Legal
Privacy Policy
This is a placeholder summary. Your signed BAA and the full policy govern the legal relationship.
Information we process
ClinicPilot processes protected health information (PHI) solely on behalf of covered entities under a Business Associate Agreement. Audio recordings, transcripts, generated notes, and chart data are encrypted at rest (AES-256) and in transit (TLS 1.2+). PHI is stored in US-based infrastructure.
How we use data
We use PHI only to deliver the service you've contracted for. We do not sell personal information under any definition, including those of the CCPA, CPRA, or GDPR. Model training on customer data is strictly opt-in and de-identified, and can be revoked at any time without affecting service.
Your rights
Clinics retain full ownership of their data and may export or delete it at any time from the admin console, or by contacting privacy@clinicpilot.com. We respond to verifiable access and deletion requests within 30 days.
Last updated: April 2026.