Privacy Policy

Last Updated: January 2025

1. Introduction

PulseStack ("we," "our," or "us") is committed to protecting the privacy and security of healthcare information. This Privacy Policy explains how we collect, use, and protect information in connection with our Aura‑Chart medical AI assistant service ("Service").

2. Information We Collect

2.1 Healthcare Professional Information

• Name, email address, and professional credentials
• Medical specialty and practice information
• Authentication data (Google OAuth tokens)
• Usage analytics and system performance data

2.2 Clinical Data

• Audio recordings of patient encounters (deleted immediately after processing)
• Transcribed text from medical conversations (deleted immediately after user review)
• Generated clinical notes and documentation (deleted immediately after user review)
• Template preferences and customizations

3. How We Use Information

3.1 Service Provision

• Generate accurate medical documentation from audio input
• Provide personalized templates and phrase suggestions
• Maintain user preferences and settings
• Ensure service reliability and performance

3.2 Quality Improvement

• Monitor and improve AI accuracy and performance
• Develop new features and capabilities
• Conduct security monitoring and threat detection

4. HIPAA Compliance

Important: We understand that clinical data may contain Protected Health Information (PHI) under HIPAA. We implement appropriate safeguards:

• Execute Business Associate Agreements (BAAs) with covered entities
• Encrypt all data in transit and at rest using industry-standard encryption
• Implement access controls and audit logging
• Provide data breach notification procedures
• Enable secure data deletion upon request

5. Data Security Measures

• Encryption: AES‑256 encryption for data at rest, TLS 1.3 for data in transit
• Access Controls: Multi‑factor authentication and role‑based access
• Infrastructure: Google Cloud Platform with SOC 2 Type II compliance
• Monitoring: Continuous security monitoring and incident response
• Auditing: Comprehensive audit logs of all data access and modifications

6. Data Sharing and Disclosure

We do not sell, rent, or share clinical data with third parties except:

• With your explicit consent
• To comply with legal obligations or court orders
• To protect the safety and security of our systems and users
• With service providers under strict confidentiality agreements

7. Data Retention and Deletion

• Clinical Data: Retained until user starts a new session
• Account Data: Retained while account is active plus 90 days
• Audit Logs: Retained for 3 years for compliance purposes
• User Rights: You may request data deletion at any time (subject to legal retention requirements)

8. International Data Transfers

Data is primarily processed in the United States using Google Cloud Platform infrastructure. Any international transfers comply with applicable data protection regulations, including GDPR where applicable.

9. Your Rights and Choices

You have the right to:

• Access your personal and clinical data
• Request correction of inaccurate information
• Request deletion of your data (subject to legal requirements)
• Export your data in a portable format
• Opt out of certain data processing activities
• File complaints with supervisory authorities

10. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use advertising cookies or third‑party tracking technologies for marketing purposes.

11. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated via email or service notifications. Continued use constitutes acceptance of the updated policy.

12. Contact Us

For privacy‑related questions or requests, please contact:
Privacy Officer: pulsestackkai2025@gmail.com
Data Protection Officer: pulsestackkai2025@gmail.com

This Privacy Policy is effective as of the last updated date and applies to all users of the PulseStack Aura‑Chart service.