Aisona Care Inc. ("Aisona," "we," "us," or "our") operates the Sona mobile application and the Sona Care Team Dashboard (collectively, the "Service"). Aisona is a Delaware corporation that provides an AI-powered care automation platform designed for participants enrolled in PACE (Program of All-Inclusive Care for the Elderly) organizations.
Aisona operates as a Business Associate under HIPAA to our partnered PACE organizations ("Covered Entities"). We process health information on behalf of and under the direction of these PACE organizations pursuant to Business Associate Agreements. As a Business Associate, Aisona does not issue a Notice of Privacy Practices (NPP); for your full HIPAA notice, refer to the NPP provided by your PACE organization.
The Service is designed to operate primarily in the United States, and authorized service providers may process information in the United States or other jurisdictions consistent with applicable law and contractual safeguards.
Contact: support@aisona.ai | 12130 Millennium Dr, Ste 300, Los Angeles, CA 90094
Your PACE care team registers you in our system. This may include:
When you use Sona, you engage in video or voice conversations with an AI companion. During these conversations, we collect:
Information from your conversations with Sona may be processed and made available to your assigned PACE care team for purposes of treatment, payment, and health care operations, including:
To the extent permitted by applicable law and our agreements with participating PACE organizations, we may create de-identified and aggregated data from Service data. Once de-identified in accordance with applicable law (including the HIPAA de-identification standard under 45 CFR §164.514(b)), such data is no longer treated as Protected Health Information or personal information and may be used for lawful business purposes, including analytics, service improvement, benchmarking, quality assurance, security, and product development.
We do not sell or share your personal information for cross-context behavioral advertising. We do not share personal information with third parties for direct marketing purposes.
Health signals, requests, and conversation summaries may be processed and made available to your assigned PACE care team through the Sona Care Team Dashboard.
We use third-party service providers for hosting, AI processing, communications, and security. These providers process data on our behalf under contractual obligations, including Business Associate Agreements where applicable and other data processing or confidentiality terms as appropriate. Our key service providers include: Tavus, Inc. (AI video conversation), OpenAI, LLC (AI language processing and signal extraction), Anthropic, PBC (AI language processing and signal extraction), and Google Cloud Platform (cloud infrastructure).
We may disclose your information if required by law, regulation, legal process, or governmental request.
We implement industry-standard administrative, technical, and physical safeguards to protect your information, including encryption of data in transit and at rest, access controls limiting health information to authorized personnel, audit logging, and use of HIPAA-compliant infrastructure. Biometric data (Face ID) is stored only on your local device and is never transmitted to our servers.
In the event of a breach of unsecured Protected Health Information or personal data, we will provide notice and cooperate with applicable PACE organizations, regulators, and affected individuals as required by applicable law, including:
We will also fulfill our breach notification obligations under our Business Associate Agreements with participating PACE organizations.
We retain different categories of information for different periods based on the nature of the information, the purposes for which it was collected, our contractual obligations to participating PACE organizations, applicable healthcare and regulatory recordkeeping requirements, security and backup needs, dispute resolution, and legal compliance.
The following rights may be exercised by you or your authorized legal representative.
Requests related to access, amendment, accounting of disclosures, or restrictions on your Protected Health Information should be directed to your PACE organization or care team. As a Business Associate, Aisona will cooperate with your PACE organization to fulfill such requests in accordance with HIPAA and our Business Associate Agreement. For your complete Notice of Privacy Practices, refer to the NPP provided by your PACE organization.
Certain information we process on behalf of participating PACE organizations is protected health information or medical information governed by HIPAA and/or the California Confidentiality of Medical Information Act (CMIA, Civil Code §§56-56.37) and may be exempt from some or all rights under the CCPA. To the extent the CCPA/CPRA applies to non-exempt personal information, California residents may exercise the following rights, subject to identity verification and permitted exceptions:
We may deny or limit requests where permitted by law, including where we cannot verify identity, where the information is exempt under HIPAA or CMIA, where retention is required for healthcare recordkeeping or legal compliance, or where the request would adversely affect security, safety, fraud prevention, debugging, or the rights of others.
To submit a CCPA/CPRA data subject request, email privacy@aisona.ai. We will acknowledge your request within 10 business days and respond within 45 calendar days, as required by CCPA/CPRA.
Your health information is also protected by the California Confidentiality of Medical Information Act (CMIA, Civil Code §§56-56.37). We collect, use, and share your medical information as permitted by applicable law, our agreements with participating PACE organizations, and, where required, your authorization. To learn about your CMIA rights or to submit a request, contact your PACE care team or email support@aisona.ai.
All video and voice conversations with Sona are recorded. Recording begins only after you have affirmatively consented through the in-app consent process. A recording indicator (REC badge) is displayed before recording starts and throughout the conversation. You may end the conversation at any time to stop recording.
Consent provided during onboarding covers all subsequent sessions. A recording indicator is displayed at the start of each conversation to confirm that recording is active.
Sona is an AI-powered companion. Sona is not a doctor, nurse, or licensed healthcare provider. Sona does not provide medical diagnoses, treatment recommendations, or clinical advice. Information from your conversations with Sona may be processed and made available to your care team.
The Service is designed for adults enrolled in PACE programs and is not intended for use by children under the age of 18.
We may update this Privacy Policy from time to time. For material changes, we will provide notice as required by applicable law and, where practicable, by push notification or in-app message before the change takes effect, and update the "Last Updated" date.
Aisona Care Inc.
12130 Millennium Dr, Ste 300, Los Angeles, CA 90094
Email: support@aisona.ai
CCPA/CPRA requests: privacy@aisona.ai