🔒 Privacy-First Design: We do NOT store your medical notes or generated
letters. All processing is ephemeral (in-memory only). Your data cannot be retrieved
after processing completes.
1. Introduction
This Privacy Policy explains how the Medical Notes to Patient Letter Converter Plus (the "Service")
handles data. We are committed to protecting the privacy and security of medical information.
Key principle: We process data, we don't store it.
2. Information We Collect
2.1 Medical Data (Processed, NOT Stored)
- Medical Notes: Processed in-memory to generate patient letters - ❌ Never stored
- Generated Letters: Created in real-time for different audiences (standard, teen, parent) - ❌ Never stored
- Patient Information: Exists only during ~30-second processing window - ❌ Never stored
- File Uploads: Converted to text in memory, original file discarded - ❌ Never stored
- Validation Results: Created temporarily, not persisted - ❌ Never stored
3. How We Use Information
Medical notes are used exclusively to:
- Process the text through AI models
- Generate patient-friendly letters at appropriate reading levels
- Validate generated content for accuracy and safety
- Return the results to your browser
- Delete all data from memory
Data lifetime: Approximately 30-60 seconds from upload to deletion.
4. Data Storage and Retention
🗑️ Zero Persistent Storage: We maintain NO database, NO file storage,
and NO logs containing medical information.
Your data cannot be retrieved by anyone after processing, including us.
5. Data Sharing
Because we don't store data, we cannot share it. We do not:
- Sell data to third parties
- Share data with partners
- Provide data to researchers
- Allow third-party access
5.1 Third-Party Services
Cloudflare Workers AI: We use Cloudflare's AI service to process text:
- Cloudflare processes data in-memory only
- Data is not used to train AI models
- Strong security and privacy protections
6. Security Measures
- In Transit: All connections use HTTPS/TLS encryption
- At Rest: N/A (we don't store data)
- Processing: Occurs in isolated serverless environments
- Passcode Protection: Server-side authentication
7. HIPAA Considerations
Features that support HIPAA-compliant workflows:
- ✅ No persistent storage of PHI (Protected Health Information)
- ✅ Encrypted transmission (HTTPS)
- ✅ Ephemeral processing only
- ✅ No sharing with unauthorized parties
7.1 Your Responsibilities
To maintain HIPAA compliance, you should:
- Follow your organization's policies for external tool use
- De-identify patient information when possible
- Obtain patient consent for AI tool use if required
- Review all generated content before sending to patients
8. Your Rights
Because we don't store data, there is no data to access, delete, or export. Each processing
session is ephemeral.
9. Changes to Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements.
Material changes will be communicated through the Service.
10. Contact Information