Privacy Policy

Last updated: January 31, 2026

1. Introduction

PatientChart AI ("we," "our," or "us") is committed to protecting the privacy and security of your personal information and any patient data you process through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered clinical documentation platform.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, password (encrypted), practice name, and practice type. This information is necessary to provide our services.

Patient Data You Provide

You may enter patient names, dates of birth, contact information, and clinical observations. This data is stored securely in your account and is only accessible to you. We do not access, review, or use patient data for any purpose other than providing the service to you.

AI-Generated Content

When you use our AI note generation feature, your input is sent to our AI provider (OpenAI) for processing. We do not use your data to train AI models. OpenAI processes this data under a zero-data-retention agreement for API usage.

Usage Data

We automatically collect information about how you interact with our platform, including pages visited, features used, and timestamps. This data helps us improve the service.

3. How We Use Your Information

  • To provide and maintain the PatientChart AI service
  • To generate AI-powered clinical notes based on your input
  • To process payments and manage subscriptions
  • To send service-related communications
  • To improve our platform and develop new features
  • To comply with legal obligations

4. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Row-level security ensures users can only access their own data
  • Authentication is handled through secure, industry-standard protocols
  • We conduct regular security reviews of our infrastructure
  • Payment processing is handled by Stripe (PCI DSS compliant)

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Service providers: Supabase (database hosting), OpenAI (AI processing), Stripe (payments), and Vercel (hosting)
  • Legal requirements: When required by law, subpoena, or government request
  • Business transfers: In connection with a merger, acquisition, or sale of assets

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete all associated data within 30 days, except where retention is required by law. You can request account deletion at any time through the Settings page.

7. Your Rights

You have the right to:

  • Access and download your data
  • Correct inaccurate information
  • Delete your account and associated data
  • Object to certain data processing activities
  • Data portability (export your data in a standard format)

8. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. We do not use advertising cookies or third-party tracking scripts.

9. Children's Privacy

PatientChart AI is intended for licensed healthcare professionals. We do not knowingly collect information from individuals under 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@patientchart.ai.