Privacy Policy

Last updated: May 29, 2026

AdvancedCare LLC ("AdvancedCare," "Scriber," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes our practices regarding the collection, use, storage, and sharing of your information when you use our website at scriberapp.com, our SaaS platform, our Chrome extension, our mobile applications, and any other products or services we offer (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Definitions

• Client / User — The individual or entity accessing or using the Services.
• Personal Data — Any information relating to an identified or identifiable individual.
• Protected Health Information (PHI) — Individually identifiable health information as defined by HIPAA.
• Service Provider — A third-party company or individual engaged by us to facilitate or provide the Services.
• Usage Data — Data collected automatically from the use of the Services.

2. Information We Collect

2.1 Information You Provide

• Account Information — Name, email address, password, professional credentials, and organization details when you register.
• Clinical Audio & Transcriptions — Audio recordings you upload or capture, and the resulting AI-generated transcriptions, clinical notes, and associated metadata.
• Payment Information — Billing details processed through Stripe. We do not store full credit card numbers.
• Communications — Information you provide when contacting our support team or providing feedback.

2.2 Information Collected Automatically

• Usage Data — IP address, browser type, device identifiers, pages visited, time and date of access, and diagnostic data.
• Device Information — Device type, operating system, unique device identifiers, and mobile network information.
• Cookies & Tracking — We use essential cookies for authentication and session management. See Section 8 for details.

2.3 Chrome Extension Data

Our Chrome extension collects only the minimum data necessary:

• Authentication tokens (stored in Chrome's secure storage API)
• Audio recordings you explicitly initiate
• Transcription session data

The extension does not passively monitor your browsing activity, read page content without your action, or collect data from websites you visit.

2.4 Mobile Application Data

• Authentication credentials (stored in platform secure storage)
• Audio recordings and transcriptions you create
• Device information for crash reporting and performance monitoring

3. How We Use Your Information

• Provide the Services — Authenticate your identity, process audio, generate transcriptions and clinical notes.
• Maintain & Improve — Monitor usage, diagnose issues, and improve AI quality and user experience.
• Communicate — Send service-related notifications, respond to support requests, and provide product updates.
• Billing — Process payments, manage subscriptions, and send invoices.
• Security & Compliance — Detect fraud, enforce our terms, and comply with legal obligations.

We do NOT use your information to: sell to third parties, display advertisements, build marketing profiles, or train AI models on your clinical data without explicit consent.

4. How We Store Your Information

Your data is stored on Microsoft Azure infrastructure in the United States with HIPAA-compliant configurations.

• Data at Rest — Encrypted using AES-256 encryption.
• Data in Transit — Encrypted using TLS 1.2 or higher.
• Clinical Data — Stored in encrypted, access-controlled containers with strict audit logging.
• Authentication Tokens — Securely stored and automatically expire.
• Backups — Regular encrypted backups with the same security controls as primary storage.

5. Data Retention

• Account Data — Retained while your account is active and for a reasonable period afterward.
• Clinical Data — Retained according to your account settings and applicable healthcare record retention requirements.
• Usage Data — Generally retained for up to 24 months for analytics purposes.

You may request deletion of your data at any time (see Section 10).

6. Information Sharing & Disclosure

We share personal information only in the following circumstances:

• Service Providers — Microsoft Azure (cloud hosting), Stripe (payment processing), SendGrid (email delivery). These providers are contractually obligated to protect your data and may not use it for their own purposes.
• AI Processing Partners — Audio transcription and clinical note generation is processed under strict data processing agreements and HIPAA BAAs where applicable.
• Legal Requirements — When required by law, regulation, legal process, or governmental request.
• Business Transfers — In connection with a merger or acquisition. We will notify you before your data becomes subject to a different privacy policy.
• With Your Consent — We may share information for other purposes with your explicit consent.

We do not sell, rent, or trade your personal information or clinical data to third parties for marketing purposes.

7. HIPAA Compliance

Scriber is designed to handle Protected Health Information (PHI) in compliance with HIPAA.

• All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access to PHI is limited to authenticated, authorized users.
• We maintain audit logs of all PHI access as required by HIPAA.
• We enter into Business Associate Agreements (BAAs) with covered entities as required.

To request a BAA, contact [email protected].

8. Cookies & Tracking Technologies

• Essential Cookies — Required for authentication and session management. Cannot be disabled.
• Functional Cookies — Remember your preferences.
• Analytics Cookies — Help us understand usage to improve functionality and performance.

You can manage cookie preferences through your browser settings.

9. Data Security

• All data transmitted is encrypted using TLS 1.2 or higher.
• Data at rest is encrypted using AES-256 encryption.
• Access to production systems is restricted and logged.
• We conduct regular security assessments and vulnerability testing.

10. Your Rights & Choices

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate data.
• Deletion — Request deletion of your personal data, subject to legal retention requirements.
• Portability — Request your data in a machine-readable format.
• Opt-Out — Unsubscribe from marketing communications at any time.

To exercise these rights, contact [email protected].

11. Children's Privacy

Our Services are intended for healthcare professionals and are not directed at children under 18. We do not knowingly collect personal information from children under 18.

12. International Data Transfers

Our Services are operated in the United States. By using our Services from outside the US, you consent to your information being transferred to, stored, and processed in the United States.

13. California Privacy Rights (CCPA)

• The right to know what personal information we collect and how it is used.
• The right to request deletion of your personal information.
• The right to opt out of the sale of personal information. We do not sell your data.
• The right to non-discrimination for exercising your privacy rights.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and updating the "Last updated" date. For significant changes, we may also notify you by email.

15. Contact Us