Legal

Privacy Policy

Scrutari AI LLC (“Scrutari,” “we,” “our”) is committed to protecting the privacy and security of personal data across every system we build and deploy. This policy describes how we collect, use, store, and protect information in connection with our products, services, and website.

Effective: March 1, 2026|Last Updated: March 29, 2026|SCRUTARI AI LLC — Nashville, TN

Data Collection & Sources

We are transparent about where personal data enters our systems. Data may be collected through three distinct channels, each governed by different handling protocols:

User Inputs

Information you provide directly through our website contact forms, partnership inquiries, pilot briefing requests, and email correspondence. This includes your name, work email address, company affiliation, job title, and any messages you submit.

Edge Device Telemetry

Operational data generated by Scrutari Edge-Guard hardware deployed at customer sites. This telemetry includes anomaly detection logs, system health metrics, and cryptographically signed alert payloads. Edge telemetry does not contain personally identifiable information (PII) under normal operating conditions and is processed locally on the device before any transmission.

Enterprise Platform Data

Data processed through Project Helios for healthcare revenue cycle auditing and financial compliance. This data is provided by our enterprise clients under separate Data Processing Agreements (DPAs) and is handled according to the strictest applicable regulatory requirements, including HIPAA where health data is involved.

We do not purchase, rent, or acquire personal data from third-party data brokers. We do not sell, rent, or trade personal information to any third party for marketing or advertising purposes.

AI Training & Automated Decision-Making

As an AI company deploying models in safety-critical environments, we hold ourselves to the highest standard of transparency regarding how our artificial intelligence systems interact with data.

Model Training Data

Our computer vision and auditing models are trained exclusively on proprietary datasets, licensed industrial imagery, and synthetic data generated under controlled conditions. We do not use customer-submitted personal data, contact form information, or website interaction data to train our AI models.

When enterprise clients participate in model fine-tuning programs, this is governed by explicit, separately negotiated Data Processing Agreements that specify permitted uses, retention periods, and deletion obligations.

Automated Decision-Making

Our Edge-Guard systems perform automated anomaly detection — identifying potential structural defects, corrosion patterns, and safety hazards. These automated assessments generate alerts for human review; they do not autonomously initiate physical actions that affect personnel safety.

Our Helios platform performs automated analysis of healthcare claims and financial records. All flagged anomalies are presented with supporting evidence and confidence metrics for human decision-makers. Scrutari AI systems provide decision support, not autonomous decisions, in domains where human judgment is required.

HIPAA & Health Data

When Scrutari processes Protected Health Information (PHI) on behalf of healthcare clients, we operate as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) and adhere to the HIPAA Administrative Simplification provisions.

MINIMUM NECESSARYAccess to individually identifiable health information is restricted to the minimum amount needed for the intended processing purpose.

ENCRYPTIONAll PHI is encrypted both in transit (TLS 1.3) and at rest (AES-256) across all storage and processing systems.

ACCESS CONTROLSRole-based access controls with multi-factor authentication. All access to PHI is logged in immutable audit trails.

BAA REQUIREMENTWe execute Business Associate Agreements (BAAs) with all covered entities prior to processing any PHI.

BREACH NOTIFICATIONIn the unlikely event of a security incident involving PHI, we will notify affected covered entities within 24 hours of discovery.

DATA RETENTIONPHI is retained only for the duration specified in the applicable BAA and DPA, after which it is securely destroyed.

Our Rust-native architecture provides an inherent security advantage for health data processing: compile-time memory safety eliminates buffer overflows and use-after-free vulnerabilities that have been the root cause of numerous healthcare data breaches industry-wide.

Tennessee ELVIS Act Compliance

As a Tennessee-domiciled company, Scrutari AI complies with the Ensuring Likeness Voice and Image Security (ELVIS) Act, which protects individuals against unauthorized AI-generated reproductions of their voice, image, or likeness.

Our AI systems require explicit, documented consent before generating, analyzing, or processing voice recordings, facial imagery, or any biometric likeness data.

We do not use AI to clone, replicate, or synthesize any individual’s voice or image for any purpose without prior written authorization from the individual.

Our industrial computer vision systems are designed to detect structural anomalies in physical infrastructure — they are not trained on, and do not process, human facial recognition or biometric identification data.

Cross-Border Data Transfers & Data Sovereignty

Scrutari operates across multiple jurisdictions, including the United States, West Africa, and Australia. We maintain strict data sovereignty controls to ensure that data remains within its legally required boundaries.

Regional Data Residency

Our infrastructure is architected to maintain data residency compliance by default. Edge-deployed systems process data locally at the point of collection. Where cloud synchronization is required, we utilize regionally deployed infrastructure within the applicable legal jurisdiction.

Edge-First Architecture

By design, the majority of data processing occurs on local edge hardware and never leaves the physical site. Anomaly alerts transmitted to central systems contain only the minimum metadata necessary for operational reporting — no raw video, no raw sensor data, and no personally identifiable information.

Sovereign Compliance

For deployments in jurisdictions with local data protection laws, we negotiate specific data handling terms as part of our deployment agreements. We do not transfer personal data across borders unless required by the customer and permitted by applicable law, with appropriate safeguards in place.

Your Rights & How to Contact Us

Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict the processing of your personal data. You may also have the right to data portability and to withdraw consent where processing is based on consent.

ACCESSRequest a copy of the personal data we hold about you.

CORRECTIONRequest correction of inaccurate or incomplete personal data.

DELETIONRequest deletion of your personal data, subject to legal retention obligations.

RESTRICTIONRequest that we restrict processing of your data in certain circumstances.

OBJECTIONObject to processing of your data for direct marketing purposes.

We will respond to all verified data rights requests within 30 calendar days. There is no fee for exercising your data rights.

Questions About This Policy?

If you have questions, concerns, or wish to exercise your data rights, contact our privacy team.

privacy@scrutari.ai Partnership Inquiry

SCRUTARI AI LLC • Nashville, Tennessee • United States