Privacy Policy

1. Introduction

LeapMed.AI ("we," "our," or "us") is committed to protecting your privacy and the confidentiality of your health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical transcription and documentation platform.

We are committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy regulations. This policy should be read in conjunction with our Terms and Conditions.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Name (first and last)
• Email address
• Phone number (optional)
• Medical specialty

2.2 Clinical Data

When you use our Service, we temporarily process:

• Voice recordings or audio files
• Transcripts of clinical encounters
• AI-generated clinical notes
• Template preferences and customizations

Important: All clinical data (transcripts and notes) is automatically deleted after 5 days as an additional security measure. We do not retain this information beyond the 5-day period.

2.3 Usage Data

We may collect information about how you access and use the Service, including:

• Login times and session duration
• Features used
• Error logs and diagnostic information

3. How We Use Your Information

We use your information solely for the following purposes:

• Service Delivery: To provide, maintain, and improve our transcription and documentation services
• Account Management: To manage your account and provide customer support
• Security: To detect, prevent, and address technical issues and security threats
• Communication: To send you service-related announcements and updates

We do NOT:

• Use your transcripts or notes to train AI models
• Share your data with third parties for marketing purposes
• Sell your information to anyone
• Retain clinical data beyond 5 days

4. Data Storage and Security

4.1 HIPAA-Compliant Infrastructure

We utilize industry-leading, HIPAA-compliant service providers to ensure the security and privacy of your data:

• Amazon Web Services (AWS): Our application and database are hosted on HIPAA-compliant AWS servers in secure data centers
• Microsoft Azure: AI processing is performed using OpenAI models via Microsoft Azure containers in a HIPAA-compliant manner
• Deepgram: Voice transcription services are provided by Deepgram, a HIPAA-compliant transcription platform

4.2 Security Measures

We implement multiple layers of security to protect your information:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security audits and monitoring
• Automatic deletion of clinical data after 5 days
• Limited employee access to protected health information

4.3 Business Associate Agreements (BAAs)

We maintain Business Associate Agreements with all HIPAA-covered service providers (AWS, Microsoft Azure, Deepgram). If you are a covered entity under HIPAA, we can provide a BAA upon request. Please contact us at khalid@leapmed.ai.

5. Third-Party Service Providers

Your data may be processed by the following third-party service providers, who are responsible for their own data protection measures:

These service providers process your data only as necessary to provide their services and are contractually obligated to maintain the confidentiality and security of your information. They are responsible for their own security measures and data protection practices.

6. Data Sharing and Disclosure

We do NOT share your personal or clinical data with anyone except as follows:

• Service Providers: With AWS, Microsoft Azure, and Deepgram solely for providing the Service functionality
• Legal Requirements: When required by law, court order, or governmental authority
• Protection of Rights: To protect our rights, property, or safety, or that of our users or others

We will NEVER sell, rent, or trade your information to third parties for marketing or any other purposes.

7. Data Retention and Deletion

Account information (name, email, specialty) is retained while your account is active. You may request deletion of your account at any time by contacting us at khalid@leapmed.ai.

8. Your Rights and Choices

You have the following rights regarding your information:

• Access: You can access your account information at any time through your profile
• Correction: You can update your account information through your profile settings
• Deletion: You can request deletion of your account and associated data
• Export: You can export your clinical notes before they are automatically deleted

To exercise these rights or if you have questions, please contact us at khalid@leapmed.ai.

9. Training Data Policy

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Continued use of the Service after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to request a Business Associate Agreement (BAA), please contact us:

Email: khalid@leapmed.ai

For HIPAA-related inquiries, BAA requests, or data breach notifications, please use the email above.