Legal

Privacy Policy

Last updated:

Draft — pending legal review.

This document is a working draft for product development. It has not been reviewed by counsel and is not a binding agreement until replaced with a counsel-reviewed version. Do not rely on it as legal guidance.

Align.ai (“we,” “our,” “us”) provides an AI-native practice operations platform for chiropractic practices. This Privacy Policy describes the information we collect about you, how we use it, who we share it with, and the choices available to you.

Align.ai is operated by CoreForge, Inc. (“CoreForge”). Patient health information (PHI) is handled separately under each practice’s Business Associate Agreement (BAA) — see our BAA page for how that works.

1. Information we collect

Account & practice information

When a provider or staff member signs up, we collect: name, email address, role, practice name, and authentication identifiers managed by our identity provider (Clerk). We do not collect Social Security numbers, government IDs, or financial account numbers from end users of the application.

Patient information (PHI)

Practices using Align.ai may upload, enter, or transmit information about their patients — including names, contact information, clinical notes, transcripts of clinical encounters, billing codes, and appointment data. We process this information only as a Business Associate of the practice (the “Covered Entity”) under a signed BAA, and only for the purposes described in that BAA and our Terms of Service.

Usage & technical information

We automatically collect log data about how the service is used: IP address, browser type, pages visited, timestamps, and error reports. This information is used to operate, secure, and improve the service.

Cookies & similar technologies

We use cookies and similar technologies to keep you signed in, remember preferences (such as sidebar collapsed state), and detect and prevent fraud. We do not use third-party advertising cookies.

2. How we use information

  • To provide, maintain, and improve the Align.ai service
  • To authenticate users and protect against fraud or abuse
  • To generate AI-assisted documentation, scheduling recommendations, and notifications on behalf of the practice
  • To communicate with you about your account, the service, and security alerts
  • To comply with applicable laws and our contractual obligations

We do not use protected health information to train general-purpose AI models. AI processing on PHI runs through HIPAA-eligible vendors with zero-data-retention configurations where available, under signed BAAs.

3. Subprocessors

We use the following service providers (“subprocessors”) to operate Align.ai. Each is engaged under a written agreement that flows down the relevant privacy and security obligations.

  • Vercel — application hosting, edge runtime
  • Supabase — Postgres database, file storage
  • Clerk — user authentication and session management
  • Anthropic — large-language-model inference (Claude)
  • Deepgram — speech-to-text transcription
  • Twilio — SMS reminders and notifications
  • Sentry — application error tracking (PHI scrubbed at the SDK boundary)

A current subprocessor list is available on request: legal@coreforgeconsulting.com.

4. Sharing

We do not sell personal information. We disclose information only:

  • To subprocessors operating under our instructions (see Section 3)
  • To the practice that controls the account (e.g., the practice can see staff activity within its own tenant)
  • To comply with a valid legal request (subpoena, court order, or as otherwise required by law) — to the extent permitted by the applicable BAA
  • In connection with a merger, acquisition, or asset sale, subject to continued protection of your information

5. Data retention

Account and usage data is retained for the duration of your relationship with Align.ai plus a reasonable period required by law and our backup cycle. Audit logs of AI activity are retained for at least 7 years to support HIPAA accounting-of-disclosures requests.

6. Your rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, or to object to certain processing. To exercise these rights for your own account information, contact privacy@coreforgeconsulting.com. Patient rights regarding their own PHI run through the practice (Covered Entity) under HIPAA.

7. Security

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of the information we hold — including encryption in transit (TLS 1.2+), encryption at rest (AES-256), tenant-level row-level security (RLS), and least-privilege access controls. No system is perfectly secure; we will notify you of material security incidents as required by law and our BAAs.

8. Children

Align.ai is a B2B tool for chiropractic practices. We do not direct the service to, or knowingly collect information from, individuals under 13 outside of clinical records entered by a provider or guardian.

9. International transfers

We operate primarily in the United States. If you access Align.ai from another country, your information will be processed in the United States. For practices with international patients, contact us about region-specific arrangements.

10. Changes to this policy

We will post material changes to this policy with a new “Last updated” date. For changes that materially affect your rights, we will provide additional notice (e.g., in-app banner or email).

11. Contact

Questions about this Privacy Policy: privacy@coreforgeconsulting.com.

Questions or to request a copy of any document on this page, contact legal@coreforgeconsulting.com.