Privacy Policy

The most important thing

Session audio recordings and transcripts are never stored on our servers. Audio is processed in your browser before transmission. Transcripts are processed and immediately discarded. We have no access to session content.

What we collect

• Email address and name (account creation)
• Billing information (processed by Stripe — we never see card numbers)
• Session metadata: duration, note format, speaker count, timestamp (no content)
• Usage records: minutes used per billing period (no content)

What we do not collect

• Session audio recordings
• Session transcripts
• Session notes or clinical content
• Client names, identifying information, or any PHI

Third-party processors

We use the following processors, each with signed BAAs where applicable:

• AssemblyAI — Transcription. Audio is sent for processing and deleted after retrieval. BAA in place.
• Anthropic — Note generation from transcript text. BAA in place.
• Supabase — Account and usage data storage. PHI is never stored here.
• Stripe — Payment processing.
• Vercel — Application hosting.

Data security

All data in transit is encrypted via HTTPS/TLS. Account data at rest is encrypted by Supabase. Row-level security ensures you can only access your own account data.

Your rights

You may request deletion of your account and all associated data at any time by emailing privacy@therascribe.com. Because we do not store session content, there is no session data to delete.

Contact

Haven Command LLC
privacy@therascribe.com