Subscribers & Users
Murphi.ai
Owned and Operated by Deskfactors Inc.
A Delaware C Corporation
Version 2.0
Effective Date: April 17, 2026
Last Updated: April 17, 2026
This Privacy Policy (this “Policy”) is issued by Deskfactors Inc., a Delaware C corporation (“Deskfactors,” “Murphi,” “we,” “us,” or “our”), and governs the collection, use, processing, retention, disclosure, and protection of information obtained through the Murphi.ai platform, the MurphiConnect.ai platform, all associated websites, mobile applications, browser extensions, application programming interfaces (“APIs”), robotic process automation (“RPA”) agents, agentic artificial intelligence (“Agentic AI”) components, and all related services (collectively, the “Platform” or the “Services”).
Murphi.ai and MurphiConnect.ai, together with any additional brand extensions created, operated, or managed by Deskfactors Inc. from time to time, are owned exclusively by Deskfactors Inc. Deskfactors Inc. reserves the right, at its sole discretion, to create, modify, rename, rebrand, merge, or discontinue any brand extension, including MurphiConnect.ai, at any time without prior notice or obligation beyond applicable contractual commitments.
By accessing or using the Platform or Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with this Policy, you must not access or use the Platform or Services. This Policy applies to all users, including customers, partners, partner customers, authorized users, website visitors, and patients who interact with the Platform through messaging, payment, or engagement features.
This Policy does not constitute a Business Associate Agreement (“BAA”) under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”). Where a signed BAA exists between Murphi and a customer or partner, the BAA shall control with respect to the handling of Protected Health Information (“PHI”) to the extent of any conflict with this Policy.
For purposes of this Policy: “Agentic AI” means autonomous or semi-autonomous artificial intelligence agents deployed by the Platform. “AI Outputs” means all data, documentation, reports, coding suggestions, scoring suggestions, analyses, and other content generated by the Platform’s AI capabilities. “Customer” means any organization that contracts with Murphi or accesses the Platform through a Partner. “De-Identified Data” means data processed to remove identifying information using one or more methods described in Section 8. “Partner” means any entity that licenses and white-labels the Platform. “Personal Information” means information that identifies, relates to, or could reasonably be linked to an individual or household. “Protected Health Information” or “PHI” has the meaning under HIPAA. “RPA Agent” means an automated agent that interacts with third-party platforms using customer-provided credentials. “User” means any authorized individual accessing the Platform. “Voice Data” means audio recordings captured by the Platform’s ambient AI features.
Murphi operates exclusively as a technology platform, an artificial intelligence processing layer, and a workflow automation tool. Murphi is not, and shall not be construed as: a healthcare provider; a Covered Entity under HIPAA; a healthcare clearinghouse; a payment processor, financial institution, or money transmitter; a legal advisor, law firm, or negotiation agent; a billing provider; or a system of record for any data. Murphi does not independently verify, validate, or adjudicate the accuracy, completeness, or compliance of any data processed through the Platform.
We collect information provided by Customers and Users, including: account registration information; PHI and clinical data submitted for AI processing; Voice Data captured during clinical encounters; documents, images, audio, and video files exchanged through the Murphi Engage messaging module; credentials for third-party systems provided for RPA/Agentic AI use; feedback, corrections, and suggestions; and subscription billing information.
We receive data from integrated third-party systems including EHR systems, RCM platforms, payer portals, clearinghouses, payment gateways, SMS providers, LLM providers, and other healthcare tools. The accuracy and completeness of such data is the responsibility of the third-party system and the Customer; Murphi does not independently verify it.
The Platform generates AI Outputs including clinical documentation, coding suggestions, OASIS scoring suggestions, compliance reports, contract analysis, claim preparation data, appeal documentation, and messaging content. Customer owns all AI Outputs. Ownership does not imply accuracy, completeness, reliability, or fitness for any purpose.
We automatically collect: IP address, browser type, operating system, device identifiers, pages visited, actions taken, referring URLs, dates, times, duration, clickstream data, and geographic location derived from IP address.
We use cookies and similar technologies including: Essential Cookies (required for operation, no consent needed); Functional Cookies (personalization and preferences); Analytics and Performance Cookies (usage analysis, including Google Analytics); and Advertising Cookies (marketing effectiveness). You may control cookies through browser settings. Disabling cookies may affect Platform functionality. We do not respond to Do Not Track signals.
Murphi is not a Covered Entity. Where applicable, Murphi operates as a Business Associate under a separately executed BAA. This Policy does not constitute a BAA. Where a BAA exists, it controls for all PHI matters to the extent of any conflict.
Customer owns both input data and output data, including all AI-generated outputs. Murphi owns the Platform, including all software, models, algorithms, workflows, and underlying technology. No ownership rights in the Platform are transferred. Murphi retains a broad, perpetual, irrevocable, worldwide, royalty-free, fully sublicensable license to use De-Identified Data, aggregated data, feedback, corrections, suggestions, usage data, and performance data to operate, maintain, improve, enhance, and develop its Services and models. PHI-specific model training is governed exclusively by the applicable BAA. Customer’s ownership of AI Outputs does not imply, warrant, or guarantee accuracy, completeness, reliability, or fitness for any purpose.
