Privacy Policy

Mast Labs LLC · mastOS.ai · Last updated: May 2026

Mast Labs LLC ("Mast Labs," "we," "us," or "our") operates the mastOS platform and related services. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our platform, receive SMS communications, or interact with our services.

By using our services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following categories of information:

  • Contact information: Name, phone number, email address
  • Communication data: SMS messages, call logs, chat interactions
  • Usage data: Platform interactions, session data, device information
  • Identity tokens: Platform-assigned identifiers used to route communications without accessing protected health information (PHI)
  • Client-provided data: Data submitted by organizations ("Clients") deploying the mastOS platform on behalf of their end users

2. Protected Health Information (PHI)

mastOS is designed to operate in HIPAA-regulated environments. Where our platform processes PHI on behalf of a Client, we act as a Business Associate as defined under the Health Insurance Portability and Accountability Act (HIPAA). PHI is:

  • De-identified at ingress before entering the operational layer
  • Never accessed by automated agents in its raw clinical form
  • Processed only under valid Business Associate Agreements (BAAs)
  • Subject to access controls, encryption at rest and in transit, and session timeout policies

If you are a patient whose data is processed through a Client's deployment of mastOS, please refer to that Client's privacy policy for details specific to their program.

3. SMS Communications

mastOS sends SMS messages on behalf of Clients who have deployed the platform. If you receive SMS communications through a mastOS-powered program:

  • You have opted in to receive messages through the Client's enrollment process
  • Message frequency varies by program
  • Message and data rates may apply
  • You may opt out at any time by replying STOP to any message
  • Reply HELP for assistance
  • Opt-out requests are processed immediately and you will receive a confirmation message

We do not sell or share your phone number with third parties for marketing purposes.

4. How We Use Information

We use collected information to:

  • Deliver and operate the mastOS platform
  • Route communications between patients, providers, and care teams
  • Monitor platform performance, error rates, and resolution rates
  • Improve platform reliability, accuracy, and safety
  • Comply with legal and regulatory obligations
  • Respond to support requests

5. Information Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

  • With Clients: Data is shared with the organization that deployed the mastOS program you enrolled in
  • With service providers: We use Microsoft Azure for cloud infrastructure and Azure Communication Services (ACS) for SMS and voice delivery. These providers process data under data processing agreements.
  • As required by law: We may disclose information to comply with legal obligations, court orders, or regulatory requirements
  • In emergency situations: Where disclosure is necessary to protect the health or safety of an individual

6. Data Retention

We retain data for as long as necessary to provide services and comply with legal obligations. Communication logs are retained according to the terms of our agreement with each Client. PHI retention policies are governed by applicable BAAs and regulatory requirements.

7. Data Security

We implement industry-standard security measures including:

  • Encryption at rest and in transit (TLS 1.2+)
  • Role-based access controls
  • Session timeouts and audit logging
  • Infrastructure hosted on Microsoft Azure with SOC 2-compliant data centers

No method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Opt out of SMS communications at any time by replying STOP
  • Lodge a complaint with a supervisory authority

To exercise these rights, contact us at privacy@themastlabs.com.

9. Children's Privacy

Our services are not directed to individuals under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Clients of material changes. Continued use of our services after changes constitutes acceptance of the updated policy.

11. Contact

Mast Labs LLC
Fort Lauderdale, FL
Email: privacy@themastlabs.com
Web: themastlabs.com