Privacy Policy

1. Introduction

Your Life Consulting, LLC ("Company," "we," "us," or "our") operates TherapyScribe.AI (the "Service"), a HIPAA-compliant clinical documentation platform for licensed mental health professionals. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using TherapyScribe.AI, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. HIPAA Compliance

TherapyScribe.AI is designed to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. We function as a Business Associate under HIPAA when processing Protected Health Information (PHI) on behalf of covered entities (our clinician users).

• We will enter into a Business Associate Agreement (BAA) with each covered entity as required by HIPAA.
• We implement administrative, physical, and technical safeguards to protect PHI.
• We limit the use and disclosure of PHI to the minimum necessary to accomplish the intended purpose.
• We promptly notify covered entities in the event of a breach of unsecured PHI.

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

• Full name and professional credentials
• Email address
• Password (stored in hashed form; we never store plain-text passwords)
• Practice name and information
• Billing and subscription details (processed by Stripe; we do not store full credit card numbers)

3.2 Clinical Data (PHI)

In the course of using the Service, you may submit or generate Protected Health Information, including:

• Session audio recordings
• AI-generated transcriptions of recorded sessions
• SOAP notes and other clinical documentation
• Client names, display names, and identifiers
• Digital consent forms and e-signatures
• AI chat conversations related to clinical documentation

3.3 Automatically Collected Information

We may automatically collect certain information when you access the Service, including:

• IP address and browser type
• Device information and operating system
• Usage data (pages visited, features used, session duration)
• Cookies and similar tracking technologies

4. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the Service, including AI-powered transcription and documentation
• Process session recordings through our speech-to-text and AI services to generate clinical notes
• Manage your account, subscriptions, and billing
• Send transactional communications (account verification, billing receipts, service updates)
• Respond to customer support requests
• Monitor and analyze usage patterns to improve the Service
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations

5. AI and Data Processing

TherapyScribe.AI uses artificial intelligence to transcribe session recordings and generate clinical documentation. Important details about our AI data processing:

• No AI Training on Your Data: Your clinical data, session recordings, transcripts, and notes are never used to train or fine-tune AI models. We use enterprise-grade AI services with data processing agreements that prohibit the use of customer data for model training.
• Encryption in Transit: All data transmitted to and from AI processing services is encrypted using TLS 1.2 or higher.
• Temporary Processing: Audio files are processed for transcription and then the processed copies are deleted from the transcription service. Your original recordings are stored securely in your account.
• Enterprise AI Services: We use enterprise-tier AI services (including Azure OpenAI and Deepgram) that provide BAA-eligible, HIPAA-compliant data processing.

6. Data Storage and Security

We implement industry-standard security measures to protect your data:

• All data is encrypted at rest using AES-256 encryption
• All data in transit is encrypted using TLS 1.2+
• Database hosted on Amazon Web Services (AWS) with RDS encryption enabled
• Audio files stored in AWS S3 with server-side encryption
• Access controls and audit logging in place
• Regular security assessments and vulnerability scanning
• Employee access to PHI is restricted on a need-to-know basis

7. Data Sharing and Disclosure

We do not sell your personal information or PHI. We may share information only in the following circumstances:

• Service Providers: With third-party vendors who assist in operating the Service (e.g., cloud hosting, payment processing, AI transcription), subject to appropriate data processing agreements and, where applicable, Business Associate Agreements.
• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate protections for PHI as required by HIPAA.
• With Your Consent: When you explicitly authorize disclosure.

8. Data Retention

We retain your account information and clinical data for as long as your account is active or as needed to provide the Service. Upon account deletion:

• Account data is deleted within 30 days of account closure
• Clinical data (sessions, notes, recordings) is permanently deleted within 30 days
• Backup copies are purged within 90 days
• We may retain certain anonymized, aggregate data for analytics purposes
• We retain billing records as required by applicable tax and financial regulations

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate personal information
• Deletion: Request deletion of your personal information
• Data Portability: Request an export of your data in a machine-readable format
• Withdraw Consent: Withdraw consent for data processing where consent is the legal basis

To exercise any of these rights, please contact us at support@therapyscribe.ai.

10. Cookies

We use essential cookies to operate the Service, including authentication cookies to keep you signed in. We do not use third-party advertising cookies. You can configure your browser to refuse cookies, but this may prevent you from using certain features of the Service.

11. Third-Party Services

The Service integrates with the following third-party services:

• Amazon Web Services (AWS): Cloud infrastructure, database hosting, and file storage
• Stripe: Payment processing and subscription management
• Deepgram: Speech-to-text transcription
• Azure OpenAI: AI-powered clinical documentation generation
• Google OAuth: Optional single sign-on authentication

Each of these services maintains their own privacy policies. We encourage you to review them. Where applicable, we have executed Business Associate Agreements with these providers.

12. Children's Privacy

TherapyScribe.AI is intended for use by licensed mental health professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes affecting how we process PHI, we will provide notice via email to the address associated with your account.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: