Legal

Privacy Policy

Effective date: April 5, 2026 · Version 2026-04-05

1. Overview

ClinicalOps ("we," "us," or "our") is committed to protecting the privacy of the healthcare providers who use our Service and the patients they serve. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

ClinicalOps is a clinical documentation tool — not a medical records repository. We process data to generate clinical notes and billing suggestions; we do not store patient records as a covered entity under HIPAA.

2. Information We Collect

Account Information

When you register, we collect:

  • Name, email address, and professional credentials
  • Phone number (optional)
  • Password (stored as a one-way cryptographic hash — never in plain text)
  • Date and version of Terms and Privacy Policy acceptance

Clinical Encounter Data

During a recording session, we process:

  • Audio: Streamed in real time to Deepgram (our speech-to-text provider) for transcription. Audio is not stored by ClinicalOps after transcription.
  • Transcripts: The text output of speech recognition, stored in your account for note generation and future reference.
  • Patient demographics you enter: First name, last name, date of birth, sex, MRN (optional), and visit type. These are stored to support patient record continuity across encounters.
  • AI-generated notes: The structured clinical note produced by our AI engine, stored in your account.

Usage and Technical Data

  • Log data (IP address, browser type, pages visited, timestamps)
  • Device information
  • Provider preferences you configure (e.g. procedure preferences, suggestions mode)

3. How We Use Your Information

We use your information to:

  • Provide and operate the ClinicalOps Service
  • Generate clinical notes and billing suggestions from your encounter transcripts
  • Maintain your account and patient record history
  • Send service-related communications (password resets, policy updates)
  • Diagnose technical problems and improve service reliability
  • Comply with legal obligations

We do not sell your data to third parties. We do not use your clinical encounter data for AI model training without your explicit consent.

4. Third-Party Services

ClinicalOps uses the following third-party services to operate. Each has its own privacy practices:

Deepgram (Speech-to-Text)

Audio from your recording sessions is streamed to Deepgram for real-time transcription. Deepgram processes audio under their privacy policy. Audio is not retained by ClinicalOps after transcription. Please review Deepgram's privacy policy at deepgram.com/privacy.

Anthropic Claude (AI Note Generation)

Encounter transcripts and patient demographics are sent to Anthropic's Claude API to generate clinical notes. Anthropic processes this data under their API usage policy. Please review Anthropic's privacy policy at anthropic.com/privacy.

Google Cloud Platform (Infrastructure)

Our application and database are hosted on Google Cloud Platform (GCP) in the United States. Data is encrypted at rest and in transit. Review GCP's security practices at cloud.google.com/security.

5. Data Security

We implement the following security measures:

  • All data transmitted between your browser and our servers is encrypted using TLS
  • Passwords are hashed using bcrypt — never stored in plain text
  • Database access is restricted to authorized application services only
  • Cloud infrastructure is hosted on Google Cloud with enterprise-grade security controls
  • API keys and secrets are managed via Google Cloud Secret Manager

No security system is infallible. In the event of a data breach that affects your information, we will notify you in accordance with applicable law.

6. HIPAA Considerations

If you use ClinicalOps to process Protected Health Information ("PHI") as a covered entity or business associate under HIPAA, you are responsible for ensuring your use complies with HIPAA's requirements, including obtaining appropriate patient authorizations where required.

If you require a Business Associate Agreement ("BAA") to use ClinicalOps in compliance with HIPAA, please contact us at our support form before using the Service to process PHI.

7. Data Retention

We retain your account information and clinical notes for as long as your account is active. If you delete your account, we will delete your personal information and clinical records within 30 days, except where retention is required by law.

Transcripts and notes are retained in your account until you delete them or close your account.

8. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information via your settings page
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a portable format
  • Opt-out: Opt out of non-essential communications

To exercise these rights, contact us at our support form.

9. Children's Privacy

ClinicalOps is intended for use by adult healthcare professionals only. We do not knowingly collect personal information from individuals under 18 years of age.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by requiring re-acceptance upon login. The version date at the top of this page indicates when it was last updated.

11. Contact Us

For privacy-related questions, data requests, or to request a BAA, contact us at:

ClinicalOps Privacy Team

our support form

Version 2026-04-05 · Last updated April 5, 2026

Terms of UseHome