Privacy Policy

1. Introduction

Sampson Scribe ("Sampson," "we," "us," or "our") is a medical documentation tool designed for healthcare providers. This Privacy Policy explains how we collect, use, store, and protect information when you use our mobile application and web service (collectively, the "Service").

By using Sampson, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Authentication credentials (securely hashed)
• Account preferences and settings (e.g., custom physical-exam template)

2.2 Audio Recordings

When you use Sampson to document patient encounters, we temporarily collect:

• The audio recording of your dictation (transient — see retention below)
• The transcription generated from that recording
• The clinical note generated from the transcription

Audio retention: Audio files are uploaded to a private, encrypted S3 bucket for processing, then permanently deleted within 48 hours. We do not retain raw audio long-term, and we do not copy audio to any other system for analysis or training.

2.3 Patient Information

The clinical notes you create may contain patient information that you dictate, including:

• Patient demographics (age, gender)
• Chief complaints and symptoms
• Medical history, medications, and allergies
• Physical examination findings
• Diagnostic results and clinical assessments

These notes live in your private Sampson account and are visible only to you. They are not used to train any model, are not aggregated, and are not analyzed by anyone other than you.

You are responsible for ensuring that any patient information you input complies with applicable healthcare privacy regulations (such as HIPAA in the United States).

2.4 Operational & Compliance Logging

We automatically collect a small amount of technical metadata required to operate the Service safely and to meet HIPAA audit-trail obligations:

• Device type, operating system, and app version
• Crash reports and uncaught errors (via Sentry, with text content masked)
• Audit-log entries for each note generation: timestamp, your user ID, the patient ID, model used, token counts, and timing information — required for HIPAA-style access logging
• Per-account usage counters (number of notes generated, last-active date) for billing/quota and abuse prevention
• Transcription quality metadata (overall confidence score, word count) so the app can flag potentially unreliable transcripts back to you

None of the above contains the text of your transcripts or notes. This logging exists to keep the Service running and to satisfy compliance — not to study your content.

2.5 What We Do Not Collect by Default

Unless your account has explicitly opted in, the following are never saved to any analytics, training, or aggregation store:

• Note text deltas (what you edited and what the AI originally generated)
• Individual flag dismissals or corrections
• Transcript text outside your own patient record
• Per-encounter audio retention beyond the 48-hour processing window

These are gated server-side by a feature flag (dataCollection) that is disabled for every account by default. Even if a client mistakenly sends this data, the server discards it for non-opted-in users.

3. How We Use Your Information

We use the collected information only to:

• Provide and maintain the Service
• Transcribe your audio recordings into text (transient — deleted within 48 hours)
• Generate clinical documentation from your dictations
• Sync your notes across your own devices
• Send you service-related notifications (e.g., "Note ready")
• Investigate crashes and operational errors
• Respond to your support requests
• Detect and prevent fraud or abuse
• Satisfy our HIPAA audit-logging obligations

We do not train AI models on your data. Your audio recordings, transcriptions, and clinical notes are never used to train AI models — ours or any third party's. We have data-processing addendums with our AI vendors (OpenAI, Deepgram) that explicitly prohibit them from using your content for model training. See Section 5 for vendor details.

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored using the following services:

• Firebase (Google Cloud) - Authentication and database storage
• Amazon Web Services (AWS) - Temporary audio file storage and processing

We store your data with infrastructure providers (AWS and Google Cloud/Firebase) that maintain SOC 2 compliant data centers located in the United States.

4.2 Security Measures

We implement industry-standard security measures:

• Encryption in transit (TLS/SSL) for all data transfers
• Encryption at rest for stored data
• Secure authentication with Firebase Auth
• Access controls limiting data access to authorized personnel
• Regular security audits and monitoring

4.3 Data Retention

• Audio recordings: Deleted within 48 hours of processing
• Clinical notes & transcripts: Retained in your private Sampson account until you delete them or close your account. Notes are never copied or moved out of your account for any other purpose.
• Operational / HIPAA audit logs: Timestamps, user IDs, patient IDs, and model-call metadata are retained for 6 years to meet HIPAA audit-log retention requirements. These logs never contain the text of your transcripts or notes.
• Account data: Retained while your account is active
• Custom instruction history: Retained for up to 10 years for compliance, security, and legal defense purposes (see Terms of Service Section 9)
• Quality-improvement data (opt-in only): If you have explicitly opted in (see Section 2.5), correction events and edit deltas may be retained indefinitely. By default this is disabled for every account.

Account Deletion: If you close your account, we delete your clinical notes and personal profile, but we retain HIPAA audit-log records and custom instruction audit records (including your email and user ID) for the retention periods described above to protect against legal claims and maintain system integrity.

5. Third-Party Services

We use the following third-party services to provide the Service:

6. Your Rights

You have the right to:

• Access: Request a copy of your data
• Correction: Update or correct your information
• Deletion: Delete your notes or close your account entirely
• Data Portability: Export your notes in a standard format
• Withdraw Consent: Stop using the Service at any time

To exercise these rights, contact us at contact@sampsonscribe.ai.

7. Healthcare Provider Responsibilities

Sampson is a documentation tool designed for licensed healthcare providers. As the user, you are responsible for:

• Ensuring your use of Sampson complies with applicable laws and regulations
• Reviewing and verifying all generated clinical notes before use
• Obtaining any required patient consents for recording
• Maintaining appropriate safeguards for patient information
• Recognizing that Sampson is a documentation-assistance tool only and does not provide clinical recommendations, diagnoses, or decision support; all clinical decision-making remains your sole responsibility

Sampson operates as a Business Associate under HIPAA when processing Protected Health Information on behalf of healthcare providers (Covered Entities). We maintain signed Business Associate Agreements (BAAs) with all third-party subprocessors that handle PHI. A BAA is available to customers upon request. To request a BAA, contact us at admin@sampsonscribe.ai.

8. Children's Privacy

Sampson is intended for use by healthcare professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: