Privacy
Privacy Policy
Last updated: May 2026
Who we are
Diri is a coordination platform that connects hand surgeons, OR coordinators, and medical-device representatives for scheduled surgical cases. This Privacy Policy explains what information we collect, how we use it, and the choices you have.
Information we collect
- Account information you provide: name, email, professional role (surgeon, OR coordinator, device rep, admin), institution, and specialty.
- Mobile phone number, when you choose to enable SMS coordination notifications.
- Operational data you generate inside the platform: scheduled cases (with synthetic, de-identified case labels — we do not collect Protected Health Information), device requests, rep assignments, and message history.
- System telemetry: timestamped audit-log entries for every request, message, and status change, used for compliance and quality assurance.
Mobile numbers and SMS
Mobile numbers are collected only when you opt in to SMS notifications through the in-app settings page or by replying START to a Diri message. Mobile numbers are used solely to deliver operational case-coordination messages: new device requests, rep confirmations, tray status updates, and physician questions routed to device representatives.
We do not share, sell, rent, or otherwise disclose your mobile number or any SMS opt-in data to third parties or affiliates for marketing or promotional purposes. Mobile information is shared only with our SMS infrastructure provider (Twilio) strictly to deliver messages you have requested, and never resold or transferred for marketing.
Message frequency varies based on case activity on your account — typically zero to several messages per active case day, and no messages on days without scheduled cases or rep activity. Message and data rates may apply depending on your mobile carrier and plan.
You can opt out at any time by replying STOP to any Diri message. Reply HELP for help, or contact support@diri.health.
How we use information
- To operate the platform: route device requests to the correct rep, deliver case-coordination SMS, render the case schedule.
- To answer product questions sent via SMS or in-app chat, using an AI assistant that cites manufacturer technique guides, IFUs, and public FDA 510(k) summaries. AI-generated answers carry a disclaimer and are not a substitute for clinical judgment.
- To maintain an audit trail of every request, rep response, and AI interaction for compliance, quality assurance, and future Sunshine Act / AdvaMed reporting needs.
- To respond to support requests.
Information we do not collect
Diri does not collect Protected Health Information (PHI). Cases carry synthetic identifiers (for example, “Case #1247”) and do not include patient names, dates of birth, medical record numbers, or other PHI as defined under HIPAA. Pre- pilot deployments enforce this through both system controls and contractual terms.
How we share information
- With infrastructure providers under written data-protection agreements: Supabase (database, authentication), Anthropic (AI inference for cited product Q&A), Twilio (SMS delivery), and Vercel (web hosting). These providers process information only on our instructions and only as needed to operate the service.
- With other authenticated users on the platform as required by the workflow — for example, a surgeon's rep request is visible to the routed rep's company.
- When required by law, valid legal process, or to protect rights, safety, or property.
We do not share information with advertisers, data brokers, or marketing affiliates.
Security
Information is stored in databases protected by Row-Level Security (every row is gated by the requesting user's role and ownership) and transmitted over TLS. Access by Diri staff is limited and logged. No system is perfectly secure; report any suspected vulnerability to support@diri.health.
Your choices
- SMS: opt in or opt out at any time from the in- app settings page, or by replying STOP / START to any Diri message.
- Account deletion: request account deletion by emailing support@diri.health. We will delete account data, preserving only what is required for our audit and legal obligations.
Contact
Questions about this policy or your data: support@diri.health.