Privacy Policy
Last updated: June 1, 2026
Okrana is built for practices that handle sensitive information. We take privacy seriously — this policy explains exactly what we collect, why, and how it's protected.
1. Who We Are
Okrana, Inc. ("Okrana," "we," "us," or "our") provides a HIPAA-compliant AI workspace for medical, legal, dental, and financial practices. Our registered address is Scottsdale, Arizona 85260. Questions about this policy should be directed to hello@okrana.com.
2. Information We Collect
When you create an account or request a demo, we collect:
Account information: Full name, work email address, practice name, and practice type.
Contact information: Phone number (optional), provided when scheduling a compliance review.
Usage data: Records of actions taken within the platform, including timestamps, IP addresses, and session activity, stored in our audit log for HIPAA compliance purposes.
Technical data: Browser type, operating system, and referring URL collected automatically when you visit our site.
We do not collect Social Security numbers, payment card numbers, or any Protected Health Information (PHI) through our marketing website or account creation forms.
3. How We Use Your Information
We use the information we collect solely to:
Provision and maintain your Okrana account and workspace
Communicate with you regarding your account, security events, or support requests
Send BAA-related notices and compliance documentation required by HIPAA
Respond to demo requests and schedule onboarding calls
Maintain audit logs as required by our Business Associate Agreement obligations
Improve the reliability and security of our platform
We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your information to train AI models.
4. Protected Health Information (PHI)
Okrana is a HIPAA Business Associate. Any PHI you or your staff enter into the AI workspace is governed by your signed Business Associate Agreement (BAA), not this Privacy Policy.
Key commitments regarding PHI:
PHI entered into the AI workspace is processed in your private, isolated Azure OpenAI instance and is not retained after the session ends
PHI is never used to train AI models — not ours, not Microsoft's
PHI is never shared with third parties except as required to perform the contracted services or as required by law
All PHI in transit is encrypted using TLS 1.2 or higher; all PHI at rest is encrypted using AES-256
Access to PHI is restricted to authorized users within your practice's tenant
You must sign the BAA before accessing any AI functionality within Okrana. The BAA governs all PHI handling obligations and supersedes any conflicting terms in this Privacy Policy.
5. Data Retention
Account data: Retained for the duration of your subscription plus 90 days after termination, then permanently deleted.
Audit logs: Retained for a minimum of 6 years from the date of creation, as required by HIPAA regulations (45 C.F.R. § 164.530(j)).
AI conversation content: Not retained. Prompts and responses are processed in memory and discarded at session end. No conversation history is stored on Okrana servers.
Demo request data: Retained for 12 months or until a service agreement is executed, then deleted.
You may request deletion of your personal data at any time by contacting hello@okrana.com. Deletion requests are fulfilled within 30 days, subject to legal retention obligations.
6. Third-Party Services
Okrana uses the following third-party infrastructure providers to deliver our service:
Microsoft Azure OpenAI — AI inference is performed within a private Azure deployment in a US data region. Microsoft processes queries under a data processing agreement that prohibits use of your data for model training.
Supabase — Authentication, database, and storage infrastructure hosted on AWS US-East. Supabase processes data under a DPA and GDPR-compliant terms.
Vercel — Hosting and edge delivery for the Okrana web application. No PHI or account data is stored at the edge.
No AI query content passes through any third-party analytics, advertising, or data broker service.
7. Cookies and Tracking
Okrana uses the following cookies and local storage mechanisms:
Session cookies — Required for authentication. Expire when you close your browser or after 24 hours of inactivity.
Security cookies — Used to detect and prevent fraudulent sessions.
Analytics (Vercel Insights) — Anonymous, aggregate page view data. No personal identifiers are collected. No cross-site tracking.
We do not use advertising cookies, pixel tracking, or fingerprinting.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
Access the personal data we hold about you
Correct inaccurate data
Delete your data (subject to legal retention requirements)
Restrict or object to certain processing
Data portability — receive a copy of your data in a structured format
To exercise any of these rights, email hello@okrana.com with the subject line "Privacy Request." We will respond within 30 days. Identity verification may be required before processing requests.
If you are in the European Economic Area, you have the right to lodge a complaint with your local supervisory authority.
9. Security
We implement administrative, physical, and technical safeguards designed to protect your information. These include role-based access controls, database-level row security, encrypted connections, server-side session validation, and ongoing security reviews. For a full description, see our Security page at okrana.com/security.
10. Children
Okrana is a business-to-business service intended for healthcare and professional practice operators. We do not knowingly collect personal information from individuals under the age of 18. If you believe we have inadvertently collected such information, contact us immediately at hello@okrana.com.
11. Changes to This Policy
We may update this Privacy Policy periodically. When we do, we will revise the "Last Updated" date at the top of the page and, for material changes, notify account holders by email at least 14 days before the change takes effect. Continued use of Okrana after the effective date constitutes acceptance of the revised policy.
12. Contact
For privacy questions, data requests, or concerns about our practices:
Okrana, Inc.
Email: hello@okrana.com
Scottsdale, AZ 85260