Privacy Policy

We collect information that you provide directly to us, including when you create an account, use our services, or contact our support team. This may include your name, email address, professional credentials, and payment information.

When you use MyMediScribe, we collect clinical data and audio recordings that you input into the system. This data is encrypted and stored securely in HIPAA-compliant data centers.

We also automatically collect certain information about your device and how you interact with our services, including IP address, browser type, and usage patterns.

We use the information we collect to provide, maintain, and improve our services, including processing clinical documentation and generating AI-powered notes.

Your information helps us personalize your experience, provide customer support, and communicate with you about updates, security alerts, and other service-related matters.

We may use aggregated, de-identified data for research and analytics purposes to improve our AI models and services.

We implement industry-standard security measures to protect your data, including end-to-end encryption, secure data centers, and regular security audits.

All clinical data is encrypted both in transit and at rest using AES-256 encryption. Access to patient data is strictly controlled and logged.

We maintain comprehensive security policies and procedures, including employee training, access controls, and incident response protocols.

Our infrastructure is SOC 2 Type II certified and undergoes regular third-party security assessments.

MyMediScribe is fully HIPAA compliant. We act as a Business Associate and sign Business Associate Agreements (BAAs) with all covered entities.

We implement all required HIPAA safeguards, including administrative, physical, and technical safeguards to protect Protected Health Information (PHI).

Our team members undergo HIPAA training and are bound by strict confidentiality agreements. Access to PHI is limited to only those who need it to perform their job functions.

We do not sell, rent, or share your personal information or clinical data with third parties for their marketing purposes.

We may share information with service providers who assist us in operating our platform, such as cloud hosting providers and payment processors. These providers are bound by strict confidentiality agreements and HIPAA requirements.

We may disclose information when required by law, such as in response to a subpoena or court order, or to protect our rights and safety or that of others.

You have the right to access, correct, or delete your personal information at any time through your account settings or by contacting us.

You can export your clinical data in standard formats and request deletion of your account and associated data.

You may opt out of certain communications, though we may still need to send you service-related messages.

For California residents, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what information we collect and how it's used.

We retain your information for as long as your account is active or as needed to provide you services.

Clinical data is retained according to applicable legal and regulatory requirements, which may vary by jurisdiction and specialty.

You can configure retention policies within your account settings. Upon account deletion, we will delete or anonymize your data within 30 days, except where we are legally required to retain it.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

We will notify you of any material changes by email and by posting a notice on our website. Your continued use of our services after such changes constitutes acceptance of the updated policy.