At Attreo, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinical documentation service.
1. Information We Collect
1.1 Information You Provide
We collect information you provide directly to us, including:
- Account Information: Name, email address, professional credentials, medical specialty, and institution affiliation.
- Audio Recordings: Consultation recordings you submit for transcription and clinical note generation.
- Clinical Notes: The clinical documentation generated from your consultations, including any edits you make.
- Payment Information: Billing details processed through our secure payment providers.
- Communications: Any correspondence you send to us, including support requests.
1.2 Information Collected Automatically
When you use our service, we automatically collect:
- Usage Data: Information about how you interact with our service, including features used and time spent.
- Device Information: Browser type, operating system, and device identifiers.
- Log Data: IP address, access times, and pages viewed.
2. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our clinical documentation services
- Process audio recordings and generate clinical notes
- Send you technical notices, updates, and support messages
- Respond to your comments, questions, and customer service requests
- Monitor and analyze usage trends to improve user experience
- Detect, investigate, and prevent fraudulent transactions and other illegal activities
- Comply with legal obligations and protect our legal rights
3. Protected Health Information (PHI)
As a healthcare technology provider, we understand the sensitive nature of Protected Health Information. We are committed to:
- Maintaining HIPAA compliance for all PHI processing
- Using PHI only for the purposes of providing our services
- Never selling or sharing PHI for marketing purposes
- Implementing appropriate technical and organizational safeguards
- Signing Business Associate Agreements (BAAs) with covered entities upon request
4. Data Retention
We retain your information according to the following guidelines:
- Account Data: Retained for as long as your account is active, plus 30 days after deletion request.
- Audio Recordings: Automatically deleted after clinical note generation, unless you opt for extended retention.
- Clinical Notes: Retained according to your plan settings (7 days to 2 years, or custom for Enterprise).
- Usage Logs: Retained for 12 months for security and analytics purposes.
5. Information Sharing
We do not sell your personal information. We may share your information in the following circumstances:
- Service Providers: With trusted third parties who assist in operating our service (cloud hosting, payment processing).
- Legal Requirements: When required by law, subpoena, or other legal process.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
- With Your Consent: When you explicitly authorize us to share information.
6. Data Security
We implement comprehensive security measures to protect your information:
- End-to-end encryption (AES-256) for all data in transit and at rest
- SOC 2 Type II certified infrastructure
- Regular security audits and penetration testing
- Access controls and authentication requirements
- Employee training on data protection practices
- Incident response procedures
7. Your Rights and Choices
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data.
- Portability: Request a portable copy of your data.
- Restriction: Request restriction of processing in certain circumstances.
- Objection: Object to processing based on legitimate interests.
To exercise these rights, please contact us at privacy@attreo.com.
8. International Data Transfers
If you are accessing our service from outside the European Economic Area, please be aware that your information may be transferred to, stored, and processed in countries where our servers are located. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses.
9. Children's Privacy
Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice via email or through our service.
11. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Questions about your data?
We're committed to transparency. If you have any questions about how we handle your data, please don't hesitate to reach out to our privacy team.