Privacy Policy

⚠ Placeholder draft. This text is a working draft only. The binding version will be reviewed by legal counsel before product launch.

Data We Collect

• Account data: your name, email, specialty, country, and clinic information.
• Patient data: information you enter under your account (PHI).
• Usage data: AI conversations, voice notes, uploaded files, usage statistics.
• Audit data: an audit log of every clinical AI action.

How We Use Data

• To provide and improve the Service.
• To generate clinical AI responses (forwarded to Anthropic / OpenRouter / OpenAI Whisper).
• For regulatory audit and compliance.
• For billing and usage metering.

Third-Party Processors

• Anthropic Claude — clinical text and vision AI
• OpenAI Whisper — voice transcription
• OpenRouter — uncensored clinical fallback model
• Stripe — billing (Phase 2+)
• Vercel / Railway — application hosting

In production, we will execute BAAs (for HIPAA) or Data Processing Agreements (for GDPR/KVKK) with these providers.

Your Rights

• Right of access: Download a JSON copy of all your data.
• Right of rectification: Correct inaccurate data via Settings or patient records.
• Right of erasure: Permanently delete your account and all associated data.
• Right of portability: The data export is structured JSON, suitable for migration.

Data Retention

Data is retained as long as your account is active. When you delete your account, all patient data, notes, AI conversations, and audit logs are permanently deleted.

Data Residency

Data is currently stored on US cloud providers. Local data residency for Turkey and EU will be added in Phase 5 (institutional version).

Contact

anthonybasaran@gmail.com

Last updated: 2026-06-03