Legal
Privacy Policy
Last updated: April 7, 2026
1. Who we are
Scribely, Inc. ("Scribely", "we") is a Delaware corporation that builds an AI clinical documentation platform used by licensed healthcare providers. We are a Business Associate under HIPAA and operate under signed BAAs with every customer practice.
2. What we collect
Account data (name, work email, NPI), audio recordings of patient visits captured with consent, generated clinical notes, edits and signatures, and standard product telemetry (device, browser, IP for security purposes).
3. How we use it
Solely to provide and improve the Scribely service for the practice that captured the data. We do not train AI models on your patient data. We do not sell data. We do not use it for advertising.
4. Security
TLS 1.3 in transit, AES-256 at rest, US-only HIPAA-eligible infrastructure, SOC 2 Type I attested with Type II in progress. Audio is auto-deleted within 7 days of note finalization unless you change retention in Settings. Full audit logs are available to practice administrators.
5. Your rights
Patients may request access, correction, or deletion of their data through the treating practice. Providers may export or delete all account data at any time from Settings. We honor verified requests within 30 days.
6. Subprocessors
We use AWS (US-East), Google Cloud (US-Central), and OpenAI Enterprise (zero-retention) under signed BAAs and DPAs. The full subprocessor list is published at scribely.health/subprocessors.
7. Contact
Privacy questions: privacy@scribely.health.
Security disclosure: security@scribely.health.