Murphi may de-identify data using any one or any combination of the following methods at its sole discretion: (a) Expert Determination by a qualified statistical expert; (b) Safe Harbor by removing the eighteen HIPAA-specified identifiers; and/or (c) Murphi’s proprietary technical algorithms and automated de-identification processes including machine learning-based entity recognition, pattern masking, data generalization, and perturbation techniques. Murphi reserves the right to select and combine these methods as appropriate. De-identified data is not PHI under HIPAA and may be used by Murphi without limitation for any lawful purpose, including analytics, research, benchmarking, product development, model training, and commercial purposes.
Murphi processes PHI solely as necessary to provide Services and in accordance with the applicable BAA. Access to PHI is limited to the minimum necessary. The Platform is not a system of record. Data is retained only as long as necessary to provide Services and comply with legal obligations. The Murphi.ai PaaS platform processes data transiently. The MurphiConnect.ai SaaS platform retains output data for limited periods at Murphi’s discretion. Murphi may modify retention periods at any time. Regardless of Murphi’s retention practices, Customers are solely responsible for maintaining their own complete records of all input and output data at all times.
The ambient AI module processes Voice Data for transcription and clinical documentation. Voice Data is processed transiently and not retained as permanent records unless specified in an applicable agreement. Murphi does not create or retain voice signatures, voiceprints, or biometric identifiers. Customers are solely responsible for: (a) informing all participants that the encounter will be recorded; (b) obtaining all required consents under federal and state laws, including state two-party consent and wiretapping statutes; and (c) complying with all applicable recording laws. Murphi does not verify that consent has been obtained.
We use information to: provide, operate, maintain, and improve the Platform; generate AI Outputs; authenticate Users; communicate regarding accounts and support; analyze usage patterns; detect fraud and security issues; comply with legal obligations; and enforce our Terms. We may use De-Identified Data, aggregated data, feedback, corrections, suggestions, and usage data to improve Services and models. PHI-specific model training is governed by the applicable BAA.
We may disclose information to: subprocessors and service providers (cloud infrastructure, analytics, SMS providers, payment processors, LLM providers, RPA tooling, open-source component providers) who are contractually bound to maintain confidentiality; integrated third-party platforms (EHRs, clearinghouses, payer portals, payment gateways) as necessary for Services; for legal and regulatory compliance when required by law; and in connection with business transfers (merger, acquisition, reorganization). We maintain a subprocessor list and provide notice of material changes. Murphi is not responsible for the privacy practices or data handling of any third-party platform or service.
Murphi sends messages on behalf of Customers as a technology platform and is not the sender of record. Customers are solely responsible for: TCPA and FCC consent management; opt-out processing; ensuring message content compliance (no billing, collection, or marketing in healthcare-exempt messages without separate consent); and maintaining current patient status records. Murphi Engage supports 1:1 messaging, group messaging, file exchange, and voice/video calls across state lines. Murphi relies on customer-maintained records and is not responsible for communications sent to patients whose status has changed, including deceased or incapacitated patients, where Customer has not updated records.
Murphi does not directly store, process, or transmit payment card data. Payment processing is handled by PCI-DSS-compliant third-party processors. Murphi is not a financial institution, money transmitter, or payment processor. Murphi is not responsible for any failure, error, or malfunction of any third-party payment gateway.
Murphi implements commercially reasonable administrative, technical, and physical safeguards to protect information. Users are responsible for maintaining the confidentiality of their credentials and for all activity under their accounts. No method of transmission or storage is completely secure; Murphi cannot guarantee absolute security.
In the event of a security incident involving unauthorized access to PHI or Personal Information, Murphi shall notify affected Customers without unreasonable delay and as required by applicable law, including the HITECH Act and applicable state breach notification statutes. Specific terms shall be as set forth in the applicable BAA or Platform Licensing Agreement.
Residents of certain U.S. states may have additional rights under applicable state privacy laws, including the CCPA/CPRA. To the extent such laws apply to non-PHI Personal Information, available rights may include: access, deletion, correction, opt-out of sale/sharing, and non-discrimination. Murphi does not sell Personal Information. PHI subject to HIPAA is governed by HIPAA and the applicable BAA.
Customers are responsible for exporting data prior to termination of their agreement. Murphi supports export in standard machine-readable formats per applicable agreement. Deletion follows applicable retention periods and contractual terms.
The Platform is not directed at individuals under 13 (or 16 where applicable). Murphi does not knowingly collect children’s data.
The Platform is designed for U.S. use. Users accessing from outside the U.S. consent to data transfer and processing in the U.S.
Murphi reserves the right to modify this Policy at any time. Changes will be posted with an updated effective date. Continued use constitutes acceptance.
Murphi reserves the right, at its sole discretion, to modify, update, or replace these AI Terms, Terms of Use, and Privacy Policy from time to time. Any material changes will be effective upon posting or as otherwise specified. Murphi may, but is not obligated to, provide notice of such changes. Customer’s continued access to or use of the platform following the effective date of any updates constitutes acceptance of the revised terms. If Customer does not agree to the revised terms, Customer must cease use of the platform.
Notwithstanding any updates, modifications, or replacements to these Terms from time to time, any provisions, rights, obligations, or conditions set forth in prior versions of the Terms that are not expressly modified, superseded, or addressed in the most current version shall continue in full force and effect and are hereby incorporated by reference into the then-current Terms.
In the event of any inconsistency, conflict, or ambiguity between the then-current version of the Terms and any prior version, such inconsistency shall be interpreted in a manner that most effectively preserves the intent, enforceability, and protection of Murphi.ai’s rights, interests, and remedies, and such interpretation shall prevail.
For questions regarding this policy, contact:
Deskfactors Inc.
Email: info@deskfactors.com