Privacy Policy

Effective date: 11/7/2025

This Privacy Policy describes how we handle information in the OVScribe iOS app and related services. We design OVScribe to minimize data collection, provide transparency and control, and secure information consistent with healthcare privacy expectations.

Data we collect

• Account information: your email and display name from sign in. We also use your Firebase user ID to operate your account.
• Authentication and integrity: Firebase ID tokens and App Check tokens to verify requests from your device.
• Microphone audio: when you start a session we capture audio from the microphone for real time transcription. Audio is streamed to our secure backend to return transcripts.
• User content: transcripts and notes generated by you. These are stored on device by default using encryption and iOS protected storage.
• Optional cloud backup: if you turn it on, we upload an encrypted backup blob to our cloud storage. We never upload unencrypted patient records.
• Audit and security logs: user identifiers (email, Firebase UID) and timestamps for tracking access to PHI as required by HIPAA.
• Diagnostics: basic logs and performance data without transcript content to keep the app reliable and secure.

What we do not collect

• No third party advertising data, and we do not sell data.
• No contact list, photos, or location data.

How processing works

• Real time transcription: the app opens a secure, authenticated WebSocket connection to our streaming service. Audio frames are sent over TLS and authenticated with a short lived token. The service returns interim and final transcripts. We use Google Cloud Speech‑to‑Text and/or Google Cloud Vertex AI covered services under a Google Cloud BAA for medical transcription features.
• Note generation: when you request a summary, the app calls our server to generate a structured medical note from your transcript using Google Cloud Vertex AI covered services. We do not use PHI to train models.

On device storage and security

• Local encryption: We encrypt patient records on device with AES‑256‑GCM. Encryption keys are generated and protected by iOS Secure Enclave and never leave your device. We do not have access to your local encryption keys.
• Protected files: We use iOS Complete File Protection so data is inaccessible while the device is locked. We also mark files to be excluded from iCloud backup.

Cloud backup (optional)

• Client‑side encryption: We upload only an encrypted blob and minimal metadata (upload time, device model, app version, record count). We do not upload plain text transcripts.
• Control: you can create a backup, restore it to your device, or delete it. Deleting the backup removes the encrypted blob and its metadata from our storage.
• Infrastructure: Backups are stored on Google Cloud under a Business Associate Agreement (BAA) for HIPAA‑aligned processing of covered services.

Retention

• On device data remains until you delete it or uninstall the app.
• Cloud backups are retained for 30 days or until you delete them, whichever comes first. We may retain minimal audit logs for 6 years as required by HIPAA.

Your choices

• Use OVScribe without cloud backup.
• Back up, restore, or delete your cloud backup at any time.
• Delete only data on device while keeping your account and cloud backup intact.
• Delete all data, which removes all medical data from both the device and server while keeping your account.
• Delete your account entirely, which removes your account and all associated data including cloud backups.

These options provide maximum data autonomy and control over your information.

Permissions

• Microphone: required to capture audio for transcription. You can disable it in iOS Settings.
• Biometrics (Face ID / Touch ID): required for secure authentication when accessing the app. Biometric data never leaves your device.

App Store privacy categories

We disclose the following on our App Store product page:

• Data linked to you: Contact Info (email, display name), Identifiers (user ID), User Content (audio/transcripts you submit for processing), Diagnostics (stability/usage). Used for app functionality, account management, and security.
• Not used for tracking: We do not track you across apps or websites and we do not serve third party ads.

AI and model usage

• We use Google Cloud Speech‑to‑Text and Google Cloud Vertex AI covered services under a Google Cloud BAA where applicable.
• We do not use PHI to train foundation models. Processing is limited to providing the requested transcription or summary.

Your rights under HIPAA

If you are a healthcare provider using OVScribe for patient care, you have the following rights regarding Protected Health Information (PHI):

• Right to Access: You may request access to PHI processed through the service.
• Right to Amendment: You may request corrections to inaccurate PHI.
• Right to Accounting: You may request an accounting of disclosures of PHI.
• Right to Restrict: You may request restrictions on certain uses and disclosures.
• Right to Confidential Communications: You may request communications by alternative means.
• Right to Complain: You may file a complaint with us or with the Secretary of Health and Human Services if you believe your privacy rights have been violated.

Minimum necessary standard

We access and use only the minimum amount of PHI necessary to provide the requested services. Our systems are designed to limit access to PHI based on role and function.

Audit controls

We maintain comprehensive audit logs of all access to and processing of PHI to detect security incidents, investigate breaches, and demonstrate HIPAA compliance. These logs include: user identifiers (email, Firebase UID), timestamps, actions performed (view, create, modify, delete), IP addresses, and session information. Audit logs do not contain the actual health information itself, only metadata about who accessed what and when. Audit logs are retained for at least 6 years as required by HIPAA.

EHR integration

OVScribe may integrate with third-party EHR systems when you authorize the connection. When you enable EHR integration:

• You authenticate via OAuth to grant OVScribe access to your EHR account
• SOAP notes and associated clinical data may be synced to your EHR system
• Third-party EHR providers act as covered entities or business associates and have their own privacy practices and BAA
• You can revoke EHR access at any time through the app settings
• Third-party EHR providers' handling of your data is governed by their privacy policy, not ours

Data sharing and disclosures

We do not sell, rent, or share PHI with third parties except:

• As required by law or court order
• To prevent a serious threat to health or safety
• As authorized by you in writing
• To our subcontractors who have signed Business Associate Agreements
• For healthcare operations as permitted under HIPAA
• To third-party EHR systems when you authorize the integration as described above

Breach notification

In the event of a breach of unsecured PHI:

• We will notify affected users without unreasonable delay and no later than 60 days after discovery
• The notification will include: what happened, types of information involved, steps you should take, what we are doing to investigate and mitigate, and contact information for questions
• For breaches affecting 500+ individuals, we will also notify the Department of Health and Human Services and prominent media outlets as required
• We maintain a breach log for all incidents regardless of size

International and data location

Services run in Google Cloud us-central1 region which is configured for HIPAA-aligned processing. Data is processed and stored in the United States. We rely on Google's compliance program and our BAA for covered services.

Changes

We may update this policy. We will change the effective date above and post changes on this site.

Contact

Questions or privacy requests: reid@twintipsolutions.com