Privacy Policy

At DoctorEscribe, the privacy of our users' data and that of their patients is our highest priority. This Privacy Policy describes what information we collect, how we use it, how we protect it, and what your rights are as a user of our platform. By accessing or using DoctorEscribe, you accept the practices described in this document.

1. Information We Collect

We collect three main categories of information to provide and improve our service:

Account Data

When you create an account on DoctorEscribe, we collect your full name, email address, medical specialty, country of practice, medical license number (optional), clinic or hospital name (optional), and your account's encrypted password. This information is necessary to identify you as an authorized healthcare professional and to personalize your experience on the platform.

Clinical Data

To provide the transcription and medical note generation service, we process audio recordings of consultations (processed in real time and not permanently stored unless you indicate otherwise), text transcriptions generated from those recordings, structured clinical notes (SOAP, progress, discharge, among others), patient information entered manually into the platform (name, age, diagnoses, medications, history), and custom templates created by the user. You have full control over which clinical data is stored in your account.

Technical Data

We automatically collect certain technical information to ensure the proper functioning of the service, including: IP address, browser type and version, operating system, pages visited within the platform, session duration, error logs, and performance data. This information does not directly identify any patient and is used exclusively for technical maintenance and service improvement.

2. How We Use Your Information

We use the information collected for the following purposes:

Service delivery: Processing audio recordings, generating transcriptions, and creating structured clinical notes through artificial intelligence. Without this information, we cannot provide DoctorEscribe's core service.

Account management: Authenticating your identity, maintaining the security of your account, processing subscription payments, and sending important notifications about the service.

Service improvement: Analyzing usage patterns in an aggregated and anonymized manner to improve our artificial intelligence models, transcription accuracy, and the overall user experience. We never use identifiable clinical data to train models without your explicit consent.

Technical support: Diagnosing and resolving technical issues, responding to your inquiries, and providing personalized assistance.

Communications: Sending you updates about new features, changes to the service, and, with your consent, information about offers and promotions.

Legal compliance: Complying with applicable legal obligations, responding to requests from competent authorities, and protecting the rights of DoctorEscribe and its users.

3. Data Storage and Security

The security of your data and that of your patients is fundamental to us. We implement multiple layers of protection:

Encryption in transit: All communication between your device and our servers is carried out using TLS 1.3, the most modern standard for encryption in transit.

Encryption at rest: All data stored in our infrastructure is encrypted with AES-256, a widely recognized military-grade encryption standard.

Infrastructure: We use cloud infrastructure with servers located in the United States, complying with the highest security standards in the industry, including SOC 2 and ISO 27001 certifications.

Access control: Access to production data is strictly limited to authorized DoctorEscribe personnel through role-based access control (RBAC) and mandatory multi-factor authentication.

Auditing: We maintain complete audit logs of all access to sensitive data, with a minimum retention of 12 months.

Security testing: We conduct vulnerability assessments and penetration tests on a regular basis to identify and remediate potential security breaches.

4. Sharing Information

DoctorEscribe does not sell, rent, or trade your personal data or that of your patients to third parties under any circumstances. We share information only in the following limited cases:

Service providers: We share data with trusted third parties that help us operate the platform, such as cloud infrastructure providers, payment processors, and transactional email service providers. All of these providers are subject to confidentiality and data processing agreements that limit the use of the information to the specific purposes of the service.

Artificial Intelligence: For the generation of transcriptions and clinical notes, the audio and text are processed through AI models. This processing is carried out under strict non-retention and confidentiality agreements with our AI providers.

Legal compliance: We may disclose information when required by law, court order, or a competent governmental authority, or when necessary to protect the rights, property, or safety of DoctorEscribe, its users, or the general public.

Corporate transfers: In the event of a merger, acquisition, or sale of assets, your data could be transferred to the new owner. In such a case, you will be notified in advance and it will be ensured that the new entity maintains equivalent levels of protection.

5. User Rights

As a user of DoctorEscribe, you have the following rights over your personal data:

Right of access: You may request at any time a complete copy of all the personal data we hold about you.

Right of rectification: You may correct or update your personal information directly from your account settings, or by contacting us if you need assistance.

Right of erasure: You may request the permanent deletion of your account and all associated data. We will process these requests within 30 business days of receipt.

Right of portability: You may export your clinical notes and data in standard formats (PDF, JSON) from your account settings.

Right to object: You may object to the processing of your data for marketing purposes or non-essential communications at any time.

Right of restriction: In certain cases, you may request that we limit the processing of your data while we resolve a dispute or verify the accuracy of the information.

To exercise any of these rights, contact us at soporte@doctorescribe.com. We will respond to your request within 15 business days.

6. Data Retention

We retain your data for as long as your account is active or as necessary to provide the service. The specific retention periods are:

Account data: Retained while the account is active. After cancellation, the data is deleted within 90 days, unless the law requires longer retention.

Audio recordings: Not stored permanently. The audio is processed in real time to generate the transcription and is not retained on our servers after processing, unless you explicitly enable the audio archiving option.

Clinical notes and transcriptions: Retained while your account is active and for up to 90 days after cancellation. You may delete individual records at any time from the platform.

Audit logs: Retained for a minimum of 12 months to comply with security and regulatory compliance requirements.

Billing data: Retained for the period required by applicable tax laws, generally 5 to 7 years.

7. Patient Consent

DoctorEscribe is a clinical support tool for healthcare professionals. The responsibility for obtaining patients' informed consent before recording or processing their medical information rests exclusively with the doctor or healthcare professional using the platform.

We recommend that all DoctorEscribe users inform their patients about the use of AI-assisted transcription tools during consultations, and obtain their explicit consent in accordance with applicable local regulations. DoctorEscribe provides informed consent templates as a support resource, but assumes no responsibility for the healthcare professional's compliance with this obligation.

8. Cookies and Similar Technologies

DoctorEscribe uses cookies and similar technologies to improve your experience on the platform. These include:

Essential cookies: Necessary for the basic functioning of the platform, such as keeping your session active and remembering your language preferences. They cannot be disabled.

Performance cookies: Help us understand how users interact with the platform in order to identify areas for improvement. The data collected is anonymous and aggregated.

Functionality cookies: Remember your personalized preferences to offer you a more convenient experience, such as the last type of template used.

You can manage your cookie preferences from your browser settings. Please note that disabling certain cookies may affect the functionality of the platform.

9. Changes to this Policy

We may update this Privacy Policy periodically to reflect changes in our practices, in applicable legislation, or in the features of the service. When we make material changes, we will notify you through the platform and by email at least 30 days in advance before the changes take effect.

We recommend that you review this policy periodically. The date of the last update always appears at the beginning of this document. Continued use of DoctorEscribe after the changes take effect constitutes your acceptance of the updated policy.

10. Contact

If you have questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, please do not hesitate to contact us:

Email: soporte@doctorescribe.com

Response time: We are committed to responding to all privacy-related inquiries within 5 business days of receipt.

For formal requests to exercise rights (access, rectification, erasure, portability), we ask that you include in your email: your full name, the email address associated with your account, and a clear description of the request. We may request additional information to verify your identity before processing the request.