Privacy Policy

1. Data We Collect's

1.1 Patient Data (PHI)

  • Minimal Handling: The App processes patient data only for the purpose of immediate transcription. We do not store patient information beyond the short window needed for processing (e.g., 48 hours).
  • Once transcription is complete, the data is deleted from our systems, and the final notes are sent to the designated email or stored locally on your device as you direct.

1.2 User Data

  • Account Details: Name, email address, professional credentials, payment information (if applicable), and other information necessary to create and maintain an account.
  • Usage Data: Access logs, IP addresses, device information, and other metadata for auditing, security, and service improvement purposes.

2. Legal Bases for Processing

We rely on the following legal bases to process personal data:

  • Consent: Where required, Users must obtain explicit patient consent for the limited processing of PHI.
  • Legitimate Interests: We process personal data to provide, secure, and improve the transcription services.
  • Legal Obligations: Compliance with regulatory requirements, including data retention laws and professional guidelines.

3. How We Use the Data

We use the collected data to:

  1. Provide Services
    • Transcribe and summarize patient encounters, delivering these transcripts to the User’s designated secure email or system.
    • Immediately delete or anonymize the data after sending or within 48 hours.
  2. Improve the App
    • Enhance AI models, refine natural language processing, and perform quality assurance.
    • Conduct analytics to understand usage patterns and optimize performance (using anonymized or aggregated data).
  3. Maintain Security and Compliance
    • Implement security measures to protect against unauthorized access, data breaches, and threats.
    • Fulfill audit obligations, respond to regulatory inquiries, and comply with lawful requests.
  4. Communicate with Users
    • Notify you of changes to the App, policy updates, or security alerts.

4. Data Sharing

We share data only under the following circumstances:

  • User-Designated Recipients: Transcribed data is sent to the email addresses or systems designated by the User.
  • Service Providers: We engage reputable third parties for hosting, security, or other support services under strict data protection agreements.
  • Legal Authorities: If required by law, court order, or to protect the rights, property, or safety of our organization, Users, or the public.

5. Individual (Patient) Rights

Depending on the jurisdiction, individuals (patients) may have the right to:

  • Access: Request a copy of their personal data.
  • Correction: Request correction of inaccuracies in their personal data.
  • Deletion: Request deletion of their personal data when legally permissible (subject to professional record-keeping obligations).
  • Restriction: Restrict the processing of their personal data.
  • Data Portability: Obtain a copy of their personal data in a structured, machine-readable format.

Important: Patients should exercise these rights through the healthcare provider (User) who serves as the Data Controller for their personal data. We will assist Users in fulfilling these requests as required by law.

6. Data Retention

  • Transcribed Data: Retained only temporarily (up to 48 hours) to facilitate processing and secure transmission, after which it is deleted or anonymized unless otherwise required by law or instructed by the User.
  • User Account Data: Maintained as long as the account remains active, and thereafter for as long as necessary to comply with legal, regulatory, or contractual obligations, or for legitimate business purposes.

7. Cross-Border Data Transfers

As outlined in the Terms, personal data may be transferred to jurisdictions that do not have the same data protection laws as your home country. We ensure that appropriate safeguards (such as SCCs) or other lawful mechanisms are in place to protect personal data during such transfers, to the extent that data is briefly handled by our systems.

8. Security Measures

We employ reasonable administrative, technical, and physical safeguards to secure data while it is in our limited possession, including:

  • Encryption (in transit and at rest),
  • Secure authentication and access controls,
  • Regular security assessments, audits, and compliance checks,
  • Staff training and awareness programs.

9. Children’s Privacy

The App is not intended for the collection of data related to minors, except as part of legitimate patient encounters under the supervision of a licensed healthcare professional. Users are solely responsible for obtaining necessary consents and ensuring compliance with laws governing minors’ data.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or to comply with legal requirements. We will provide notice of significant changes through the App, our website, or via email.

11. Contact Information

For any questions, concerns, or requests related to this Agreement, including both the Terms and Conditions and Privacy Policy, please contact us at:

  • Email: hello@clinixsummary.ai
  • Mailing Address:
    Gacrux Advanced Technologies in Medicine Ltd (Gatmedi)
    71-75 Shelton Street, London, WC2H 9JQ, United Kingdom

Acknowledgment

By using ClinixSummary, you acknowledge that you have read, understood, and agree to be bound by this combined Terms & Conditions and Privacy Policy. Your continued use of the App constitutes your acceptance of any future updates or modifications to this Agreement.

ClinixSummary Cookie Consent