Privacy Policy
Effective Date: February 25, 2026
1. Introduction
Tikva Software Inc. ("Tikva," "we," "us," or "our") is a software company incorporated in Ontario, Canada. We provide an AI-powered platform designed specifically for Hospital Informatics teams (the "Service").
This Privacy Policy describes how we collect, use, disclose, and protect information when you use our Service. By accessing or using Tikva, you acknowledge that you have read and understood this Privacy Policy.
Our Service is designed for business-to-business (B2B) use by healthcare organizations, primarily hospitals in the United States and Canada. We do not offer our Service directly to individual consumers.
2. Information We Collect
2.1 Account Information
When your organization registers for Tikva, we collect information necessary to create and manage your account, including: names and contact information of authorized users, email addresses, job titles or roles, and organizational affiliation.
2.2 Usage Data
We automatically collect certain information when you interact with our Service, including: log data (IP addresses, browser type, pages visited, time and date of access), device information, feature usage patterns, and performance metrics.
2.3 Customer-Stored Data
Our customers may store, upload, or input data into the Tikva platform in the course of using our Service ("Customer Data"). Your organization, not Tikva, determines the types of Customer Data stored in the platform. Tikva acts as a data processor with respect to Customer Data, processing it only as instructed by your organization and as described in our service agreements.
Important: If Customer Data includes Protected Health Information ("PHI") as defined under HIPAA, a Business Associate Agreement ("BAA") must be executed between Tikva and your organization prior to any PHI being stored or processed through our Service. Please see Section 9 for more information.
3. How We Use Information
We use the information we collect for the following purposes:
Service Delivery: To provide, operate, maintain, and improve the Tikva platform and its features.
Customer Support: To respond to inquiries, troubleshoot issues, and provide technical assistance.
Security and Compliance: To detect, prevent, and address security incidents, fraud, and technical issues.
Analytics and Improvement: To analyze usage trends and improve our Service. We may use aggregated, de-identified usage data for internal analytics and marketing purposes. Such aggregated data does not identify any individual or organization.
Communications: To send service-related announcements, updates, and administrative messages.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
4. AI Features and Model Training
Tikva incorporates artificial intelligence features to enhance the Service. We want to be transparent about how data may be used in connection with these features:
Explicit Consent Required: We will only use Customer Data to train or improve our AI models if your organization provides explicit, affirmative consent. This consent is entirely optional and is not required to use the Service.
Opt-In Only: AI model training using Customer Data is strictly opt-in. By default, your data is not used for this purpose.
Right to Withdraw: If you have previously consented, you may withdraw your consent at any time by contacting us at info@tikva.ai.
PHI Exclusion: Protected Health Information is never used for AI model training purposes, regardless of consent.
5. Cookies and Tracking Technologies
We use cookies and similar technologies to operate and provide our Service. These technologies help us authenticate users, remember preferences, understand how users interact with our Service, and maintain security.
Essential Cookies: Required for the Service to function properly. These cannot be disabled while using Tikva.
Analytics Cookies: Help us understand how users interact with our Service so we can improve it.
You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.
6. Third-Party Service Providers
We engage trusted third-party service providers to help us deliver and improve our Service. These providers are contractually obligated to protect your information and may only use it as directed by us. Our current providers include:
Microsoft Azure: Cloud infrastructure and data storage services.
Vercel: Application hosting and deployment services.
Anthropic: AI and machine learning capabilities that power certain features of our Service.
We may update the list of service providers as our business needs evolve. All providers are selected based on their security practices and compliance certifications.
7. Data Storage and Security
7.1 Data Residency
All Customer Data is stored in data centers located in the United States. If your organization requires data residency in a specific jurisdiction (such as Canada), please contact us to discuss available options.
7.2 Security Measures
We implement appropriate technical and organizational measures designed to protect information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and employee training.
While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.
8. Data Retention
We retain information for as long as necessary to provide our Service and fulfill the purposes described in this Privacy Policy.
Active Accounts: We retain Customer Data for the duration of your organization's subscription to the Service.
Account Termination: Upon termination or expiration of your organization's subscription, we will retain Customer Data for a period of thirty (30) days to allow for data retrieval. After this period, Customer Data will be deleted in accordance with our data deletion procedures, unless retention is required by law or for legitimate business purposes (such as resolving disputes).
Aggregated Data: We may retain aggregated, de-identified data indefinitely for analytics and service improvement purposes.
9. Healthcare Customers and HIPAA Compliance
Tikva is designed to serve healthcare organizations that may be subject to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations.
Business Associate Agreement: If your organization intends to store, process, or transmit Protected Health Information (PHI) through the Tikva platform, a Business Associate Agreement (BAA) must be executed between Tikva and your organization. The BAA governs our obligations with respect to PHI and takes precedence over this Privacy Policy for matters related to PHI.
No PHI Without BAA: Customers without an executed BAA must not store, upload, or transmit any PHI through the Service. Tikva is not responsible for any PHI uploaded to the platform in the absence of a valid BAA.
Breach Notification: Our breach notification procedures for PHI are set forth in the BAA. Please refer to your executed BAA for specific terms.
To request a BAA, please contact us at info@tikva.ai.
10. Your Rights and Choices
Depending on your jurisdiction, you or your organization may have certain rights regarding personal information. Because Tikva is a B2B service, individual user requests related to Customer Data should be directed to your organization's designated administrator. Your organization controls Customer Data stored in the platform, and Tikva will assist your organization in responding to individual rights requests as required by applicable law.
Organizational administrators may request access to, correction of, or deletion of Customer Data by contacting us at info@tikva.ai. We will respond to verified requests in accordance with applicable privacy laws, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable U.S. state privacy laws.
11. International Data Transfers
As noted in Section 7, Customer Data is stored in the United States. If you access our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.
For Canadian customers subject to provincial health information legislation (such as Ontario's Personal Health Information Protection Act), please contact us to discuss data residency requirements before storing any personal health information in the Service.
12. Children's Privacy
Our Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to delete that information.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify customers by email or through a notice on our Service prior to the changes becoming effective. We encourage you to review this Privacy Policy periodically.
The "Effective Date" at the top of this Privacy Policy indicates when it was last revised.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Tikva Software Inc.
Ontario, Canada
Email: info@tikva.ai