Privacy Policy

Last updated: February 21, 2026

1. Introduction

Welcome to Aiva, operated by Aivascribe AI Developing Services LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical scribing service, including our website and application (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy and our Terms and Conditions.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Account Information: Name, email address, phone number, medical licence number, hospital/clinic affiliation
• Professional Information: Medical specialty, professional credentials, workplace details
• Authentication Data: Login credentials and authentication tokens provided by our third-party authentication service (Clerk)

2.2 Health Information (PHI)

As a medical scribing service, we process Protected Health Information (PHI) including:

• Audio Recordings: Voice recordings of patient consultations
• Transcriptions: Text transcriptions of medical consultations
• Medical Summaries: AI-generated summaries of patient visits
• Patient Names: Names mentioned during consultations

2.3 Technical Information

• Usage Data: Information about how you use the Service
• Device Information: Browser type, operating system, IP address
• Cookies and Tracking: We use cookies and similar technologies to enhance your experience

3. Legal Basis for Processing

In accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, we process your personal data on the following legal bases:

• Contractual Necessity: Processing necessary for the performance of the Service you have requested
• Consent: Where you have provided explicit consent for specific processing activities
• Legitimate Interest: Processing necessary for our legitimate business interests, provided these do not override your rights
• Legal Obligation: Processing required to comply with UAE law or other applicable regulations

4. How We Use Your Information

4.1 Service Provision

• Provide and maintain our medical scribing services
• Process audio recordings and generate transcriptions
• Create AI-powered medical summaries
• Store and organise your consultation records

4.2 Account Management

• Create and manage your account
• Authenticate your identity
• Provide customer support
• Send important service notifications

4.3 Improvement and Analytics

• Improve our AI models and transcription accuracy
• Analyse usage patterns to enhance the Service
• Develop new features and functionality

5. Information Sharing and Disclosure

5.1 We Do Not Sell Your Information

Aivascribe AI Developing Services LLC does not sell, trade, or rent your personal information or PHI to third parties.

5.2 Service Providers

We may share your information with trusted third-party service providers who assist us in operating the Service:

• Authentication Services: Clerk (for user authentication and management)
• Database Services: Supabase (for secure data storage)
• AI Services: Anthropic Claude (for medical summary generation), ElevenLabs (for audio transcription)
• Hosting Services: Vercel (for application hosting)

All service providers are contractually bound to protect your information and use it only for the specific purposes we authorise. Where personal data is transferred to service providers outside the UAE, we ensure appropriate safeguards are in place as required by UAE data protection law.

5.3 Legal Requirements

We may disclose your information if required by law, including:

• To comply with UAE legal obligations or court orders
• To respond to lawful requests from public authorities
• To protect the rights, property, or safety of the Company
• In connection with legal proceedings

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections described in this policy.

6. Data Security

6.1 Security Measures

We implement robust security measures to protect your information:

• Encryption: All data is encrypted in transit and at rest
• Access Controls: Strict access controls and authentication requirements
• Regular Audits: Regular security assessments and monitoring
• Secure Infrastructure: Enterprise-grade hosting and database services

6.2 HIPAA Safeguards

Where applicable, we maintain HIPAA-required safeguards including:

• Administrative safeguards (policies, procedures, training)
• Physical safeguards (secure data centres, controlled access)
• Technical safeguards (encryption, access controls, audit logs)

7. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Account Information: Retained while your account is active and for a reasonable period thereafter
• Medical Records: Retained according to applicable medical record retention requirements (typically 7-10 years)
• Audio Recordings: Retained according to your preferences and legal requirements

Upon expiry of the retention period, personal data will be securely deleted or anonymised in accordance with UAE data protection law.

8. Your Rights

8.1 Rights Under UAE Data Protection Law

Under UAE Federal Decree-Law No. 45 of 2021, you have the right to:

• Access your personal data held by us
• Request correction of inaccurate or incomplete data
• Request deletion of your personal data (subject to legal retention requirements)
• Restrict or object to the processing of your data
• Request portability of your data in a structured format
• Withdraw consent at any time (where processing is based on consent)
• Lodge a complaint with the UAE Data Office if you believe your rights have been violated

8.2 HIPAA Rights

Where HIPAA applies, you additionally have the right to:

• Request an accounting of disclosures of your PHI
• Request restrictions on the use or disclosure of your PHI
• File a complaint with the U.S. Department of Health and Human Services Office for Civil Rights

8.3 Exercising Your Rights

To exercise any of your rights, please contact us using the details in Section 14 below. We will respond to your request within the time frames required by applicable law.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences
• Analyse how you use the Service
• Provide security features

You can control cookies through your browser settings, though this may limit some functionality of the Service.

10. International Data Transfers

Your information may be transferred to and processed in countries other than the UAE. Where such transfers occur, Aivascribe AI Developing Services LLC ensures that appropriate safeguards are in place in accordance with UAE Federal Decree-Law No. 45 of 2021, including but not limited to contractual protections and data processing agreements with receiving parties.

11. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

12. Changes to This Privacy Policy

Aivascribe AI Developing Services LLC may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending email notifications for significant changes

Where required by UAE data protection law, we will seek your explicit consent to material changes in how we process your personal data.

13. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the United Arab Emirates, including UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the competent courts of Dubai, United Arab Emirates.

14. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our privacy practices, please contact us: