do not market the platform as HIPAA-certified. HIPAA does not formally certify products. Where applicable, Vailar AI may act as a Business Associate to U.S. covered entities under a separately executed Business Associate Agreement (BAA).

NoteA BAA is required before any U.S. customer transmits Protected Health Information (PHI) through the platform. Contact privacy@vailarai.com to request one.
02

Platform security practices

  • Encryption in transit (TLS 1.2+) and at rest
  • Role-based access controls and least-privilege principles
  • Audit logging of administrative and access events
  • Continuous infrastructure and dependency monitoring
  • Incident response procedures with customer notification
03

Clinic responsibilities

Clinics remain solely responsible for the lawful collection, processing, retention and disclosure of patient information they upload to the platform.

  • Obtain valid patient consent for image capture, AI visualization and any marketing use
  • Limit uploaded data to what is necessary for the consultation
  • Maintain HIPAA Security Rule administrative, physical and technical safeguards within the clinic
  • Train staff on appropriate use of AI consultation tools
  • Configure platform access controls to match staff roles
04

Protected information handling

When PHI is processed under a BAA, Vailar AI uses industry-standard safeguards to protect confidentiality, integrity and availability of that information.

We do not sell PHI. We do not use PHI to market unrelated products to patients.

05

Subprocessors

We rely on a limited set of vetted infrastructure and security subprocessors. A current list is available on request to enterprise customers, and material changes are communicated in advance.

06

Important limitations

  • Vailar AI does not provide medical advice or diagnosis.
  • AI outputs are visualizations and estimates, not guaranteed clinical outcomes.
  • Final treatment decisions remain the responsibility of licensed medical professionals.
07

Reporting concerns

If you believe your information has been handled improperly, contact privacy@vailarai.com. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.

Get in touch

For questions about this document, reach our legal team.

privacy@vailarai.com

Revision history

Every update to this document is logged to support compliance and audit needs.

VersionDateSummary of changes
v1.0.0May 2026Initial publication of this document.

Current version v1.0.0 · Effective May 2026 · Last updated May 2026

Ready to elevate every consultation?

See how Vailar AI runs in real clinics — request a tailored walkthrough.

Book a demoStart free trial