Privacy Policy

1. Introduction

vScription ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the vScription web portal ("Portal"), vScription mobile applications ("Mobile Apps"), and related services (collectively, the "Services").

This policy applies to all users of our Services, including organization administrators, typists, authors, reviewers, and any other individuals who access or use our platform. By using our Services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, username, password, and organization details when you register for an account.
• Audio Files: Audio recordings uploaded for transcription through the Portal or Mobile Apps.
• Transcription Content: Text transcripts, summaries, and related documents generated through our Services.
• Payment Information: Billing details and payment method information when purchasing subscriptions or AI minute packs.
• Communications: Information you provide when contacting our support team or providing feedback.

2.2 Information Collected Automatically

• Usage Data: Information about how you access and use our Services, including pages visited, features used, and actions taken.
• Device Information: Device type, operating system, browser type, and unique device identifiers when using our Portal or Mobile Apps.
• Log Data: Server logs including IP address, access times, and referring URLs.
• Analytics: We use privacy-safe analytics to understand how our Services are used. Our analytics are configured to be HIPAA-safe and do not track personally identifiable health information.

2.3 Mobile App Specific Data

• Microphone Access: The Mobile Apps may request access to your device's microphone for audio recording and dictation purposes. Audio is only captured when you actively initiate a recording.
• Storage Access: Access to device storage for saving and uploading audio files.
• Network Information: Network connectivity status to manage file uploads and synchronization.
• Push Notifications: Device tokens for delivering push notifications about job status updates, if enabled.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our Services, including audio transcription, AI-powered speech-to-text (STT), and AI summarization.
• Process and manage your account, subscriptions, and payments.
• Send transactional communications including account verification, subscription notifications, AI minute balance alerts, and service updates.
• Provide customer support and respond to your requests.
• Monitor and analyze usage patterns to improve our Services.
• Detect, prevent, and address technical issues and security threats.
• Comply with legal obligations and enforce our terms of service.

4. AI and Automated Processing

Our Services include optional AI-powered features such as Speech-to-Text (STT) transcription and AI summarization. When these features are enabled:

• Audio files are processed by our AI pipeline to generate text transcripts and summaries.
• AI processing is performed using secure cloud infrastructure. For Canadian clients, all processing occurs within Canada (AWS ca-central-1 region) to comply with data residency requirements.
• Audio files and transcripts are not used to train AI models.
• AI features are optional add-ons and can be disabled at the organization or work type level at any time.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Within Your Organization: Information is shared with other members of your organization as necessary for the transcription workflow (e.g., typists can access audio files uploaded by authors within the same organization).
• Service Providers: We use third-party service providers to assist in operating our Services, including cloud hosting, AI processing, email delivery, and payment processing. These providers are contractually obligated to protect your information.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Role-based access controls limiting data access to authorized users within your organization.
• Regular security audits and monitoring.
• Secure authentication including API token-based access for service accounts.
• Session management with configurable timeout periods.
• Audit logging of administrative actions.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide our Services. Specific retention periods include:

• Account Data: Retained for the duration of your account plus a reasonable period after account closure.
• Audio Files and Transcripts: Retained according to your organization's configured retention settings.
• Audit Logs: Retained according to your organization's configured retention period.
• Payment Records: Retained as required by applicable tax and financial regulations.

Organization administrators can configure retention periods for audio files and activity logs within the application settings.

8. Data Residency

We understand the importance of data residency, particularly for healthcare organizations. For clients with Canadian data residency requirements:

• All data processing, including AI services, occurs within Canadian data centers (AWS ca-central-1).
• No data is transferred outside of Canada for processing or storage.

Please contact us if you have specific data residency requirements for your organization.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal and contractual obligations.
• Data Portability: Request a copy of your data in a structured, machine-readable format.
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
• Notification Preferences: You can manage your email notification preferences through the application settings.

To exercise any of these rights, please contact us using the information provided below. Organization administrators can also manage user data and permissions within the application.

10. Children's Privacy

Our Services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.

11. Third-Party Services

Our Services may integrate with or contain links to third-party services. This Privacy Policy does not apply to third-party services, and we encourage you to review their privacy policies. Third-party services we may use include:

• Cloud infrastructure providers for hosting and AI processing.
• Email delivery services for transactional notifications.
• Payment processing services for subscription and pack purchases.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our Services after any changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: