Last updated: May 12, 2026 | Effective: May 12, 2026
AIM Elemental Health Solutions, Inc. ("AEGCompliance," "we," "our," or "us") operates the AEGCompliance Ops™ software platform. This Privacy Policy explains how we collect, use, disclose, and protect information when you use AEGCompliance Ops.
Architecture note: AEGCompliance Ops is a local-first application. Your primary data — lot records, SOPs, chain of custody logs — stays on your device in your browser's local storage. Cloud transmission occurs only for authentication and version accountability (see Section 3 below), and only when you are signed in. You may also optionally enable cloud sync for team collaboration.
1. Information We Collect
1.1 Information you provide
- Account information: Email address, name, company/facility name — collected when you create an operator account or sign in.
- Clinic/facility data: Lot records, manufacturer names, API sources, CoA reference numbers, SOP versions, and chain of custody entries that you enter into the application.
- Support communications: If you contact us, we collect the content of your message and contact information.
1.2 Information collected automatically — local
- Local storage: The application stores lot records, SOP data, and audit logs in your browser's local storage (localStorage/IndexedDB) on your device. This data never leaves your device unless you are logged in and cloud sync is active.
- Session records: Digital sign-off records (operator ID, timestamp, action) are stored locally by default.
1.3 Information collected automatically — cloud
When you are signed in, the following information is transmitted to our Cloudflare Workers infrastructure:
- Version telemetry: On each login, the app sends: email address, operator name, facility name, app version, browser user agent, and IP address. This is stored in our audit log to meet 503B accountability requirements (FDA 21 CFR Part 11 compliance). Log retention: 90 days.
- Authentication tokens: Session tokens used to authenticate your operator account. Stored securely by Cloudflare Workers auth.
- Optional cloud sync data: If you enable the cloud sync add-on, your lot records, SOP versions, and facility data are transmitted to and stored in our HIPAA-compliant cloud infrastructure (Architecture B) to support team access and cross-device sync. This requires a signed BAA.
1.4 Information we do NOT collect
- We do not collect patient names, patient IDs, diagnosis codes, or any protected health information (PHI) as defined under HIPAA.
- We do not collect the content of medical records, prescriptions, or physician notes.
- The AEGCompliance Ops app is designed to NOT handle PHI. If you choose to enter PHI into custom fields or notes, you do so at your own risk and are responsible for ensuring your handling of that data complies with applicable law.
BAA notice: If you enable the optional cloud sync add-on (Architecture B), you may transmit facility data that includes information related to pharmaceutical products and patient-adjacent records. If your facility processes PHI, you are responsible for ensuring a Business Associate Agreement (BAA) is in place before enabling cloud sync. Contact
travers@aimelemental.com to execute a BAA.
2. How We Use Information
- Provide the service: Authenticate operator accounts, enforce SOP version requirements, log version checks for 503B audit trail compliance.
- Improve the product: Aggregate, de-identified version telemetry helps us understand usage patterns and prioritize updates.
- Support: If you contact us, we use your email to respond.
- Security: IP addresses and authentication tokens are used to secure and monitor access to the operator account.
We do not sell, rent, or share your personal information with third parties for their marketing purposes.
3. Data Architecture — Local vs. Cloud
| Data Type |
Default (Local) |
Cloud Sync (Optional) |
| Lot records |
✅ Your device only |
⚠️ CF Workers + D1 (BAA required) |
| SOP versions |
✅ Your device only |
⚠️ CF Workers + D1 (BAA required) |
| Operator email / name |
✅ Encrypted at rest |
✅ Included in cloud sync |
| Version telemetry (login) |
❌ Sent to cloud on every login |
✅ Always cloud — 90-day retention |
| PHI / patient data |
❌ Not collected |
⚠️ Not recommended; BAA required if enabled |
4. Data Retention & Deletion
- Local storage: Data stored in your browser's local storage remains on your device. You can delete this data at any time by clearing your browser data for this site or using the "Clear Local Data" function in the app.
- Version telemetry logs: Retained for 90 days in our D1 database, then automatically deleted.
- Cloud sync data (if enabled): Retained until you delete your account or disable cloud sync. Contact travers@aimelemental.com to request deletion of your cloud data.
- Authentication records: Retained for the duration of your subscription plus 30 days.
5. Security
Cloud infrastructure (version telemetry, authentication, optional cloud sync) is hosted on Cloudflare Workers with data stored in Cloudflare D1. Cloudflare's global network provides DDoS protection, TLS encryption in transit, and physical datacenter security.
When cloud sync is enabled under a BAA, data is handled in accordance with the HIPAA Security Rule (45 CFR Parts 160 and 164, Subparts A and C).
6. Your Rights
You may at any time:
- Request access to the personal information we hold about you
- Request correction of inaccurate personal information
- Request deletion of your personal information (subject to our legal retention obligations)
- Opt out of version telemetry by not signing in (note: this prevents cloud sync and team features)
To exercise any of these rights, contact travers@aimelemental.com.
7. Children's Privacy
AEGCompliance Ops is a business product intended for healthcare and pharmaceutical facility operators. It is not directed at individuals under 18. We do not knowingly collect information from children.
8. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy here with a revised "Last updated" date. Your continued use after the effective date constitutes acceptance of the updated policy.
9. Contact
AIM Elemental Health Solutions, Inc.
Email: travers@aimelemental.com
Website: aegcompliance.com