Privacy Policy

Last updated: July 16, 2025

1. Introduction

Welcome to Aiva ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical scribing service, including our website and mobile application (collectively, the "Service").

Please read this Privacy Policy carefully. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Account Information: Name, email address, phone number, medical license number, hospital/clinic affiliation
• Professional Information: Medical specialty, professional credentials, workplace details
• Authentication Data: Login credentials and authentication tokens provided by our third-party authentication service (Clerk)

2.2 Health Information (PHI)

As a medical scribing service, we process Protected Health Information (PHI) including:

• Audio Recordings: Voice recordings of patient consultations
• Transcriptions: Text transcriptions of medical consultations
• Medical Summaries: AI-generated summaries of patient visits
• Patient Names: Names mentioned during consultations

2.3 Technical Information

• Usage Data: Information about how you use our Service
• Device Information: Browser type, operating system, IP address
• Cookies and Tracking: We use cookies and similar technologies to enhance your experience

3. How We Use Your Information

3.1 Service Provision

• Provide and maintain our medical scribing services
• Process audio recordings and generate transcriptions
• Create AI-powered medical summaries
• Store and organize your consultation records

3.2 Account Management

• Create and manage your account
• Authenticate your identity
• Provide customer support
• Send important service notifications

3.3 Improvement and Analytics

• Improve our AI models and transcription accuracy
• Analyze usage patterns to enhance our Service
• Develop new features and functionality

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Information

We do not sell, trade, or rent your personal information or PHI to third parties.

4.2 Service Providers

We may share your information with trusted third-party service providers who assist us in operating our Service:

• Authentication Services: Clerk (for user authentication and management)
• Database Services: Supabase (for secure data storage)
• AI Services: Anthropic Claude (for medical summary generation), ElevenLabs (for audio transcription)
• Hosting Services: Vercel (for application hosting)

All service providers are contractually bound to protect your information and use it only for the specific purposes we authorize.

4.3 Legal Requirements

We may disclose your information if required by law, such as:

• To comply with legal obligations
• To respond to lawful requests from public authorities
• To protect our rights, property, or safety
• In connection with legal proceedings

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

5. Data Security

5.1 Security Measures

We implement robust security measures to protect your information:

• Encryption: All data is encrypted in transit and at rest
• Access Controls: Strict access controls and authentication requirements
• Regular Audits: Regular security assessments and monitoring
• Secure Infrastructure: Enterprise-grade hosting and database services

5.2 HIPAA Safeguards

We maintain HIPAA-required safeguards including:

• Administrative safeguards (policies, procedures, training)
• Physical safeguards (secure data centers, controlled access)
• Technical safeguards (encryption, access controls, audit logs)

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account Information: Retained while your account is active
• Medical Records: Retained according to medical record retention requirements (typically 7-10 years)
• Audio Recordings: Retained according to your preferences and legal requirements

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

• Access your personal information and PHI
• Request corrections to inaccurate information
• Download your data in a portable format
• Delete your account and associated data

7.2 HIPAA Rights

Under HIPAA, you have the right to:

• Request an accounting of disclosures of your PHI
• Request restrictions on the use or disclosure of your PHI
• File a complaint if you believe your privacy rights have been violated

7.3 Communication Preferences

You can opt out of non-essential communications by updating your account settings or contacting us directly.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyze how you use our Service
• Provide security features

You can control cookies through your browser settings, though this may limit some functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that any international transfers comply with applicable data protection laws and include appropriate safeguards.

10. Children's Privacy

Our Service is not directed to individuals under 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending email notifications for significant changes

12. Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

13. Governing Law

This Privacy Policy is governed by the laws of UAE & UK and applicable federal laws, including HIPAA.