Privacy

Privacy policy

What we collect, why we collect it, who we share it with, and the choices you have. We do not use your session data to train AI models — yours or anyone else's.

Effective · 2026-06-03 US-only operations
On this page

Overview#

PsyFi Scribe is a clinical documentation tool used by licensed mental-health clinicians. Most of the data we handle is protected health information (PHI) belonging to a clinician's patients — and that data is governed by HIPAA and our BAA, not just this policy. This page explains how we treat data for everyone who interacts with our website or product.

This policy describes how PsyFi Technologies, Inc. ("we", "us", "PsyFi") collects, uses, and shares information when you use the PsyFi Scribe website at psyfiscribe.com, the Chrome extension, the iOS app (when available), and any related services (collectively, the "Service"). For PHI that we handle on behalf of a clinician, the controlling document is the Business Associate Agreement signed between the clinician (or their practice) and PsyFi — see our BAA page.

What we collect#

Account information you give us, content you produce inside the product (audio, transcripts, drafted notes), and usage information your browser and device automatically send. We do not buy or rent personal information about you.

Information you provide

  • Account information. Name, work email, professional license type and state, and (if you create a Team workspace) your practice name and role.
  • Billing information. Payment details are processed by our payment provider; we receive a token, the last four digits of your card, and billing-address metadata. We do not store full card numbers.
  • Support correspondence. If you contact us, we keep a record of the exchange so we can follow up.
  • Waitlist sign-ups. If you join the iOS waitlist, we keep your email until we email you about availability or you ask us to remove it.

Content you produce in the product

  • Session audio. Audio you record using the extension or app.
  • Transcripts. Generated from your audio. Identifiers are removed before any AI model drafts a note (see PHI handling).
  • Drafted notes. The SOAP, DAP, or other clinical note we generate from the de-identified transcript, plus any edits you make.
  • Session metadata. The title you give a session, its date and duration, and which note format you selected.

Information collected automatically

  • Device & browser data. Browser type, operating system, IP address (used for security and abuse detection, not for advertising), and basic device characteristics.
  • Usage telemetry. Which screens and features you used and when, so we can prioritize fixes and improvements. We do not log PHI.
  • Error reports. If the application errors, we capture the error context for debugging. PHI is scrubbed before any error reaches our monitoring vendor.

How we use it#

To provide the Service, secure it, support you, bill correctly, comply with the law, and improve the product over time. We do not use your session data to train AI models.

  • Provide the Service. Record, transcribe, draft, and store the documentation you ask us to.
  • Keep the Service secure. Detect and prevent abuse, fraud, and unauthorized access.
  • Support and operate. Respond to support requests, send service notices, and operate the platform.
  • Comply with the law. Meet our legal, regulatory, and contractual obligations, including HIPAA.
  • Improve the product. Understand which features work and which don't, using aggregated, non-identifying usage data.

What we do not do

  • We do not use your session audio, transcripts, or drafted notes to train AI models — ours or any third party's.
  • We do not sell your personal information.
  • We do not use PHI for advertising.
  • We do not use behavioral advertising on PHI-bearing pages of the Service.

How we share it#

With sub-processors we use to deliver the Service (each under a BAA where PHI is involved), with you and the workspace you belong to, and when required by law. Nothing else.

Sub-processors

We use a small number of third-party services to run PsyFi Scribe: Amazon Web Services for cloud infrastructure, Cloudflare for DNS, PostHog for non-PHI product analytics, and PsyFiGPT (operated by our parent company, PsyFi Technologies, Inc.) for SOAP-note drafting from a de-identified transcript. Transcription is performed in-house on our own infrastructure; we do not send your session audio to a third-party transcription service. The full description, including purpose and region, is on our Security page. Every sub-processor that may handle PHI is bound by a BAA with us on terms at least as protective as those in our BAA with you.

Inside your workspace

If you are a member of a Team workspace, your designated administrators can see workspace-level activity and audit logs as described in our admin documentation. Drafted notes are not shared across workspaces.

Legal disclosures

We disclose information when required by law, in response to a valid legal process, or to protect the rights, property, or safety of PsyFi, our customers, or the public. We will notify you of a legal demand for your data unless we are legally prohibited from doing so.

Business transfers

If PsyFi is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to confidentiality terms at least as protective as this policy.

Retention#

We keep what you create as long as your account is active, and we delete it on request. There are narrow exceptions for legally required records (for example, billing).

Account information is kept for the life of the account. Session content (audio, transcripts, drafted notes) is kept until you delete the session or your workspace, except where law or our BAA with you requires a different retention period. Backups roll off on the schedule described in our internal retention policy. To request deletion, see Your rights.

Your rights#

You can see, correct, export, and delete the information we hold about you. For PHI we hold on behalf of a clinician, requests from a patient go through the clinician of record.

If you are a clinician or workspace user

  • Access & export. You can export your account data and the sessions you've created from inside the product. If you need a copy in a specific format, email hello@psyfiscribe.com.
  • Correction. You can edit your profile and account information directly. For other corrections, email us.
  • Deletion. You can delete sessions and your account from inside the product. Email us if you want a full data deletion report.

If you are a patient

For PHI that PsyFi Scribe holds on behalf of your clinician, the clinician is the covered entity and is your point of contact for HIPAA access, amendment, and accounting-of-disclosures requests. We assist clinicians in responding to those requests.

State privacy rights (US)

Residents of certain US states have additional rights under their state privacy laws. Where those rights apply, you can exercise them by emailing hello@psyfiscribe.com. We do not sell personal information and do not engage in "targeted advertising" as those terms are defined under US state privacy laws.

Cookies & tracking#

We use a small number of first-party cookies to keep you signed in and to remember your preferences. We do not run third-party advertising trackers on the PHI-bearing pages of the product.

Our marketing site uses privacy-respecting analytics to understand which pages and topics are useful to visitors, in aggregate. We do not use cookies to build advertising profiles, and we do not share visitor data with advertising networks. Where required, we honor Global Privacy Control signals.

Children's data#

The PsyFi Scribe product is for licensed clinicians, not for use directly by minors. Patients seen in clinical practice may be minors; that data is governed by the clinician's BAA with us and is handled like other PHI.

The Service is not directed to children, and we do not knowingly create accounts for anyone under the age of majority in their jurisdiction. If you believe an account has been created for a minor, contact hello@psyfiscribe.com.

Changes to this policy#

We will update the effective date at the top of this page whenever we change anything material, and we will email account-holders ahead of changes that affect how we handle their data.

The current version of this policy is identified by the effective date in the header. For material changes — particularly those that expand how we use or share data — we will provide notice through the product and by email to account-holders before the change takes effect.

Contact#

hello@psyfiscribe.com

For privacy questions, data-rights requests, and complaints. PsyFi Technologies, Inc., USA.

For HIPAA-specific questions, see our HIPAA page. For security operating detail, see Security. For the BAA, see BAA.