← Back to RAi
Privacy Policy
Clemtech Medical Solutions LLC · Last updated: May 28, 2026 · Effective: May 28, 2026
1. Who we are
RAi is a regulatory intelligence platform operated by Clemtech Medical Solutions LLC ("Clemtech", "we", "us", or "our"), a U.S. limited liability company. Our platform is accessible at rai.clemtechmedical.com. Contact us at privacy@clemtechmedical.com.
2. What data we collect
We collect:
- Account data: your name, work email address, company name, and password (stored hashed via Supabase Auth).
- Documents you upload: QMS files, DHF documents, SOPs, risk files, and other regulatory materials you choose to upload. These are stored encrypted in Supabase Storage (AWS S3 us-east-1).
- Project and submission data: project names, device classifications, intended use statements, and submission metadata you enter.
- AI chat messages: prompts you send and responses returned. These are sent to Anthropic's Claude API for processing and stored in our database for conversation history.
- Audit log data: timestamps, user IDs, and action descriptions for activities such as document uploads, e-signatures, and settings changes.
- Usage data: page views and feature interactions collected through Plausible Analytics (privacy-preserving, no cookies, no cross-site tracking).
We do not collect patient health information (PHI). RAi is a tool for medical device manufacturers and is not intended to be a covered entity under HIPAA. Do not upload patient records to RAi.
3. How we use your data
- To provide, operate, and improve the RAi platform.
- To process AI queries by sending your prompts (and optionally, excerpt context from your uploaded documents) to Anthropic Claude API.
- To send service-related emails (email confirmation, password reset, billing receipts). We do not send marketing email without opt-in.
- To maintain audit logs required for 21 CFR Part 11 electronic records compliance.
- To troubleshoot errors and improve reliability.
4. How we share your data
We share data only with the following sub-processors, for the purposes described:
- Supabase Inc. — database (PostgreSQL) and file storage. Data hosted on AWS us-east-1. Supabase Privacy Policy.
- Anthropic PBC — AI inference (Claude API). Your chat prompts and any document excerpts provided as context are sent to Anthropic for processing. Anthropic does not train models on API inputs by default. Anthropic Privacy Policy.
- Cloudflare Inc. — CDN, edge compute (Workers), and DDoS protection. Cloudflare Privacy Policy.
- Stripe Inc. — payment processing. We do not store full card numbers. Stripe Privacy Policy.
- Resend (Plus Five Five, Inc.) — transactional and outreach email delivery (invites, confirmations, notifications). Processes recipient email addresses and message content. Resend Privacy Policy.
- Microsoft Corporation — when you connect Microsoft 365, documents you choose to import are read on demand via the Microsoft Graph API using OAuth tokens you authorize. Microsoft Privacy Statement.
- Plausible Analytics — privacy-preserving, cookieless web analytics (aggregate page views; no cross-site tracking, no personal profiles). Plausible Privacy Policy.
We do not sell your data. We do not share your data with third parties for advertising purposes.
Enterprise customers can execute a Data Processing Agreement (DPA), which includes the current sub-processor list and Standard Contractual Clauses for international transfers.
5. Data retention
Account data and uploaded documents are retained for the duration of your subscription plus 90 days after cancellation, then permanently deleted. You may request deletion at any time by emailing privacy@clemtechmedical.com. Audit logs are retained for 7 years to support regulatory compliance obligations.
6. Security
We implement industry-standard security controls including: TLS 1.2+ in transit, AES-256 encryption at rest for files, JWT-based authentication with short-lived tokens, role-based access control, and structured audit logging. Enterprise customers requiring a Business Associate Agreement (BAA) should contact us before uploading any PHI.
7. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. To exercise any of these rights, email privacy@clemtechmedical.com. We will respond within 30 days.
8. Cookies
RAi uses a single session cookie strictly necessary for authentication. We do not use advertising or cross-site tracking cookies; our analytics (Plausible) are cookieless.
9. Changes to this policy
We may update this policy from time to time. Material changes will be posted here with a new effective date.
10. Contact
Questions about this policy or your data: privacy@clemtechmedical.com.