ScriBee Privacy Policy
Last Updated: October 5, 2025
Introduction
ScriBee Technologies Inc. (“ScriBee”, “we”, “us”, or “our”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data in accordance with applicable laws, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the Personal Health Information Protection Act (PHIPA) in Ontario, and other relevant regulations. By using our platform, you agree to the practices described here.
Contact Us
If you have any questions or concerns about this Privacy Policy or your privacy rights, please contact our Privacy Officer at:
- Email: privacy@aiscribee.com
Information We Collect
| Category | Description |
|---|---|
| General Personal Information | We do not collect names, contact details, date of birth, gender, credentials, or professional background for healthcare practitioners. |
| Payment & Claim Information | We do not collect any financial details, such as credit card and bank account information, as well as insurance data, which are used for billing and claims purposes. However, we do collect and pass information to payment collectors for our monthly subscription. |
| Health Information | Clinical notes, diagnoses, lab results, and other health data shared through our Platform by licensed healthcare providers during an encounter are pseudonymized, with clinical encounter names replaced by “Patient” and “Doctor/Provider.” |
| Device Information | To ensure the privacy of our users, we collect IP addresses, geo-location and connection data. |
| User-Provided Information | Data shared via surveys, support requests, or other interactions. |
| Business Analytics | De-identified, aggregated data used to analyze platform usage and improve services. |
| Cookies and Tracking Technologies | Cookies to enhance user experience and collect browsing data. Users can manage their cookie preferences through their browser settings. |
| Recruitment Data | During the hiring process, this includes references, background checks, and employment history. |
How We Collect Your Data
- Register for an account or log in via our platform or third-party providers like Google, Microsoft, or OAuth services.
- Communicate with us via email or form.
- Use our platform during clinical encounters, support interactions, or online content.
- Receive services through our platform or from third-party integrations with which we have agreements.
- When you sign in via Google or other providers, we only collect necessary profile data (name, email, profile picture, etc.) and do not access your email content or calendar data unless you explicitly consent.
How We Use Your Data
| Purpose | Description |
|---|---|
| Access and Authentication | To facilitate platform login and user identification, including OAuth sign-ins. |
| Service Delivery and Clinical Support | To support healthcare providers in generating clinical documentation and managing patient care. |
| Platform Improvement | To analyze usage patterns (via de-identified data) and enhance our platform. |
| Real-Time AI Processing | During clinical encounters, speech-to-text conversion and AI-powered note generation occur in real-time. Audio is processed instantly and not stored permanently. |
| Support and Communication | To notify you of important updates, service issues, or support interactions. |
| Marketing | To inform about new features (opt-out available). We do not use health or sensitive data for marketing without explicit consent. |
| Legal and Compliance | To comply with applicable laws, respond to law enforcement, or safeguard our rights. |
Explicit Consent for AI Processing
By using our platform, you explicitly consent to the processing of your health information via AI, including speech-to-text conversion, clinical note generation, and related processing in real-time, with no permanent audio recordings stored.
Sharing and Disclosing Data
- Our employees and associated affiliates for authorized purposes.
- Third-party service providers under data processing agreements ensuring Canadian or equivalent privacy standards.
- Legal and regulatory authorities as required by law, including breach notifications.
- Healthcare providers or entities with whom you have authorized sharing or who are involved in your care.
Third-Party Authentication (OAuth) Disclosure
We offer sign-on options via Google, Microsoft, or other OAuth providers. Using these services, we collect only your basic profile information for account setup and login purposes. We do not access or store your email content, contacts, or other personal data from these providers unless explicitly authorized.
Data Residency and Cross-Border Transfers
All personal health information from Canadian users is processed and stored exclusively within Canada using certified local data centers. When third-party service providers are involved, we establish agreements to ensure they comply with Canadian privacy laws, including PIPEDA and provincial obligations.
Pseudonymization and Data Minimization
During use, names and identifiers in clinical encounters are automatically replaced with “Patient” and “Doctor/Provider” to minimize the risk of re-identification. This pseudonymized data remains subject to all applicable privacy protections. We only process the minimum necessary health information for our services.
Breach Notification and Data Security
In the event of a privacy breach that poses a real risk of significant harm, we will notify the Office of the Privacy Commissioner of Canada, the applicable provincial privacy authority (e.g., Ontario’s IPC for PHIPA), and affected individuals within the required timelines (no later than 72 hours). We protect your data through:
- Secure server infrastructure with encryption (at rest and in transit).
- Access controls and regular security audits.
- Staff training on privacy and data handling.
- De-identification techniques facilitating privacy.
- Secure data retention and deletion policies.
Your Rights
- To access your personal health and other data held by us.
- To request corrections to inaccurate or incomplete data.
- To withdraw consent for specific data processing activities (including AI processing).
- To request that your data be deleted, or restrict certain disclosures under PHIPA.
- To receive detailed information regarding how your data is used.
- To lodge complaints with the Office of the Privacy Commissioner of Canada or relevant provincial authorities.
You can exercise these rights by contacting us at privacy@aiscribee.com. We will respond within 30 days, verifying your identity before processing requests.
Employee and Applicant Data
We collect and process employment-related data, including name, contact details, employment history, credentials, and background checks, in accordance with applicable employment laws.
Special Rights Under PHIPA in Ontario
- The right to restrict certain disclosures (“lockbox rights”).
- The right to access and correct your health records directly.
- The right to request that your health data not be shared with particular healthcare providers or entities.
To exercise these rights, contact us at privacy@aiscribee.com.
AI Model Training and Data Usage
We do not use any personally identifiable health information to train or improve our AI models. Instead, our systems are trained on de-identified, aggregated, or synthetic data, ensuring individual privacy is maintained.
Changes to this Privacy Policy
We may update this policy periodically. When we do, we will update the “Last Updated” date and notify you via our platform or email, as appropriate. We encourage you to review this policy regularly.
Your privacy and trust are important to us. We are committed to protecting your data and ensuring compliance with Canadian privacy laws.
Effective Date: October 5, 2025