Legal
Privacy Policy
Last updated: April 19, 2026
Bayes AI, Inc. ("Taiga," "we," "us," or "our") provides AI-native medical billing services to independent healthcare practices. This Privacy Policy explains what information we collect, how we use it, and the choices you have. Where Taiga processes protected health information on behalf of a practice, that information is governed primarily by the Business Associate Agreement (BAA) between Taiga and the practice, which controls in the event of any conflict with this policy.
Information we collect
We collect information you provide when you contact us, request a demo, or use our services - including your name, work email, phone number, practice name, specialty, and other business contact details. When Taiga performs medical billing services for your practice, we also process protected health information (PHI) such as patient demographics, encounter notes, diagnosis and procedure codes, claim submissions, explanations of benefits, and remittance data. We collect limited technical data automatically through our website and product, including IP address, device and browser metadata, pages visited, referral information, and cookie identifiers.
Website visitor identification and cookies
We use cookies and similar technologies on our marketing website to operate the site, understand which pages are being viewed, and identify some U.S.-based business visitors who show interest in Taiga. We may work with service providers that associate website visits and related identifiers with business contact information or professional profiles so that we can better understand demand for Taiga and follow up with prospective customers. This use is limited to our U.S.-focused website visitor identification program and does not include international company-level tracking. You may opt out of this type of advertising and matching by visiting https://app.retention.com/optout.
How we use information
We use information to deliver and operate our services - including submitting claims, pursuing denials and appeals, generating patient statements, producing reporting for your practice, and supporting your team. We also use information to communicate with you about your account, respond to requests, detect and prevent fraud or abuse, meet legal and regulatory obligations, improve and secure the Taiga platform, and measure and route inbound interest from prospective customers. We do not sell personal information, and we do not use PHI for advertising or to train general-purpose AI models outside of delivering services to your practice.
How we share information
We share information only as needed to run the service. This includes vetted subprocessors that help us operate Taiga (cloud hosting, infrastructure monitoring, analytics, error tracking, communications, and similar tools), clearinghouses and payers (commercial insurers, Medicare, Medicaid, TRICARE, and similar programs) in order to submit claims and receive responses, and professional advisors where legally required. Subprocessors handling PHI are bound by written agreements, including a Business Associate Agreement where required by HIPAA. Our current subprocessor list is available in our trust center.
Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, and to opt out of certain uses. If Taiga processes PHI as a Business Associate of your practice, requests from patients regarding their PHI should be directed to the practice as the Covered Entity, and Taiga will support the practice in responding. You can opt out of marketing emails at any time by using the unsubscribe link or emailing us, and you can opt out of our website visitor identification and related advertising matching by visiting https://app.retention.com/optout. To exercise any other rights, contact founders@usetaiga.com.
Data retention
We retain information for as long as we provide services to your practice and for the periods required to meet legal, accounting, tax, and regulatory obligations - including requirements under HIPAA, state medical record laws, and payer audit windows. When information is no longer needed, we delete or de-identify it in accordance with our retention schedule. Customers may request deletion or return of their data on termination, subject to applicable legal holds described in the Business Associate Agreement and Master Services Agreement.
Security
We maintain administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of the information we handle, consistent with the HIPAA Security Rule. Data is encrypted in transit and at rest, access is restricted based on least privilege and multi-factor authentication, and we continuously monitor our infrastructure for threats. Additional detail about our security program, audits, and policies is available at our trust center.
International transfers
Taiga operates primarily from the United States, and information we collect is stored and processed in the United States. If we transfer personal information from other jurisdictions, we rely on appropriate legal mechanisms and safeguards for those transfers.
Children's privacy
Our services are intended for use by healthcare practices and their staff, not for direct use by children. We do not knowingly collect personal information directly from children. PHI relating to pediatric patients is processed on behalf of practices under their direction and the applicable Business Associate Agreement.
Changes to this policy
We may update this policy from time to time to reflect changes in our services, technology, or legal obligations. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice to customers.
Contact us
Questions about this policy, your information, or a Business Associate Agreement? Email founders@usetaiga.com.