1. Introduction
Chaplain XT (“we,” “our,” or “us”) is committed to protecting the privacy of chaplains and the patients they serve. This Privacy Policy explains how we collect, use, and safeguard information when you use our healthcare chaplaincy platform at chaplain-xt.org.
2. No PHI By Design
Chaplain XT is architecturally designed to prevent the storage of Protected Health Information (PHI) as defined under HIPAA. We collect only:
- -- Patient first name (no last name)
- -- Room number
- -- Encounter type (pre-surgery, grief, etc.)
- -- Denomination mode selected
We do not collect: diagnosis codes, treatment details, insurance information, medical record numbers, Social Security numbers, dates of birth, or any other HIPAA-defined identifiers beyond first name.
3. Chaplain Account Information
When chaplains create accounts, we collect: email address, name, institutional affiliation, and role. Authentication is managed by Clerk. Payment processing is handled by Stripe. We do not store complete payment card details.
4. AI Processing
Prayer generation uses Cloudflare Workers AI. Patient encounter data (first name, encounter type, denomination) is processed at the edge and is not used to train AI models. Generated prayers are not retained after delivery unless the chaplain explicitly saves them.
5. Third-Party Services
We use Clerk (authentication), Stripe (payments), and Cloudflare (hosting, AI, database). Each processes data according to their respective privacy policies and our data processing agreements.
6. Data Security
All data is encrypted in transit (TLS 1.3) and at rest. Data is stored on Cloudflare's global network with enterprise-grade security. Role-based access controls ensure only authorized chaplains access encounter data.
7. Data Retention
Encounter data is retained for 90 days for analytics and reporting purposes. Account data is retained while the account is active. Upon account deletion, all associated data is permanently removed within 30 days.
8. Your Rights
You may request access to, correction of, or deletion of your personal data at any time. GDPR and CCPA rights apply where applicable. We do not sell personal information.
9. Children's Privacy
Chaplain XT is designed for use by healthcare professionals. We do not knowingly collect information from children under 13.
10. Contact
For privacy questions, contact us at privacy@chaplain-xt.org