Legal
Effective July 17, 2026 · Last updated July 17, 2026
This Privacy Policy describes how SOMA AI LLC (“SOMA AI,” “we,” “us,” or “our”) collects, uses, stores, and shares information in connection with the MACS Enterprise platform, including the MACS: CM mobile application, the MACS: IW mobile application, and the MACS web application (collectively, the “Services”).
SOMA AI LLC is an Indiana limited liability company. Contact us at privacy@somaaillc.com with questions about this Privacy Policy.
MACS Enterprise is a business-to-business service. Access is by invitation only — there is no public sign-up. The Services are used by two kinds of individuals:
Because MACS Enterprise operates on behalf of Customer Organizations, the Customer Organization responsible for your case controls significant aspects of your data, as described below. If you are an Injured Worker User, information in the Services may be part of the record of your workers’ compensation matter.
Device and technical information (device type, OS version, app version); usage and diagnostic information (authentication events, feature usage, error logs); and audit records of significant actions (for example, when a report is shared externally).
Microphone: used to record medical visits, only after the consent process in Section 3. Notifications: case-related alerts, if enabled.
MACS Enterprise does not record any medical visit without documented consent. Before a recording can begin, the injured worker must have a current, signed recording consent on file for the applicable jurisdiction. Consent language is specific to the applicable state and versioned, and the specific consent that authorized each recording is permanently associated with that visit’s record. Consent may be withdrawn at any time in the app or through your case manager; withdrawal stops future recordings but does not un-record prior visits, which remain part of the case record.
We use information to: provide the Services (case management, visit recording and documentation, messaging, medication tracking, reporting, and outcome analytics); generate AI-drafted transcripts, clinical summaries, and medication suggestions — all subject to review by a case manager before they are shared with the injured worker (Section 5); authenticate users and secure the platform, including audit logging; operate, maintain, and improve the Services; communicate with you about the Services; and comply with applicable law.
We do not use your information for advertising. We do not sell your information (Section 7.5). We do not permit our AI service provider to use your information to train its models (Section 7.2).
The Services use artificial intelligence to transcribe recorded visits, draft clinical summaries, and suggest medication list updates. AI-drafted content may contain errors and is not a substitute for professional medical judgment. By design, AI-drafted visit summaries are not released to injured workers until a case manager has reviewed them, and AI-suggested medications are never added to a medication list without case-manager approval. AI-generated content is not medical advice.
Information is stored on servers operated by our cloud providers in the United States: structured case information in an encrypted database (Amazon Web Services); visit recordings and generated reports in encrypted cloud storage (Amazon Web Services); Social Security numbers, where present, additionally encrypted at the field level via a dedicated key-management service. All data in transit is encrypted (TLS/HTTPS). Case Management Users are required to use multi-factor authentication. We maintain audit logging and access controls limiting each user to the cases and organization they belong to.
We have entered into Business Associate Agreements or equivalent data-protection agreements with the service providers that process identifiable health information on our behalf, including Amazon Web Services (infrastructure), Vercel (application hosting), and OpenAI (AI processing).
No method of storage or transmission is completely secure. If you believe your account or data has been compromised, contact us immediately at privacy@somaaillc.com. We investigate reported incidents and provide notifications as required by applicable law.
Case managers and authorized staff of the Customer Organization handling your case can view case information within their organization. Injured workers see their own case information, including visit summaries after case-manager review.
We share information with providers who process it on our behalf, under contracts (including BAAs where applicable) that limit their use of it: Amazon Web Services (database, storage, authentication, email, serverless processing); Vercel (application hosting); OpenAI (visit audio and related content for transcription and summary drafting — under our agreement, OpenAI does not use this content to train its models); Apple (technical information described in Apple’s own privacy policy, for the iOS apps).
Where authorized by the Customer Organization and permitted or required by applicable workers’ compensation law, reports or case information may be shared with participants in the claim — for example, the employer, the insurance carrier or third-party administrator, or treating providers — limited to the minimum information necessary for the purpose of the disclosure. External report sharing occurs through expiring secure links initiated by a case manager, and each external transmission is recorded in the audit log.
We may disclose information when required by law, court order, subpoena, or government request, or to protect the safety of any person or our legal rights. If SOMA AI LLC is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction; we will provide notice before your information becomes subject to a different privacy policy.
SOMA AI LLC does not sell, rent, or trade personal information or health information to any third party for any purpose, including advertising.
We retain information for as long as needed to provide the Services to your Customer Organization, for the duration required by applicable workers’ compensation record-retention law, and as required by other applicable law. Audit logs and consent records are retained to preserve the integrity and defensibility of the case record. Upon termination of an Organization Agreement, data return and deletion are handled as provided in that agreement and applicable law.
The Services are intended for adults 18 years of age and older. We do not knowingly collect personal information from children under 18. If you believe a child under 18 has provided personal information through the Services, contact privacy@somaaillc.com.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Services or by email and update the “Last Updated” date above. Continued use after changes take effect constitutes acceptance.
SOMA AI LLC — Attn: Privacy
Email: privacy@somaaillc.com
Website: macs-app.com