Privacy Policy

1. Introduction and Operator

MedScribe AI ("we," "us," or "our") is a clinical documentation copilot owned and operated by Borinquen Health Tech LLC(EIN 66-1131960), a Puerto Rico limited liability company (Entity #579558, formed April 28, 2026), with its Operating Agreement and Intellectual Property Assignment Agreement executed and notarized on May 1, 2026. The Company's sole authorized signer is Hiram Rodríguez Torres, MD, a board-certified hospitalist/nocturnist based in Puerto Rico. This Privacy Policy describes how we collect, use, share, and protect your personal information and Protected Health Information (PHI) when you use our web application at medscribepr.com (the "Service").

MedScribe AI is designed with HIPAA-conscious principles. We implement administrative, technical, and physical safeguards to protect PHI and PII, and we have executed Business Associate Agreements with our key subprocessors handling PHI on our behalf (see Section 4).

In plain language: we collect your clinical notes, account information, and usage data. We use this only to provide the Service and improve it. We never sell your data. We process clinical information solely to generate your requested notes — your inputs are not used to train AI models. We share data only with vendors contractually bound to protect it (OpenAI, DigitalOcean, Stripe).

2. Information We Collect

2.1 Account Information

Full name, email address, username, medical specialty, and a hashed version of your password (Argon2id). We never store plaintext passwords. Optional fields include phone number and organization/hospital affiliation.

2.2 Clinical Input Data

When you use the Service to generate clinical notes, you may provide patient encounter information including dictation text, audio recordings, patient age and sex, chief complaint, and assessment/plan context. This data may contain Protected Health Information (PHI) as defined by HIPAA (45 CFR §160.103).

2.3 Generated Notes and Exports

Structured clinical notes (SOAP), all draft versions, note type, specialty, language, and creation/modification timestamps. Export records (plain text, PDF, MEDITECH-compatible ASCII, JSON) are also tracked.

2.4 Usage and Technical Data

Activity logs (timestamp, action, resource, IP address, user agent, session duration), performance/analytics data (notes per day, average generation time, token consumption — none of which contain PHI), and server-side error logs. We do not include PHI, patient names, or clinical details in analytics or logs.

2.5 Billing Information

Payment processing is handled entirely by Stripe (PCI DSS Level 1 certified). We store your Stripe customer ID, subscription tier (free, pro, unlimited), billing email, current period dates, and payment status, but never credit card numbers or bank account details.

2.6 Communications & Automatic Data

When you email us, we retain your message content and address for support. We use essential session cookies (JWT authentication) and preference cookies (theme, language) only. No third-party analytics cookies, tracking pixels, or fingerprinting technology.

3. How We Use Your Information

We use your information to provide and operate the Service (note generation, storage, export, authentication), enforce usage quotas based on your subscription tier, maintain audit trails as required for HIPAA-conscious operations, process billing through Stripe, and improve the Service using aggregated, de-identified data only.

We do not use your clinical data to train AI models. Your clinical input is sent to OpenAI's API solely to generate your requested note, subject to OpenAI's data usage policy for API customers which excludes API inputs from model training.

We do not sell or rent your data, share it with advertisers, combine it with external health records without your action, or use it for insurance underwriting, credit decisions, or employment screening.

4. Subprocessors

We share your information only with the following vendors as necessary to provide the Service:

OpenAI — Clinical note generation (GPT-4o) and audio transcription (Whisper) via OpenAI's ZDR-provisioned HIPAA API endpoints. Your clinical text is processed under OpenAI's API policy, which excludes API inputs from model training. A Business Associate and Healthcare Addendum was executed April 28, 2026 (Org ID org-M86IuphTH8KdaGLLG1DGKPbo, Zero Data Retention active). A Customer-Name correction is in flight to align the BAA with our legal entity (Borinquen Health Tech LLC). Before data leaves our servers it flows through our pre-redaction pipeline, which removes patient names, dates of birth, and medical record numbers so the model only sees clinically relevant context. U.S.-based. See openai.com/privacy.

DigitalOcean — Cloud hosting and infrastructure. All PostgreSQL database records, Redis cache, backups, and application configuration are stored with DigitalOcean (SOC 2 Type II certified). Data is encrypted in transit (TLS) and at rest. Automatic backups are encrypted and retained per our backup policy. A Business Associate Agreement was executed April 29, 2026 (DocuSign envelope SOPS-4172). U.S.-based (New York, San Francisco data centers). See digitalocean.com/legal/privacy-policy.

Stripe — Payment processing (PCI DSS Level 1 certified). Stripe handles all payment card data directly; MedScribe AI never sees full card numbers. Stripe does not require a BAA because it handles payment data, not PHI. U.S.-based. See stripe.com/privacy.

Transactional email — In transition. We are executing a BAA with a HIPAA-compliant transactional-email vendor (Paubox, AWS SES, or equivalent) to handle account-related notifications (welcome, password reset, security alerts). Until that BAA is in place, transactional emails do not contain PHI; account-creation emails reference only your username and account activation link.

