Legal

Privacy Policy

Last updated: April 15, 2026

1. Who We Are

SuiteIQ, Inc. ("SuiteIQ," "we," "us") provides the SuiteIQ OR Intelligence Platform, a cloud-based tool that helps hospitals measure and optimize operating room turnover efficiency. This Privacy Policy describes how we collect, use, and protect information when you use our platform.

2. Information We Collect

Operational Data (Not Patient Data)

SuiteIQ is EHR-agnostic by design. We collect only operational timestamps from surgical suite turnovers:

  • Six milestone timestamps per case (Wheels Out, EVS Arrived, Room Clear, Anesthesia Ready, Circulator Ready, Wheels In)
  • Room assignment and operational status
  • Surgeon name and specialty (professional, not medical)
  • Operational case labels (e.g., "Case 3" — not patient names)
  • Delay reasons and notes
  • Computed OTES (OR Turnover Efficiency Score) metrics

What We Do NOT Collect

We intentionally exclude all clinical and patient data:

  • No patient names, medical record numbers, or demographics
  • No diagnosis or procedure codes (ICD, CPT)
  • No clinical notes, lab results, or imaging
  • No insurance, billing, or financial data
  • No FHIR resources, HL7 messages, or EHR integration of any kind

Account Information

For platform access, we collect staff contact information (name, email, phone number) and role assignments. User credentials are managed by AWS Cognito and are never stored in our application database.

3. How We Use Information

  • Turnover Analytics — computing OTES scores, trend analysis, and performance benchmarking
  • Real-Time Alerts — SMS and email notifications to designated staff when milestones are reached or delays are detected
  • AI-Powered Insights — analyzing historical data to suggest scheduling optimizations (processed via AWS Bedrock with no data retention by the AI model)
  • Platform Administration — user management, access control, and audit logging

4. Data Sharing

We do not sell, rent, or share your data with third parties for marketing purposes. Data is shared only with:

  • AWS — our cloud infrastructure provider, as a data processor under our Business Associate Agreement
  • Designated hospital staff — role-based alerts sent via SMS (AWS SNS) and email (AWS SES)

Each hospital's data is strictly isolated. Multi-tenant access controls enforce that users at one hospital cannot view or modify data belonging to another hospital.

5. Data Retention

Operational data follows a soft-delete lifecycle:

  • Deleted records are soft-deleted (marked inactive) and excluded from all active queries
  • Soft-deleted records are permanently purged after 90 days by an automated retention job
  • Audit logs are retained for a longer period and are append-only — they cannot be modified or deleted through the application
  • Database backups are retained for 30 days (production)

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Object to or restrict certain processing
  • Data portability

To exercise any of these rights, contact your hospital administrator or email privacy@suiteiq.io.

7. Contact Us

For privacy-related inquiries:
privacy@suiteiq.io
SuiteIQ, Inc.
Privacy Officer: Chevella Mack, CEO