Last Updated: Oct 1, 2025

Moonset Health Mobile App Privacy Policy

Moonset Health Mobile App Privacy Policy

Effective date: October 1, 2025

Moonset Health is a product/brand of Summed AI, Inc. (“Summed AI,” “Moonset Health,” “we,” “us”).

This Mobile App Privacy Policy (the “App Policy”) describes how we collect, use, disclose, and protect information when you use the Moonset mobile application (the “App”). It supplements our Website Privacy Policy (the “Website Policy”). If there is a conflict between the Website Policy and this App Policy for App usage, this App Policy controls.

HIPAA Notice. When the App is used by or on behalf of a covered entity (e.g., hospice, home health agency, skilled nursing facility), we act as a Business Associate and process Protected Health Information (PHI) only to provide the services and as permitted by our Business Associate Agreement (BAA). We do not sell PHI and do not use PHI for advertising.

1) Scope

This App Policy applies to: (a) clinicians and staff who use the App under an organization’s account (“Authorized Users”); and (b) any person whose information is captured in the App (e.g., via audio) as part of clinical documentation for that organization. It does not apply to websites or services we do not control.

2) Information we collect via the App

Your organization controls which features are enabled.

Account & Identifiers. Name, work email, role, organization, internal user ID, device identifiers.

Audio & Derivatives. Audio captured during visits or documentation sessions and resulting artifacts (transcripts, summaries, structured fields). With permission, the App accesses the microphone to record audio.

Patient/Member Data (PHI). Information contained in transcripts, forms, notes, or imported from your organization’s systems (e.g., demographics, vitals, assessments, diagnoses, medications, care plans).

Usage & Diagnostics. App interactions, feature telemetry, logs, crash reports, performance metrics (used to secure and improve the App).

Device & Network Metadata. Device model/OS, IP address, timestamps, and similar technical data. We do not collect precise device location unless explicitly enabled for a feature.

Children: The App is for professional use by adult clinicians and is not intended for children under 18.

3) How we use information

We use information to:

  • Operate the App (record, transcribe, generate drafts, autopopulate forms, QA checks, audit logs).

  • Secure the App (authentication, fraud/abuse monitoring, incident response).

  • Improve and support the App (analytics, debugging, quality assurance, feature development).

  • Comply with law and fulfill contractual obligations, including BAAs.

We do not use PHI for advertising/marketing and do not sell PHI.

4) Sharing & disclosures

We share information only as follows:

  • Service Providers/Subprocessors. Vendors that host, transcribe, store, or support the App under agreements requiring appropriate confidentiality, security, and (where applicable) HIPAA Business Associate obligations.

  • Your Organization. We provide your organization (the covered entity or its agent) access to content created by its Authorized Users and to related logs, analytics, and audit trails.

  • Legal & Safety. Where required by law or to protect rights, safety, or the security and integrity of the App.

  • Business Transfers. In the event of a merger, acquisition, reorganization, or asset transfer consistent with applicable law.

We do not share PHI with third parties for advertising or marketing.

5) Your organization’s responsibilities

Your organization controls Authorized Users and their access to PHI. Your organization is responsible for:

  • Establishing lawful authority to collect PHI in the App and providing required notices or consents to patients.

  • Managing Authorized User accounts and role-based access.

  • Configuring device- and MDM-level safeguards appropriate for its risk profile.

Device & Account Security / Authorized Users. You are solely responsible for monitoring Authorized Users’ access to the App and for the security of the devices and networks they use to access the App. You are solely responsible for any actions your Authorized Users take with respect to accessing the App and Your Data, including deleting or corrupting Your Data, accessing the App from an unauthorized device, or sharing Your Data with third parties. We are not responsible for the security of devices, accounts, or networks we do not control. Nothing in this section limits our obligations under HIPAA or our BAA.

6) Your choices & rights

Accounts are organization-provisioned. The App does not support creating accounts. Authorized Users receive access from their organization.

Access, correction, deletion. For PHI, contact your organization (the covered entity); we will assist them as required by HIPAA and our BAA. For other personal data we control (e.g., Authorized User profile), contact us at privacy@moonsethealth.com.

Account closure requests. Because accounts are provisioned by your organization, requests to remove access or close an account must be initiated with your organization’s administrator. You may also email us; we can help route requests to the appropriate administrator when possible.

Opt-outs. You may request we disable certain analytics in App settings where available. Core security/operational telemetry may be required.


7) Retention

Your organization controls retention of clinical records in the App. We retain PHI on behalf of your organization per our agreement/BAA and delete or return PHI upon request or at contract end, subject to legal retention requirements and disaster-recovery backups maintained for a limited period.

8) Security

We implement administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, access controls, audit logging, and workforce training. No system can be guaranteed 100% secure.

Important: We do not control the security of end-user devices (e.g., lost/stolen phones, jailbroken devices, malware on a device, weak local passcodes). Your organization should implement appropriate device and MDM policies (e.g., strong passcodes/biometrics, OS updates, disk encryption, remote wipe, screen lock, and MFA where available).

9) International transfers

We host and process data primarily in the United States. If data is processed elsewhere by a subprocessor, we require appropriate transfer safeguards.

10) California privacy disclosures

We do not sell personal information as defined by the CCPA/CPRA. California residents may submit requests as described in Section 6.

11) Third-party SDKs & links

If the App includes third-party SDKs (e.g., crash reporting, analytics), those providers act as our service providers and must not use PHI for their own purposes. The App may link to third-party sites or services we do not control; their privacy practices govern their services.

12) Children

The App is not directed to children under 18 and should only be used by trained clinical staff.

13) Changes to this App Policy

We may update this App Policy from time to time. We will post the updated version in-app and at the URL below with a new effective date. Material changes will be communicated as required by law.

14) How to contact us

Summed AI, Inc.

Email: privacy@moonsethealth.com

Mailing address: 3642B Intelake Ave N, Seattle, WA 98103

Where to find this in-app

Settings → Help & Legal → Privacy Policy


This App Policy is provided for informational purposes and does not constitute legal advice.