Your Privacy is Paramount:
Patient data never leaves your computer. All medical transcription and AI processing happens locally on your device. We cannot see, access, or store any patient information.
1. Introduction
MediScript.ai ("we", "our", "us") is committed to protecting your privacy and ensuring GDPR compliance. This policy explains how we handle information in our service.
2. Data We Collect vs. Data We Don't Collect
Data We DO Collect (Account Data Only):
| Type of Data | Purpose | Legal Basis |
|---|
| Email address | Account access, communication | Contract fulfillment |
| Full name | Account identification | Contract fulfillment |
| Clinic/Practice name | Business identification | Contract fulfillment |
| Phone (optional) | Support communication | Consent |
| License validation data | Service activation | Contract fulfillment |
| Payment information | Subscription billing (via Stripe) | Contract fulfillment |
Data We NEVER Collect:
- Patient recordings - Stored only on your local device
- Transcriptions - Processed and stored locally
- Medical notes - Generated and saved locally
- Patient names or identifiers - Never transmitted to us
- Medical history or diagnoses - Remains on your computer
- Any clinical data - All processing is local
3. How Local Processing Works
The MediScript desktop application:
- Downloads AI models directly to your computer (one-time download)
- Processes all audio recordings locally using your computer's resources
- Generates transcriptions and medical notes without internet connection
- Stores all data in a local SQLite database on your device
- Only connects to our servers for license validation (every 14 days)
4. Data Storage and Security
Account Data (Our Servers):
- Hosted on Supabase servers in Switzerland
- Encrypted in transit (TLS/HTTPS)
- Encrypted at rest
- Daily automated backups
- Row-level security policies
Medical Data (Your Computer):
- Stored exclusively on your local device
- You control all security measures
- You decide retention periods
- You manage backups
5. Your Rights Under GDPR
For the account data we store, you have the right to:
- Access: Request a copy of your account data
- Rectification: Correct inaccurate data
- Erasure: Delete your account and associated data
- Portability: Export your account data
- Restriction: Limit processing of your data
- Object: Oppose certain data processing
To exercise these rights, contact us at privacy@mediscript.ai
6. Data Sharing
We share account data only with:
- Stripe: For payment processing (they have their own privacy policy)
- Legal authorities: Only if legally required by Norwegian or EU law
We NEVER sell, rent, or trade your information to third parties.
7. Data Retention
- Active accounts: Data retained while subscription is active
- Cancelled accounts: Account data deleted after 30 days
- Financial records: Kept for 5 years per Norwegian law
- Medical data: You control retention on your local device
8. International Transfers
Account data is stored in Switzerland (adequate GDPR protection). Payment processing through Stripe may involve US data transfers under appropriate safeguards.
9. Cookies
We use only essential cookies for:
- Session management
- Security tokens
- License validation
No tracking or marketing cookies are used.
10. Children's Privacy
MediScript.ai is intended for healthcare professionals. We do not knowingly collect data from individuals under 18 years of age.
11. Changes to This Policy
We will notify you via email of any material changes to this privacy policy at least 30 days before they take effect.
12. Data Protection Officer
For privacy concerns or to exercise your rights, contact our Data Protection Officer at privacy@mediscript.ai
Contact Information
Company: MediScript.ai
Organization Number: 935 901 308
Country: Norway
Email: privacy@mediscript.ai
Response time: Within 30 days per GDPR requirements