New Surveys feature now available! Learn more →

Air360 HIPAA Statement

Air360 is a privacy-first behavioral analytics platform designed to operate without collecting Protected Health Information (PHI).

When implemented according to Air360’s documentation, the platform captures anonymous behavioral data while excluding user-entered text and other sensitive information through configurable masking and exclusion controls.

Customers are responsible for configuring the platform so that PHI is not transmitted to Air360.

Because many healthcare organizations require a Business Associate Agreement (BAA) as part of their vendor onboarding process, Air360 is prepared to execute a BAA for eligible customers.

The purpose of the BAA is to establish the parties’ responsibilities in the event PHI is inadvertently transmitted to the Services. It does not authorize the intentional use of Air360 to collect, store, or process PHI.

For customers with an executed BAA, Air360 enables full text obfuscation in session replay by default as an additional safeguard.

Air360 provides administrative, technical, and organizational safeguards appropriate to the Services and works with customers during implementation to help ensure that sensitive information is not captured.

Organizations with questions about HIPAA deployments or configuration should contact Air360 before implementation.