AIFees Inc. provides aiLabSlip to dental practices and dental service organizations. With respect to PHI processed through aiLabSlip, AIFees acts as a Business Associateunder the Health Insurance Portability and Accountability Act (“HIPAA”), and our customers (dental practices and the organizations that operate them) act as Covered Entities. Our processing of PHI is governed by a Business Associate Agreement (“BAA”) between AIFees and each customer.
Privacy Policy
Last updated: June 4, 2026
This Privacy Policy explains how AIFees Inc. (“AIFees,” “we,” “us,” or “our”) handles information in connection with aiLabSlip, a HIPAA-compliant platform for managing dental laboratory invoices and statements. aiLabSlip processes protected health information (“PHI”) on behalf of our customers and is distinct from our non-HIPAA fee-schedule products.
Who we are
Protected health information we process
aiLabSlip processes the lab documents that customers upload or connect, which may contain PHI. This typically includes:
- Lab invoices and statements, including patient names and identifiers, dates of service, procedure and product descriptions, and amounts.
- Document images and the text extracted from them during optical character recognition (OCR).
- Lab and practice identifiers and related metadata.
- Optionally, documents imported from a customer-connected Google Drive when the customer enables that integration.
We also process limited account information for authorized users (such as email address and organization membership) to operate the service. This account information is not PHI.
How we use PHI
We use PHI only to provide aiLabSlip to the customer and as permitted by the applicable BAA. Specifically, we use PHI to:
- Extract, structure, and display the contents of lab documents using OCR powered by Amazon Bedrock and Anthropic's Claude models.
- Let authorized users review, correct, organize, and export their lab documents.
- Maintain the security, integrity, and availability of the service, including audit logging.
We do not sell PHI, use it for advertising or marketing, or use it for any secondary purpose unrelated to providing the service. PHI is not used to train third-party models.
Subprocessors
We use a limited set of infrastructure subprocessors to operate aiLabSlip. PHI is processed on Amazon Web Services (“AWS”) infrastructure covered by an AWS Business Associate Addendum:
- Amazon Bedrock (Anthropic Claude) — OCR and document extraction.
- AWS Lambda — application and API compute.
- Amazon S3 — encrypted document storage.
- Amazon RDS — encrypted application database.
- Amazon Cognito — authentication and identity.
- Amazon SES — transactional email.
- Amazon CloudWatch — operational logging and monitoring (PHI-safe).
- AWS Amplify Hosting — application hosting.
If a customer enables the optional Google Drive integration, documents are imported from that customer’s Google Workspace. That processing occurs under the customer’s own agreement with Google, including any Business Associate Agreement the customer has in place with Google.
How we protect PHI
We apply administrative, physical, and technical safeguards designed to protect PHI:
- Encryption in transit using TLS 1.2 or higher.
- Encryption at rest using AES-256.
- Network isolation within a virtual private cloud (VPC).
- Authentication and session management through Amazon Cognito with JSON Web Tokens (JWT).
- Automatic logout after 15 minutes of inactivity.
- Tenant isolation so each organization can access only its own data.
- PHI-safe logging practices that keep patient-identifiable data out of application logs and error reports.
- Audit trails of access and key actions within the service.
Retention and deletion
We retain PHI for as long as needed to provide the service and as directed by the customer under the applicable BAA. On termination of a customer’s agreement, or on the customer’s instruction, we return or securely delete PHI in accordance with the BAA and applicable law, except where retention is required by law.
Individual rights
Because AIFees is a Business Associate and not the Covered Entity, individuals (such as patients) should exercise their HIPAA rights — including rights of access, amendment, and accounting of disclosures — through the dental provider that holds the relationship with them. We support our customers in responding to those requests as required by the BAA.
Breach notification
In the event of a breach of unsecured PHI, we will notify the affected customer in accordance with HIPAA and the timelines and procedures set out in the applicable BAA so the customer can meet its own notification obligations.
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify customers. Continued use of aiLabSlip after an update constitutes acceptance of the revised policy.
Contact us
For questions about this Privacy Policy or our handling of PHI, contact us at support@ailabslip.com.