Local Med Scribe Privacy Policy
Last Updated: January 18, 2025
Effective Date: January 18, 2025
Introduction
Local Med Scribe ("App," "we," "us," or "our") is committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how the App handles information when you use our medical documentation assistance tool.
Our Core Privacy Principle: Your data stays on your device.
1. INFORMATION WE DO NOT COLLECT
1.1 No Cloud Transmission
Local Med Scribe is designed with a privacy-first architecture. We do not:
- Collect, transmit, or store any data on external servers
- Send any patient information to the cloud
- Use any third-party analytics or tracking services
- Share any data with third parties
- Access any of your data remotely
1.2 No Account Required
- The App does not require user registration
- No email addresses are collected
- No personal profiles are created
- No login credentials are stored on our servers (because we have no servers)
1.3 No Tracking
- No advertising identifiers
- No device fingerprinting
- No usage analytics transmitted externally
- No behavioral tracking
- No cookies or similar tracking technologies
2. INFORMATION PROCESSED LOCALLY ON YOUR DEVICE
The following information is processed and stored entirely on your device:
2.1 Audio Recordings
| Aspect | Details |
|---|---|
| What | Voice recordings of patient encounters |
| Where Stored | Local device storage only |
| Protection | AES-256-GCM encryption |
| Backup | Excluded from iCloud and Time Machine |
| Retention | Until you delete it |
2.2 Transcripts
| Aspect | Details |
|---|---|
| What | Text transcriptions generated from audio |
| Processing | On-device AI (WhisperKit) |
| Where Stored | Local device storage only |
| Protection | AES-256-GCM encryption |
| Backup | Excluded from iCloud and Time Machine |
2.3 SOAP Notes
| Aspect | Details |
|---|---|
| What | AI-generated clinical documentation |
| Processing | On-device AI (MLX models) |
| Where Stored | Local device storage only |
| Protection | AES-256-GCM encryption |
| Backup | Excluded from iCloud and Time Machine |
2.4 App Settings
| Aspect | Details |
|---|---|
| What | User preferences (model selection, prompts) |
| Where Stored | Local UserDefaults |
| Contains PHI | No |
2.5 Password (Optional)
| Aspect | Details |
|---|---|
| What | SHA-256 hash of user password |
| Where Stored | Device Keychain (hardware-protected) |
| Contains PHI | No |
3. HOW WE PROTECT YOUR DATA
3.1 Encryption at Rest
All patient encounter data is encrypted using AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode) via Apple's CryptoKit framework before being stored on your device.
3.2 Secure Key Storage
Encryption keys are stored in your device's Keychain, which is:
- Hardware-protected by the Secure Enclave (on supported devices)
- Accessible only after device unlock
- Protected by the operating system
3.3 Backup Exclusion
All encounter data is explicitly excluded from:
- iCloud Backup
- Time Machine Backup
- Any automatic backup system
This ensures patient data cannot accidentally sync to cloud services.
3.4 Password Protection
The App offers optional password protection:
- Automatic lock after 30 seconds of inactivity
- Maximum 5 failed login attempts before lockout
- Password hashes stored securely (never plaintext)
3.5 Secure Data Destruction
When you delete data:
- Individual encounters are permanently removed
- The "Delete All Data" feature destroys encryption keys, rendering all data unrecoverable
- This meets HIPAA requirements for data destruction
4. ON-DEVICE AI PROCESSING
4.1 Speech-to-Text Transcription
- Uses WhisperKit, an on-device speech recognition model
- Audio is processed entirely on your device
- No audio is sent to Apple, OpenAI, or any external service
- Transcription happens without internet connection
4.2 SOAP Note Generation
- Uses MLX large language models running locally
- All AI processing occurs on your device's Neural Engine/GPU
- No patient data is sent to any AI cloud service
- Works completely offline
5. WHAT WE ACCESS
5.1 Microphone
| Purpose | To record patient encounters for transcription |
|---|---|
| When | Only when you actively start a recording |
| Transmitted | Never - audio stays on device |
5.2 Local Storage
| Purpose | To save encrypted encounter data |
|---|---|
| Location | App's sandboxed container |
| Transmitted | Never |
6. THIRD-PARTY SERVICES
6.1 Apple Frameworks
The App uses Apple's built-in frameworks:
- CryptoKit - For encryption
- Security Framework - For Keychain access
- AVFoundation - For audio recording
- CoreML - For AI model execution
These frameworks process data locally and do not transmit information to Apple.
6.2 No Third-Party Analytics
We do not use:
- Google Analytics
- Firebase
- Mixpanel
- Amplitude
- Any other analytics service
6.3 No Third-Party SDKs That Collect Data
The App contains no third-party SDKs that collect or transmit user data.
7. DATA RETENTION
7.1 Your Control
You have complete control over data retention:
- Delete individual encounters at any time
- Delete all data using the secure wipe feature
- Uninstall the App to remove all associated data
7.2 No Remote Retention
Since no data is transmitted to us, we retain no data about you or your patients.
8. CHILDREN'S PRIVACY
Local Med Scribe is intended for use by licensed healthcare professionals and is not directed at children under 18. We do not knowingly process data relating to children except in the context of documented patient encounters, which remain entirely on the healthcare provider's device.
9. YOUR RIGHTS
9.1 Access
All your data is stored locally on your device. You can access it directly through the App.
9.2 Deletion
You can delete any or all data at any time through the App's interface.
9.3 Portability
You can export SOAP notes by copying them from the App.
9.4 No Data Requests Necessary
Since we don't collect your data, there's no need to submit data access requests to us.
10. HIPAA CONSIDERATIONS
10.1 Your Responsibility
As a healthcare provider, you are responsible for:
- HIPAA compliance in your use of the App
- Obtaining appropriate patient consent for recording
- Securing your device
- Proper data handling and retention policies
10.2 Our Design Choices
We designed the App to support your compliance:
- Local-only processing (no Business Associate Agreement needed with us)
- Strong encryption
- Secure data destruction
- Backup exclusion
- Password protection
10.3 No BAA Required
Because we never receive, transmit, or store Protected Health Information (PHI), we are not a Business Associate under HIPAA. All PHI remains exclusively on your device under your control.
11. INTERNATIONAL USERS
11.1 Data Location
Your data is stored only on your physical device. It does not cross borders unless you physically move your device.
11.2 GDPR Compliance
For users in the European Economic Area:
- We are the data controller for App functionality
- Legal basis: Legitimate interest in providing the service
- Data minimization: We collect no personal data
- Your rights under GDPR are preserved (access, deletion, portability)
12. CHANGES TO THIS POLICY
12.1 Updates
We may update this Privacy Policy from time to time. Changes will be reflected in the "Last Updated" date.
12.2 Notification
Material changes will be communicated through:
- App update notes
- In-app notification
- Our website
12.3 Continued Use
Your continued use of the App after changes constitutes acceptance of the updated Privacy Policy.
13. CONTACT US
If you have questions about this Privacy Policy or our privacy practices:
Email: shitanshuuppal@gmail.com
Website: https://gyoedu.org
14. SUMMARY
| Question | Answer |
|---|---|
| Do you collect my data? | No |
| Do you collect patient data? | No |
| Is data sent to the cloud? | No |
| Is data encrypted? | Yes (AES-256-GCM) |
| Can I delete my data? | Yes (anytime) |
| Do you use tracking? | No |
| Do you share data with third parties? | No |
| Does the App work offline? | Yes |
| Is a BAA required? | No (we never access PHI) |
Your privacy is protected by design, not just by policy.
Privacy Policy Version 1.0
Last Updated: January 2025