Privacy Policy

We collect information you provide directly to us, including:

• Account information (name, email, practice details)
• Audio recordings of patient encounters (with consent)
• Generated clinical documentation
• Usage data and analytics
• Device information for security purposes

As a HIPAA-compliant service, we handle Protected Health Information with the highest level of care:

• All PHI is encrypted at rest using AES-256 encryption
• Data in transit is protected with TLS 1.3
• PHI is stored exclusively in AWS Canada (ca-central-1)
• Access to PHI is strictly logged and audited
• We never sell or share PHI with third parties for marketing

We use the information we collect to:

• Provide and improve our AI documentation services
• Generate accurate clinical notes from recordings
• Suggest appropriate ICD-10 codes
• Integrate with your EHR systems
• Provide customer support
• Send service-related communications

We retain your data according to these policies:

• Audio recordings: Configurable retention (auto-delete after transcription or retain)
• Clinical notes: Retained for the duration of your account plus 7 years
• Account data: Retained until account deletion plus 30 days
• Audit logs: Retained for 7 years per HIPAA requirements

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Opt out of non-essential communications

To exercise these rights, contact us at privacy@onalyst.org

We implement comprehensive security measures:

• SOC 2 Type II certified infrastructure
• Regular security audits and penetration testing
• Multi-factor authentication
• Role-based access controls
• 24/7 security monitoring

For privacy-related inquiries:

Email: privacy@onalyst.org

Address: Toronto, Ontario, Canada