SyncSOAP
Log In

Privacy Policy

Last updated: April 4, 2026

1. Data Collection

AI Scribe collects and temporarily processes the following data solely to generate clinical documentation on your behalf:

  • Audio transcripts — recorded during clinical encounters and converted to text via speech-to-text services.
  • Clinical images — photographs captured or uploaded for AI-assisted visual description (e.g., dermatological morphology).
  • SOAP notes — generated by AI models from the transcript and image data you provide.
  • Account credentials — an email address used for authentication. Passwords are hashed and never stored in plain text.

We do not sell customer data or patient data. Encounter data is processed only to provide the documentation workflow described in this policy.

2. 24-Hour Ephemeral Storage Policy

Encounter data — including transcripts, SOAP notes, and clinical images — is designed for short-term operational storage and is automatically scheduled for deletion within 24 hours of creation. This ephemeral storage model supports documentation review, clinician attestation, and copy/export into the customer's official record system.

Users are responsible for exporting or copying their clinical notes to their official Electronic Health Record (EHR) system before the 24-hour window expires.

3. No Third-Party Sharing

We do not sell, rent, lease, or disclose your data to third parties for advertising or unrelated analytics. We may share data with subprocessors and infrastructure providers only when necessary to operate authentication, storage, database, transcription, AI-assisted drafting, image analysis, email delivery, security, and audit workflows.

Depending on the deployment, these service providers may include cloud hosting, database, object storage, transcription, and model providers operating under customer-approved terms and business associate arrangements where required.

4. Security Measures

  • All data in transit is encrypted via TLS/HTTPS.
  • PostgreSQL database storage is encrypted at rest.
  • Image storage uses authenticated, private access tokens; no publicly accessible URLs are generated.
  • HIPAA-compliant audit logging records all significant data access and modification events.
  • Clinicians review AI-generated output before copying it into the official chart.

For a higher-level overview of infrastructure safeguards and cloud service categories, see our Security & Compliance page.

5. Research / Beta Status

SyncSOAP is currently being evaluated in research, demo, and early rollout settings. Features, subprocessors, retention practices, and deployment configurations may evolve as the product matures. Customers remain responsible for confirming that the deployed configuration meets their operational and regulatory requirements.

6. Contact

If you have questions about this Privacy Policy, please contact the application administrator.