Privacy Policy for ChairScribe

1. Introduction

ChairScribe ("we", "our", "us") provides a web platform and mobile application ("ChairScribe Mobile") that enable dental professionals to record patient appointments and generate AI-powered clinical notes and transcriptions.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information and the personal information of your patients when you use ChairScribe. We are committed to protecting the privacy and security of all data processed through our platform.

By using ChairScribe, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information
- Email address
- Name (if provided)
- Payment information
- Authentication credentials (securely managed via our authentication provider)

2.2 Audio Recordings
When you use the recording feature, we collect:
- Audio recordings of dental appointments captured via your device's microphone
- Recording metadata (start time, duration, associated appointment)
Audio recording is initiated only by you. We do not record audio in the background or without your explicit action.

2.3 Transcription and Clinical Notes
From your audio recordings, we generate:
- Text transcriptions of recorded appointments
- AI-generated clinical notes and summaries based on your templates

2.4 Appointment and Practice Data
- Patient identifiers (as entered by you)
- Appointment details, titles, and dates
- Clinical notes, flags, annotations, and saved templates
- Example notes provided by you

2.5 Device and Technical Information
We automatically collect:
- Device type, model, and operating system version
- App version
- Unique device identifiers (for push notifications)
- Crash reports and performance data

2.6 Usage Analytics
We collect anonymised usage data to improve ChairScribe, including:
- Feature usage patterns
- Session duration and frequency
- Navigation patterns

We also use cookies and similar technologies on our website to enhance your experience.

3. How We Use Your Information

We use the information we collect to:
- Provide the recording, transcription, and clinical note generation service
- Process your text and audio inputs through AI models to generate dental insights
- Authenticate your account and maintain your session
- Send push notifications about appointment processing status
- Process payments and manage subscriptions
- Improve ChairScribe and fix issues
- Communicate with you about the service
- Comply with legal obligations

4. Audio Recording and AI Processing

4.1 Recording
Audio recording begins only when you explicitly start a recording. A visible indicator is displayed at all times while recording is active. Audio is captured and transmitted to our servers over an encrypted connection (TLS/HTTPS).

4.2 AI Transcription and Note Generation
Audio is processed by our transcription service to generate text. Transcriptions are used to generate AI-powered clinical notes based on templates you or your practice have configured.

We do not use your audio recordings, transcriptions, or clinical notes to train AI models. Your data is used solely to provide the service to you.

4.3 AI Service Providers
Audio transcription is performed by third-party AI services, including Google Gemini and Deepgram. Clinical note generation is performed using OpenAI and Anthropic Claude. These providers process data solely to provide transcription and note generation results to us. They do not store your data after processing or use it to train their AI models, in accordance with their respective API data usage policies:
- OpenAI: https://openai.com/policies/row-privacy-policy
- Anthropic: https://www.anthropic.com/legal/commercial-terms
- Google Gemini: https://ai.google.dev/gemini-api/terms
- Deepgram: https://deepgram.com/privacy

4.4 Audio Retention
Audio recordings are stored only on your device for up to 30 days to allow for re-processing if needed, after which they are automatically deleted. Our servers do not store your audio recordings — audio is processed for transcription and discarded. You may delete your local recordings at any time. Transcriptions and clinical notes are retained as part of your appointment records until you delete them or your account.

4.5 Mobile App On-Device Processing
The ChairScribe Mobile app uses on-device speech recognition (Apple Speech framework on iOS) to generate a preliminary transcript locally on your device. This on-device transcript is sent to our backend along with the uploaded audio for final processing. On-device speech recognition data is processed by Apple in accordance with Apple's privacy policies.

4.6 Patient Data in Recordings
Audio recordings of dental appointments may contain patient health information, including names, medical conditions, treatment plans, and clinical observations.

It is your responsibility as the dental professional to obtain appropriate consent from your patients before recording. We process patient data solely as a service provider acting on your behalf.

5. Data Sharing and Third Parties

5.1 Service Providers
We share your data with service providers who process data on our behalf:
- Authentication and database hosting provider (Supabase)
- Product analytics provider (PostHog) — anonymised usage data only
- Cloud hosting infrastructure — all data encrypted at rest
- AI transcription services (Google Gemini, Deepgram)
- AI clinical note generation services (OpenAI, Anthropic Claude)

Each provider is bound by data processing agreements and is required to protect your data in accordance with applicable law.

5.2 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information or patient data to any third party for advertising, marketing, or any other purpose.

5.3 Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request.

6. Data Storage and Security

Your data is stored on secure servers with industry-standard security measures including:
- Encryption in transit (TLS/HTTPS) and at rest
- Secure authentication with token-based session management
- Secure local storage of authentication tokens on your device
- Access controls limiting data access to authorized personnel only

As a dental professional, you are responsible for maintaining the security of your device and account credentials, obtaining patient consent before recording, and complying with your jurisdiction's health privacy regulations.

7. Data Retention

- Account information: retained until you delete your account
- Audio recordings: stored only on your device for up to 30 days, then automatically deleted; not stored on our servers
- Transcriptions and clinical notes: retained until you delete them or your account
- Usage analytics: aggregated and anonymised; retained for up to 24 months
- Payment information: retained as required for billing and legal compliance

Upon account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

8. Your Rights

8.1 All Users
- Access: request a copy of your personal data
- Correction: request correction of inaccurate data
- Deletion: request deletion of your personal data
- Complaint: lodge a complaint with a relevant authority

8.2 Australian Users (Privacy Act 1988)
Under the Australian Privacy Principles (APPs), you have the right to access your personal information (APP 12), request correction (APP 13), and lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

8.3 European Users (GDPR)
If you are in the EEA, you have additional rights including data portability, restriction of processing, objection, and withdrawal of consent. We process your data based on consent (audio recording), contract performance (providing the service), and legitimate interest (analytics).

To exercise any of these rights, contact us at the details provided below.

9. Health Information

ChairScribe processes health information as defined under the Australian Privacy Act 1988 and equivalent legislation in other jurisdictions. This includes audio recordings of clinical appointments, transcriptions, and AI-generated clinical notes.

We collect and process health information solely for the purpose of providing the transcription and clinical note service. We treat all health information with the highest level of protection and do not use it for marketing, advertising, or any unrelated purpose.

10. International Data Transfers

Your data may be transferred to and processed in countries other than Australia. Where data is transferred internationally, we ensure appropriate safeguards are in place, including data processing agreements with all service providers.

11. Children's Privacy

ChairScribe is designed for use by dental professionals. The service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and notify you via email or an in-app notification.

13. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:
Email: support@chairscribe.com
Website: https://chairscribe.com

Complaints:
Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
European Union: Your local data protection supervisory authority

This privacy policy should be reviewed by a qualified legal professional, particularly regarding health information handling across multiple jurisdictions.