Privacy
Privacy policy
Last Updated: December 1, 2025
Effective Date: December 1, 2025
Soma Lab, Inc. d/b/a SimCare AI (“SimCare,” “we,” “us,” or “our”) is committed to protecting the privacy of the students, faculty, and administrators who use our AI-powered simulation platform and field-experience management tools (collectively, the “Services”).
This Privacy Policy describes how we collect, use, and disclose data when the Services are used by an educational institution (an “Institution”) and its authorized end users (“Users”).
1. APPLICABILITY AND RELATIONSHIP TO INSTITUTION
1.1 Role of the Institution.
We provide the Services to Institutions (e.g., universities, counseling programs) under a commercial agreement (the “Agreement”). In this context, the Institution is the “Data Controller” and SimCare is the “Data Processor.”1.2 Educational Records (FERPA).
To the extent we access, store, or process identifying information derived from student education records (“Education Records”), we do so as a “School Official” with a “legitimate educational interest” under the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g). We remain under the direct control of the Institution with respect to the use and maintenance of Education Records.
2. INFORMATION WE COLLECT
We collect data to provide realistic educational simulations and manage field experiences.
2.1 Information Provided by Users or Institutions.
Account Information: Name, email address, student ID number, role (e.g., Student, Supervisor), and login credentials.
Field Experience Data: Site placements, hours logged, supervisor evaluations, and case summary reports (excluding PHI).
2.2 Usage and Automated Data.
Technical Logs: IP address, browser type, device information, and operating system.
Interaction Data: Metadata regarding session duration, feature usage, and clickstream data.
2.3 Voice and Audio Data.
If Users engage with the Services via voice mode, we process audio inputs solely to transcribe them into text for the AI simulation. We do not store raw audio files permanently unless explicitly configured by the Institution for review purposes.
3. HOW WE USE INFORMATION
We use the collected information for the following purposes:
3.1 Service Delivery.
To provide the simulation environment, track student progress, generate feedback, and manage field placements as requested by the Institution.
3.2 Educational Analytics.
To provide the Institution with dashboards and reports regarding User performance, cohort progress, and learning outcomes.
3.3 Artificial Intelligence.
Simulation Generation: User inputs are processed by our AI models to generate real-time, context-aware responses from patient avatars.
3.4 Safety and Security.
To detect and prevent fraud, abuse, or security incidents, and to enforce our Agreement.
4. DATA SHARING AND DISCLOSURE
We do not sell Student Data. We share data only as follows:
With the Institution: Administrators and Faculty have access to Student Data and performance logs as part of the educational oversight function.
Service Providers: We use trusted third-party vendors (e.g., cloud hosting, database management, LLM API providers) to deliver the Services. These vendors are contractually bound to confidentiality and security obligations consistent with this Policy and FERPA.
Legal Compliance: We may disclose information if required by law, subpoena, or court order, or to protect the rights and safety of SimCare, our Users, or the public.
Business Transfers: In the event of a merger, acquisition, or sale of assets, data may be transferred, subject to the requirement that the receiving party agrees to privacy protections substantially similar to those in this Policy.
5. DATA SECURITY
We employ industry-standard administrative, physical, and technical safeguards to protect data, including:
Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Access Controls: Access to production data is restricted to authorized personnel with a specific business need.
Audits: We conduct regular security assessments and vulnerability scans.
6. YOUR RIGHTS (STUDENTS AND USERS)
Because SimCare processes data on behalf of the Institution, the Institution is responsible for managing User rights.
Access and Correction: If you wish to access, correct, or delete your personal data, please contact your university or program administrator directly. We will assist the Institution in fulfilling these requests within a reasonable timeframe.
Data Portability: Users may request an export of their performance data through the Institution.
7. HIPAA AND PROTECTED HEALTH INFORMATION (PHI)
The Services are for educational training only.
No PHI Permitted: Users are strictly prohibited from entering real patient Protected Health Information (PHI) into the Services.
No Clinical Advice: AI-generated feedback is for academic simulation purposes and does not constitute clinical supervision or medical advice.
8. DATA RETENTION
We retain data only for as long as directed by the Institution or as necessary to fulfill the purposes outlined in the Agreement. Upon termination of the Agreement, we will delete or return Education Records in accordance with the Institution’s instructions, usually within thirty (30) days
9. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. If we make material changes that affect Student Data privacy, we will notify the Institution via email or a prominent notice within the Service.
10. CONTACT US
If you have questions about this Privacy Policy or our data practices, please contact us at:
Soma Lab, Inc. d/b/a SimCare AI
33 Irving Pl, Floor 3
New York, NY 10003
Email: hello@simcare.ai
