Privacy Policy

QSimHealth, a ChiAha™ product · Last updated 2026-04-27

The short version

QSimHealth is a staffing-decision simulator. We collect the minimum we need to run your account, deliver the service, and bill it. We don't see, request, or process patient health information (PHI). We don't sell your data.

1. What we collect

Account data

• Email address (required to sign in and verify your account)
• Name, company / facility, job title (optional, used to personalize)
• Verification codes sent to your email at signup
• Subscription state (trial / paid / lapsed) and timestamps

Simulation data you enter

• Arrival rates, staffing schedules, treatment-time means — abstract numerical inputs you choose
• Scenario names you set, optional CSV exports you generate
• None of this is patient data; it's a model of an aggregate system

Optional AI chat data

• If you use the in-app AI helper, we log each turn (your message + the assistant's response) to enable debugging and abuse prevention
• Logs are stored on our infrastructure for up to 90 days, then aged out
• The AI helper sends your message to Anthropic (Claude) under their API terms; we don't share your messages with anyone else

Operational data

• IP address, user agent, request timestamps (used to rate-limit and detect abuse)
• Aggregated, anonymized usage counters for ops dashboards (no individually identifiable data)

2. What we do NOT collect

• No patient data. QSimHealth never asks for, transmits, or stores patient identifiers, dates of service, treatment outcomes, or anything that would make us a HIPAA business associate
• No payment card details. Subscriptions are processed by FastSpring; your card touches FastSpring, never our servers
• No third-party advertising trackers. We do not run ad-network pixels

3. How we use what we collect

• Run your account and authenticate sign-ins
• Send billing receipts (via FastSpring) and occasional product updates
• Bill via FastSpring (they handle the payment data)
• Detect and prevent abuse (rate-limit floods, validation attacks, spam signups)
• Improve the product based on aggregate usage patterns

4. Who we share data with

• FastSpring — handles your subscription billing. Their privacy policy: fastspring.com/privacy
• Fly.io — hosts the application infrastructure. Their privacy policy: fly.io/legal/privacy-policy
• Anthropic — processes your AI-helper messages (only if you use the in-app chat feature). Their policy: anthropic.com/legal/privacy
• ActiveCampaign — sends transactional and product emails. Their policy: activecampaign.com/legal/privacy-policy

We do not sell, rent, or trade your personal data to anyone.

5. Retention

• Account data retained while your account is active, plus 1 year for billing/audit reconciliation
• Simulation scenarios you save are retained for the lifetime of your account
• AI chat logs aged out at 90 days
• Operational logs (IP, request timestamps) retained for 30 days

6. Your rights

You can:

• Request a copy of the data we hold on you (email queuesim@chiaha.com)
• Correct inaccurate data via the app, or by emailing us
• Cancel your subscription anytime via the FastSpring customer portal (see our Terms)
• Delete your account by emailing us — we'll wipe your data within 30 days, except billing records we're legally required to retain

7. International users

QSimHealth is operated from the United States. If you're accessing it from elsewhere, your data is transferred to and processed in the US. By using the service you consent to that transfer. We aim to honor GDPR-style requests (access, rectification, erasure) for any user, regardless of location.

8. Security

Sessions are gated by a signup-verified cookie. Passwords aren't a concept here — sign-in is delegated to Google or Microsoft OAuth. Subscription state lives behind HMAC-signed FastSpring webhooks. Infrastructure runs on Fly.io with encrypted volumes and TLS terminating at the edge. We don't make HIPAA / SOC 2 claims because we deliberately don't collect the kind of data those frameworks govern.

9. Changes

If we make material changes, we'll email registered users at least 30 days before they take effect. Minor updates are reflected in the "Last updated" date above.

10. Contact

Questions, requests, or concerns: queuesim@chiaha.com. We aim to respond within 5 business days.