Gigabox EHR

Privacy Policy

Effective: April 7, 2026

This Privacy Policy describes how Gigabox handles information when you use the Gigabox EHR mobile application (the “App”) and the related web application at praxis.gigabox.ai (collectively, “EHR”). EHR is operated by Gigabox.

Research and Development Status

Gigabox EHR is currently a research and development product. The patient profiles shown in the App are fictional and exist solely to demonstrate the platform's capabilities. EHR is not yet certified for use with real protected health information (PHI) and is not a substitute for clinical judgment. When that status changes, we will update this policy and notify active users by email.

Information We Collect

Account Information

When you create an account through Sign in with Apple, Google Sign-In, or email and password, we collect:

  • Your email address
  • Your display name (if provided by your authentication provider)
  • A unique identifier from your authentication provider (Apple, Google, or Clerk)

Application Usage Information

When you use the App, we collect:

  • The fictional patient profile you choose to view (your “linked patient” selection)
  • Push notification tokens, so we can deliver demonstration appointment reminders
  • Device information (operating system version, device model, app version) for diagnostic purposes

Information We Do Not Collect

  • We do not collect data from Apple HealthKit
  • We do not access your contacts, photos, location, microphone, or camera
  • We do not collect advertising identifiers
  • We do not use third-party analytics or behavioral trackers

How We Use Your Information

We use the information we collect to:

  • Authenticate your account and provide access to the App
  • Display the demonstration EHR experience (patient records, appointments, telehealth, prescriptions, lab orders, referrals)
  • Send push notifications for demonstration appointment reminders
  • Generate AI-powered features (visit summaries, draft messages, referral letters) using your selected demonstration data as input
  • Diagnose technical issues and improve the App

Third-Party Service Providers

We use the following service providers to operate EHR. Each processes only the data necessary to provide their service.

ProviderPurposeData Processed
ClerkAuthentication and identityEmail, name, OAuth identifier from Apple or Google
Google Cloud PlatformHosting, database, container infrastructureAll app data, encrypted at rest and in transit
OpenRouter / DeepSeekAI inference for summaries and draftsDemonstration patient text used as input
ResendTransactional emailEmail address, message content (appointment confirmations)
ExpoMobile build delivery and push notificationsPush notification tokens, device metadata
Apple Push Notification ServiceiOS notification deliveryPush notification payload

We do not sell your personal information to anyone. We do not share your information with third parties for marketing or advertising purposes.

Data Storage and Security

  • All data is stored in Google Cloud SQL (PostgreSQL) hosted in the United States (us-central1 region).
  • Database access is restricted to private IP addresses inside our virtual private cloud. The database is not exposed to the public internet.
  • Data is encrypted at rest using Google-managed encryption keys.
  • Data in transit is encrypted with TLS 1.2 or higher.
  • Authentication is handled by Clerk, which uses industry-standard JWT-based session management with rotating refresh tokens.

Your Rights

You have the following rights regarding your personal information:

  • Access — You can request a copy of the personal information we have about you.
  • Correction — You can request that we correct inaccurate information.
  • Deletion — You can delete your account at any time. To request deletion, send an email to info@gigabox.ai with the subject “Delete my EHR account.” An in-app deletion option is being developed and will be available in a future release.
  • Portability — You can request your data in a machine-readable format.

We will respond to all requests within 30 days.

Children's Privacy

EHR is intended for users aged 17 and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with information, please contact info@gigabox.ai and we will delete it.

International Data Transfers

Your information is stored in the United States. If you access EHR from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country.

Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective” date at the top of this page reflects the most recent change. Material changes will be communicated through the App or by email to your registered address.

Contact Us

For any questions about this Privacy Policy or to exercise your rights, contact:

Gigabox
Email: info@gigabox.ai
Web: https://gigabox.ai

See also: Terms of Service · Support · EHR home