Privacy Policy

Last updated: March 15, 2026

1. Introduction

AI4Docs.AI ("we", "our", or "us"), operated by AI4DOCS.AI LTD (UK Company No. 16893518), is committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how we collect, use, process, and safeguard information when you use our Clinical Documentation Assistant (CDA) and Smart EMR services.

Our services are built on a zero-storage architecture for patient health information: we process clinical data transiently to generate your notes, but never permanently store patient records on our servers.

2. Information We Store

2.1 Account Information

Email address and authentication credentials
Professional profile (name, title, specialty, institution, license number)
Clinic logo (uploaded by you for letterhead use)
Language and documentation preferences

2.2 Subscription and Billing

Subscription tier, status, and billing period
Credit usage count (notes generated per month)
Payment information is collected and processed exclusively by Stripe, our PCI DSS Level 1 compliant payment processor. We never see, handle, or store your payment card details. See Stripe's Privacy Policy.

2.3 Usage Information

Feature usage statistics (number of notes generated)
Service error logs for troubleshooting (filtered to exclude patient data)

3. Patient Data: Zero-Storage Policy

            We do not store patient health information (PHI). Patient data passes through our system transiently to generate your clinical notes, then is immediately discarded. We maintain no database of patient records.
        

The following patient data is processed but never permanently stored:

Audio recordings — Transmitted to our backend, processed by Google Vertex AI for transcription and note generation, then discarded. For audio files exceeding 15 MB, files are temporarily held in an encrypted Google Cloud Storage bucket with automatic deletion after 24 hours.
Text notes and dictation — Processed through our AI engine in memory, never written to any database.
Uploaded documents (lab results, imaging reports) — Processed and discarded immediately after note generation.
Generated clinical notes — Exist only in your browser session until you copy, print, export, or close the tab. We do not retain copies.

3.1 Smart EMR Patient Data

If you use our Smart EMR integration, all patient records (visits, prescriptions, diagnoses) are stored exclusively in your own Google Sheet on your own Google Drive. Smart EMR is cloned as a template to your personal Google Workspace — we have no access to your patient data unless you explicitly grant our service account read/write access for the CDA integration feature. You can revoke this access at any time by removing the service account from your Google Sheet's sharing settings.

4. Quick Reference: What We Store vs. What We Don't

Data Type	Stored?	Details
Doctor profile (name, title, specialty)	✅ Yes	While your account is active
Email address	✅ Yes	For authentication and service emails
Clinic logo	✅ Yes	For letterhead on printed documents
Usage statistics (note count)	✅ Yes	For subscription management
Payment records	✅ Yes	Stored by Stripe (as required by law)
Audio recordings	❌ No	Processed and deleted (max 24 hours for large files)
Patient text and notes	❌ No	Processed in memory, never written to database
Uploaded documents	❌ No	Processed and discarded immediately
Generated clinical notes	❌ No	Exists only in your browser
Patient records (Smart EMR)	❌ No	Stored on your own Google Drive

5. How We Use Stored Information

We use the information we store (account and usage data) to:

Provide, operate, and improve our clinical documentation service
Process payments and manage subscriptions
Send transactional emails (welcome, subscription changes, credit alerts)
Provide customer support
Ensure compliance with legal and regulatory requirements

We do not sell, rent, or share your personal information with third parties for marketing purposes.

6. Data Processing Architecture

Understanding how your data flows through our system:

Your browser captures audio, text, and file uploads during your clinical session.
Our backend (hosted on Google Cloud Run, within a HIPAA-eligible Google Cloud environment) receives your data over encrypted HTTPS connections.
Google Vertex AI (Gemini models) processes the audio and text to generate your clinical note. Vertex AI is stateless — it does not store or learn from your data.
The generated note is returned to your browser. No copy is retained on our servers.
For Smart EMR users: When you click "Fetch Note," the generated note is written directly to your own Google Sheet — not stored on our systems.

7. Sub-processors and Third-Party Services

We use the following third-party services to provide our platform. None of these sub-processors store patient health information:

Service	Purpose	Data Processed	Location
Google Cloud Platform	Backend hosting (Cloud Run), AI processing (Vertex AI), temporary audio storage (Cloud Storage)	Audio, text, generated notes (transiently)	United States (us-central1)
Firebase Hosting	CDA application frontend (clinic.ai4docs.ai)	None (static content delivery; all data handled by backend)	Global CDN (Google Cloud)
Supabase	User authentication, doctor profiles, usage tracking	Email, professional profile, subscription data	Frankfurt, Germany (EU)
Stripe	Payment processing and subscription management	Email, payment card details (handled by Stripe directly)	United Kingdom
Resend	Transactional email delivery	Email address, subscription status	United States
Netlify	Website hosting (marketing site only)	None (static content delivery)	Global CDN
Google Workspace	Smart EMR data storage (doctor's own Google Sheet)	Patient records (stored on doctor's own Drive)	Per doctor's Google Workspace settings

8. HIPAA-Eligible Infrastructure

Our infrastructure is built on HIPAA-eligible Google Cloud services with a signed Business Associate Agreement (BAA) covering Cloud Run, Vertex AI, Cloud Storage, and related services. Full HIPAA compliance including risk assessment and formal policies is on our near-term roadmap.

