ScrybeX ScrybeX
Start Free Trial
Legal

Privacy Policy

Effective date: April 15, 2026

1. Introduction

ScrybeX ("we," "our," or "us") is committed to protecting the privacy and security of your information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the ScrybeX platform, website, and related services (collectively, the "Service").

2. Information We Collect

Account Information

When you register for ScrybeX, we collect your name, email address, professional discipline, and organization name. Payment information is processed securely through Stripe and is not stored on our servers.

Clinical Data (Protected Health Information)

ScrybeX processes clinical documentation that may contain Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA). This includes patient names, diagnoses, treatment notes, and other clinical data entered by licensed therapists. All PHI is encrypted at rest and in transit.

Usage Data

We collect audit logs of how you interact with the Service, including login events, note generation, and document exports. This data is used for security, compliance, and service improvement.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To generate clinical documentation based on your input
  • To process payments and manage your subscription
  • To maintain HIPAA-required audit trails
  • To communicate with you about your account and the Service
  • To detect, prevent, and respond to security incidents

4. HIPAA Compliance

ScrybeX is built on AWS infrastructure under a signed Business Associate Agreement (BAA). We implement administrative, physical, and technical safeguards to protect PHI including:

  • Field-level encryption on all PHI database columns using AWS KMS customer-managed keys
  • TLS 1.2+ encryption for all data in transit
  • S3 server-side encryption (SSE-KMS) for all stored files
  • Append-only audit logging for all PHI access events
  • Role-based access controls limiting data access to authorized users
  • Automatic session timeout after 30 minutes of inactivity

5. Data Sharing and Disclosure

We do not sell your personal information or PHI. We may share information only in the following circumstances:

  • Service providers: We use AWS (cloud infrastructure), Stripe (payment processing), and Anthropic via AWS Bedrock (AI generation) — all under applicable BAAs where required
  • Legal requirements: When required by law, subpoena, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets

6. Data Retention

Clinical documentation and audit logs are retained for a minimum of six (6) years in accordance with Medicare documentation retention requirements. You may request deletion of your account data by contacting us, subject to legal retention obligations.

7. Your Rights

You have the right to:

  • Access your personal information and clinical data
  • Request correction of inaccurate information
  • Request deletion of your account (subject to retention requirements)
  • Receive a copy of your data in a portable format
  • Opt out of non-essential communications

8. Security

We implement industry-standard security measures to protect your information. No method of electronic transmission or storage is 100% secure, but we strive to use commercially acceptable means to protect your data. All PHI is encrypted at rest and in transit, and we never log PHI to application logs.

9. Third-Party Services

ScrybeX does not use third-party analytics services (such as Google Analytics or Mixpanel) on pages where PHI may be visible. AI generation is performed exclusively through AWS Bedrock, which is covered under our AWS BAA. We do not send PHI to any AI provider without a BAA.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

ScrybeX
Email: privacy@scrybeapp.com
Support: scrybeapp.com/support