Bscribe AIBack to Home

Privacy Policy

Last updated: October 7, 2025

Introduction

Welcome to Bscribe AI ("we," "our," or "us"). We are committed to protecting your privacy and the confidentiality of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered medical documentation platform.

This policy applies to all users of Bscribe AI, including healthcare providers, medical professionals, and their organizations. By using our services, you agree to the collection and use of information in accordance with this policy.

HIPAA Compliance

Bscribe AI is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. We function as a Business Associate under HIPAA and enter into Business Associate Agreements (BAAs) with our Covered Entity customers.

We implement appropriate administrative, physical, and technical safeguards to protect Protected Health Information (PHI) in accordance with HIPAA requirements.

Information We Collect

1. Account Information

  • Name, email address, and contact information
  • Professional credentials and license information
  • Organization and practice details
  • Billing and payment information

2. Clinical Data

  • Audio recordings of patient-provider conversations (when applicable)
  • Clinical notes and documentation
  • Medical transcriptions and AI-generated content
  • Integration data from connected EMR/EHR systems

3. Usage Information

  • Device information (IP address, browser type, operating system)
  • Log data and analytics
  • Feature usage and interaction data
  • Performance and error reports

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our AI-powered medical documentation services
  • Process and generate clinical notes from patient conversations
  • Integrate with your existing EMR/EHR systems
  • Ensure accuracy and reliability through source grounding
  • Provide customer support and respond to your requests
  • Send service updates, security alerts, and administrative messages
  • Detect, prevent, and address technical issues or security threats
  • Comply with legal obligations and enforce our terms
  • Improve our AI models and algorithms (only with de-identified data)

Data Security

We implement industry-standard security measures to protect your data:

  • End-to-end encryption for data in transit (TLS 1.3)
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Multi-factor authentication (MFA) for user accounts
  • Role-based access controls (RBAC)
  • Regular backups with secure storage
  • 24/7 security monitoring and incident response
  • Compliance with SOC 2 Type II standards

Data Retention

We retain your data for as long as necessary to provide our services and comply with legal obligations:

  • Clinical Data: Retained according to your organization's retention policies and applicable legal requirements (typically 7-10 years)
  • Account Information: Retained for the duration of your account plus any required legal retention period
  • Audio Recordings: Automatically deleted after transcription and note generation, unless you choose to retain them
  • Usage Data: Retained for up to 2 years for analytics and service improvement

Data Sharing and Disclosure

We do not sell your personal or clinical data. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share information
  • Service Providers: With trusted third-party vendors who assist in providing our services (all under strict confidentiality agreements and BAAs)
  • EMR/EHR Systems: With integrated healthcare systems as directed by you
  • Legal Requirements: When required by law, court order, or regulatory requirement
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with continued privacy protections)
  • Protection of Rights: To protect the rights, property, or safety of Bscribe AI, our users, or the public

Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Export: Request a copy of your data in a portable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to certain processing activities
  • Opt-out: Opt-out of non-essential communications

To exercise these rights, please contact us at privacy@bscribe.ai

International Data Transfers

Our services are primarily hosted in the United States. If you access our services from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

Children's Privacy

Bscribe AI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and preferences
  • Analyze usage patterns and improve our services
  • Provide security features
  • Deliver relevant content

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our services.

AI and Machine Learning

Our AI-powered transcription and documentation features process clinical conversations to generate medical notes. Important points:

  • All AI processing is performed on secure, HIPAA-compliant infrastructure
  • We use advanced source grounding to ensure accuracy and traceability
  • Clinical data is never used to train third-party AI models
  • AI-generated content is clearly marked and subject to provider review
  • We may use de-identified, aggregated data to improve our AI models

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

  • Sending an email to the address associated with your account
  • Posting a notice on our website
  • Requiring acknowledgment upon your next login

Your continued use of our services after the effective date of the updated policy constitutes your acceptance of the changes.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bscribe AI
Email: privacy@bscribe.ai
Data Protection Officer: dpo@bscribe.ai
Security Issues: security@bscribe.ai

For HIPAA-related concerns or to report a potential breach, please contact us immediately at security@bscribe.ai

State-Specific Privacy Rights

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect and how it's used
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

Virginia, Colorado, and Connecticut Residents

Residents of Virginia, Colorado, and Connecticut have similar rights under their respective state privacy laws. Please contact us to exercise these rights.

This Privacy Policy is effective as of October 7, 2025, and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.