Key technical safeguards:

All data transmission encrypted via TLS 1.2+ (HTTPS)
Zero long-term storage of patient health information
Temporary audio files auto-deleted within 24 hours
Cloud audit logging with PHI exclusion filters
Vertex AI operates in stateless mode (no data retention or model training on your data)

Healthcare providers using our service remain the covered entity and are responsible for:

Obtaining appropriate patient consent for recording and AI processing
Ensuring secure handling of data on their own devices and networks
Maintaining compliance with all applicable regulations in their jurisdiction

For more details, see our Security & Compliance page.

9. GDPR and Data Protection Rights

9.1 Data Controller and Processor Roles

You (the healthcare provider) are the Data Controller: You determine the purposes and means of processing patient data. You are responsible for ensuring a lawful basis for processing.
AI4Docs.AI is the Data Processor: We process data solely on your instructions and for the purpose of providing the Service. We do not independently determine how patient data is used.

We offer a Data Processing Agreement (DPA) for healthcare providers who require one.

9.2 Your Rights

Under GDPR and equivalent data protection laws, you have the right to:

Access — Request a copy of the personal data we hold about you
Rectification — Correct any inaccurate personal data
Erasure — Request deletion of your account and associated data
Portability — Receive your data in a structured, machine-readable format
Restriction — Request that we limit processing of your data
Objection — Object to processing based on legitimate interests
Withdraw consent — Where processing is based on consent, withdraw at any time

To exercise any of these rights, contact us at support@ai4docs.ai. We will respond within 30 days.

9.3 Right to Erasure (Patient Data)

Because we do not store patient health information, there is no patient data to erase from our systems. Clinical data exists only transiently during processing and is automatically discarded. For Smart EMR users, patient records are stored in your own Google Drive, which you fully control.

10. Data Retention

Data Type	Retention Period
Account and profile data	While your account is active, plus 30 days after deletion request
Patient health data	Not retained (zero-storage policy)
Large audio files (temporary)	Automatically deleted within 24 hours
Subscription and billing records	As required by law (typically 7 years for financial records)
System audit logs (non-PHI)	6 years (regulatory compliance)

11. Data Security

We implement industry-standard and healthcare-grade security measures:

TLS 1.2+ encryption for all data in transit
Google Cloud encryption at rest (AES-256) for all stored data
Secure authentication via Supabase Auth (bcrypt password hashing, OAuth 2.0)
Role-based access controls and least-privilege service accounts
Cloud audit logging with automated PHI exclusion filters
Security headers (HSTS, X-Content-Type-Options, X-Frame-Options) on all responses
Regular security reviews and updates

12. International Data Transfers

Our infrastructure spans multiple regions to balance performance and compliance:

Backend and AI processing: United States (Google Cloud, us-central1 region)
Account data (profiles, authentication): European Union (Supabase, Frankfurt, Germany)
Payment processing: United Kingdom (Stripe)

Patient data may be transmitted to and processed in the United States during the brief AI processing window. We ensure all transfers meet applicable data protection standards through:

Google Cloud's Data Processing Addendum (GDPR-compliant with Standard Contractual Clauses)
Stripe's Data Processing Agreement with Standard Contractual Clauses
Encryption of all data in transit (TLS 1.2+)

13. Cookies and Tracking

Our Clinical Documentation Assistant (clinic.ai4docs.ai) does not use tracking cookies, analytics cookies, or third-party advertising pixels. The only browser storage used is:

Authentication session tokens (required for login functionality)
Language preferences (stored in your Supabase profile, with local browser cache as fallback)

Our marketing website (ai4docs.ai) may use minimal analytics to understand visitor patterns. No personal health information is ever present on the marketing site.

14. Children's Privacy

Our service is designed for use by licensed healthcare professionals and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors.

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes via email or through the service. Your continued use after changes constitutes acceptance.

16. Data Protection Officer

Our designated Data Protection Officer (DPO) is:

Prof. Dr. Alaa Meshref
Founder & CEO / DPO / HIPAA Security Officer
Email: support@ai4docs.ai

The DPO is responsible for overseeing data protection strategy and ensuring compliance with GDPR and UK GDPR. HIPAA compliance roadmap is in progress.

17. Contact Us

For privacy-related questions, data requests, or concerns:

Email: support@ai4docs.ai
Company: AI4DOCS.AI LTD
Address: 167-169 Great Portland Street, 5th Floor, London W1W 5PF, United Kingdom
Company No. 16893518

18. Complaints

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection authority.

In the UK, this is the Information Commissioner's Office (ICO).
AI4DOCS.AI LTD is registered with the ICO (Registration Reference: C1891752).