Effective: November 1st, 2024

Introduction

CliniScripts (“Company,” “we,” “our,” or “us”) is fully committed to protecting your privacy and ensuring the security of your information. This Privacy Policy outlines how we handle your data when you use our website (the “Site”), CliniScripts web platform, and CliniScripts mobile app. By using our Site or services, you acknowledge and agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our services.

No Data Collection

We want to make it explicitly clear that CliniScripts does not collect, store, or share any of the following information:

• No Personal Information: We do not collect any personal, health, or identifiable information from our users.
• No IP Address Tracking: We do not track or log users’ IP addresses or any other browsing data.
• No Audio or Text Storage: Audio streams, the transcribed text, or summarized notes are processed in real-time and are never stored beyond the immediate session.
• No Cookies or Tracking Technologies: We do not use cookies or any tracking tools that could gather personal data except during the session to ensure that in case your wifi or session breaks, your recording is not lost (for max. up to 3 hours within your computer linked to your IP address)

Information Processing

• Real-Time Processing: Any audio or data provided by the user is processed in real-time solely for the purpose of providing immediate transcription and summarization services.
• No Retention: Once the session ends, all processed data is permanently deleted.

Data Sharing

• No Third-Party Sharing: CliniScripts does not share any information with third parties, advertisers, or affiliates under any circumstances.

• Legal Compliance: Since we do not collect data, there is no personal information that can be disclosed to legal authorities.

Security Measures

• Encryption: Industry-standard encryption is used during data transmission to ensure security.
• Compliance: Our operations are fully compliant with HIPAA and PHIPA regulations, even though no personal health information (PHI) is collected.

User Consent

By using our services, you acknowledge that CliniScripts does not collect, store, or share any personal or health information. You may discontinue use at any time without any impact on your privacy.

Google User Data

Cliniscripts integrates with Google Calendar to provide scheduling functionality. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Data We Access

When you connect your Google account to Cliniscripts, we request the following OAuth scopes:

• .../auth/userinfo.email— your Google account email address, used solely to identify which Google account is connected to your Cliniscripts account.
• .../auth/calendar.events— read and write access to events on your primary Google Calendar.

How We Use This Data

The data is used exclusively to provide the features you have enabled in the Cliniscripts Calendar Integration settings:

• Import only: We read events from your Google Calendar and display them in Cliniscripts so you can see all scheduling in one place. Events from Google are shown as read-only.
• Export only: When you create, update, or cancel an appointment in Cliniscripts, we write the corresponding change to your Google Calendar.
• Two-way sync: Both of the above.

• Mark events as “Busy” only (no titles or details)
• Replace patient names with generic placeholders such as “Therapy appointment”
• Show imported external events as “Busy” only inside Cliniscripts

How We Share This Data

We do not sell, rent, or share Google user data with any third party for advertising, analytics, or marketing purposes. We do not use Google user data to train any AI or machine learning model. The only entities that ever see your Google user data are:

• Google itself (the source of the data)
• Cliniscripts servers (which process the data on your behalf)
• You (the authenticated user)

Cliniscripts is a clinical scribe product subject to HIPAA and PHIPA style confidentiality obligations; we contractually undertake not to repurpose protected information.

How We Store and Protect This Data

• OAuth access tokens and refresh tokens are encrypted at rest using AES encryption before being written to our database (Google Cloud Firestore).
• Tokens are stored only on our backend servers and are never sent to the user’s browser or any client device.
• All traffic between your browser, our servers, and Google’s APIs is transmitted over HTTPS (TLS 1.2+).
• Access to our production database is restricted to authorized engineering personnel, audited, and protected by multi-factor authentication.
• Calendar events imported for display are not persisted server-side; they are fetched live from Google Calendar each time the calendar view is loaded.
• Appointments you create in Cliniscripts (which we write to Google Calendar) are stored in our database alongside your other Cliniscripts data.

Data Retention and Deletion

• Disconnect at any time: You can disconnect Google Calendar from inside the Cliniscripts app at any time (Calendar → Calendar Integration → Manage → Disconnect). When you disconnect, Cliniscripts immediately calls Google’s token revocation endpoint to invalidate the OAuth grant, and deletes the encrypted tokens from our database. Cliniscripts can no longer access your Google data from that moment on.
• Account deletion: If you delete your Cliniscripts account, all associated data — including any remaining Google tokens, calendar metadata, and appointments is deleted from our systems. To request account deletion, contact us at support@cliniscripts.com.

Changes to This Policy

CliniScripts reserves the right to update this Privacy Policy. Significant changes will be communicated via the Site or email notifications.

Contact Information

If you have any questions about this Privacy Policy, please contact us at:

Email: CliniScripts@markitech.ca

Address: 3245 Daisy Way, Oakville, ON, L6M 1R1, Canada

Phone: +1 (844) 462-7548 | +1 (416) 684 2678