All subprocessors are contractually required to implement safeguards equivalent to ours, use data only for the specified purpose, not redisclose data, notify us of any suspected breach, and return or destroy data upon contract termination.

5. Data Security

We implement the following safeguards: passwords hashed using Argon2id (OWASP-recommended KDF); authentication via JSON Web Tokens with expiration plus Redis-backed revocation; all connections encrypted via TLS 1.2+ with HSTS; Fernet symmetric encryption for Redis-cached authentication tokens; every PHI-touching action emits an audit event; PHI is stripped from all application logs by a dedicated redaction layer; CORS is restricted to authorized origins; rate limiting is enforced on authentication and API endpoints; and failed login attempts lock the account for 15 minutes after 5 failures. We also enforce session-level PostgreSQL statement timeouts and use parameterized queries throughout.

6. Data Retention and Deletion

Active notes are retained as long as your account is active. Soft-deleted notes are retained indefinitely for audit and account-recovery purposes. Audit events are retained indefinitely as required by HIPAA (45 CFR §164.312(b)). Billing records are retained for 7 years per tax regulation. Temporary files (audio transcripts, cached exports) are purged within 24 hours. Backups are retained for 90 days. Application logs are retained for 30 days.

You may soft-delete individual notes directly from the UI. To request full account deletion, email privacy@medscribepr.com with "Account Deletion Request." Deletion requests are processed within 7 business days; audit logs and billing records are retained as noted above.

7. Your Privacy Rights

You have the right to access all clinical notes and data associated with your account, export your notes in multiple formats (plain text, PDF, MEDITECH, JSON), request correction of your account information, request deletion of your account and associated data, restrict processing for non-essential purposes, object to specific uses, and withdraw consent for consent-based processing.

HIPAA rights (45 CFR §§164.522-528): access, amendment, accounting of disclosures, restriction requests, and confidential communication. We will respond within 30 days (extendable to 60 days for complex requests).

California residents (CCPA): right to know, right to delete, right to opt out of sale/sharing (we do not sell or share for commercial purposes), and right to non-discrimination.

EU residents (GDPR): access, rectification, erasure (subject to HIPAA audit retention), restriction, portability, objection, and review of automated decisions. Our lawful bases include consent, contractual necessity, legal obligation, and legitimate interests.

To exercise any of these rights, email privacy@medscribepr.com.

8. HIPAA Disclosures

This Privacy Policy serves as MedScribe AI's Notice of Privacy Practices as required by 45 CFR §164.520. MedScribe AI acts as a Business Associate under HIPAA when handling PHI on behalf of healthcare organizations or covered entities. Healthcare organizations using MedScribe AI should contact legal@medscribepr.com to execute a Business Associate Agreement.

BAA status with subprocessors: OpenAI — EXECUTEDApril 28, 2026 (Org org-M86IuphTH8KdaGLLG1DGKPbo, Zero Data Retention active; Customer-Name alignment in flight). DigitalOcean — EXECUTED April 29, 2026 (envelope SOPS-4172). Transactional email — in transition (replacing Resend with a HIPAA-compliant vendor; see Section 4). Stripe — not applicable (payment processor, not PHI handler).

We implement the HIPAA Minimum Necessary standard: only clinically relevant context is retained, PHI is pre-redacted before being sent to third-party APIs, and access control plus audit logging ensure only authorized personnel with a need-to-know can access PHI.

Breach notification: if unsecured PHI is accessed or disclosed without authorization, we will notify affected individuals without unreasonable delay and in any event within 60 days of discovery (45 CFR §164.404). Our subprocessor BAAs commit OpenAI and DigitalOcean to notifying us promptly upon discovery of any breach involving PHI we entrusted to them (DigitalOcean: within 15 calendar days; OpenAI: promptly upon discovery). Breaches affecting more than 500 residents of a state will also be reported to the HHS Secretary and prominent media in that state (45 CFR §164.406). Report suspected security incidents to security@medscribepr.com.

9. International Data Transfers

MedScribe AI is operated from Puerto Rico with infrastructure primarily in the United States. If you are located outside the United States, your data may be transferred to and processed in the United States by us and our subprocessors. We rely on standard contractual clauses (SCCs) with subprocessors to authorize international transfers and protect all transfers with TLS 1.2+ encryption. EU residents may object to these transfers by contacting privacy@medscribepr.com.

10. Children's Privacy

MedScribe AI is intended for licensed healthcare professionals and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child under 13, we will delete it immediately. If you believe we have collected information from a child, contact privacy@medscribepr.com.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in the Service, new subprocessors, legal requirements, or improved privacy practices. Material changes are communicated via email to your registered address and by in-app notification, along with an updated "Last Updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

Privacy Officer / Data Subject Rights: privacy@medscribepr.com

HIPAA / BAA inquiries: legal@medscribepr.com

Security incidents: security@medscribepr.com

MedScribe AI is operated by Dr. Hiram Rodríguez, based in Puerto Rico. We respond to privacy inquiries within 30 days (extendable to 60 days for complex requests).