Privacy Policy

Last Updated: October 19, 2025

1. Introduction

Welcome to Atibba ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered medical scribing and healthcare platform.

As a healthcare technology provider, we are fully compliant with the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and other applicable privacy regulations.

2. Information We Collect

2.1 Protected Health Information (PHI)

We collect and process Protected Health Information as defined by HIPAA, including but not limited to:

  • Patient demographic information (name, date of birth, contact information)
  • Medical history and current health conditions
  • Clinical encounter transcriptions and recordings
  • Treatment plans and medications
  • SOAP notes and medical documentation
  • Laboratory results and diagnostic information

2.2 Account Information

When you create an account, we collect:

  • Name and professional credentials
  • Email address and phone number
  • Practice or organization information
  • Login credentials (securely encrypted)

2.3 Usage Information

We automatically collect certain information about your device and how you interact with our platform:

  • IP address and device identifiers
  • Browser type and version
  • Usage patterns and feature interactions
  • Access logs and timestamps

3. How We Use Your Information

We use the collected information for the following purposes:

  • Medical Documentation: To provide AI-powered transcription, SOAP note generation, and clinical documentation services
  • Healthcare Delivery: To facilitate appointment scheduling, triage assessment, and patient care coordination
  • Platform Improvement: To enhance our AI models, improve accuracy, and develop new features (using only de-identified data)
  • Security and Compliance: To maintain HIPAA compliance, detect fraud, and ensure platform security
  • Communication: To send service-related notifications, updates, and support messages
  • Legal Obligations: To comply with applicable laws, regulations, and legal processes

4. Information Sharing and Disclosure

We do not sell your personal or health information. We may share information only in the following circumstances:

  • Healthcare Operations: With authorized healthcare providers within your practice or organization
  • Business Associates: With HIPAA-compliant service providers who assist in delivering our services (under signed Business Associate Agreements)
  • Legal Requirements: When required by law, court order, or government regulation
  • Patient Authorization: With third parties when you have provided explicit consent
  • Emergency Situations: When necessary to prevent serious harm or protect public health

5. Data Security

We implement robust security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access controls and multi-factor authentication
  • Audit Logs: Comprehensive logging and monitoring of all data access
  • Regular Audits: Periodic security assessments and penetration testing
  • SOC 2 Compliance: Annual SOC 2 Type II certification
  • Disaster Recovery: Regular backups and business continuity planning

6. Your Privacy Rights

Under HIPAA and applicable privacy laws, you have the right to:

  • Access: Request access to your health information
  • Amendment: Request corrections to inaccurate information
  • Accounting: Receive an accounting of disclosures of your PHI
  • Restriction: Request restrictions on certain uses and disclosures
  • Confidential Communications: Request communications through alternative means
  • Breach Notification: Be notified in the event of a breach of your PHI
  • Data Portability: Obtain a copy of your data in a structured format

To exercise these rights, please contact us at privacy@atibba.com

7. Data Retention

We retain your information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal and regulatory requirements (typically 6-7 years for medical records)
  • Resolve disputes and enforce our agreements

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention policy.

8. Children's Privacy

Our platform is designed for use by healthcare professionals and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children, except as part of medical records managed by authorized healthcare providers.

9. International Data Transfers

Your information is processed and stored in secure data centers located in the United States. If you access our services from outside the United States, you acknowledge that your information may be transferred to, stored, and processed in the United States in accordance with this Privacy Policy and applicable law.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending email notifications for significant changes

11. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:

Atibba Medical Scribing

Privacy Officer

Email: privacy@atibba.com

Phone: +1 (555) 632-1599

Address: [Your Business Address]

12. Compliance and Certifications

Atibba maintains the following compliance certifications:

  • HIPAA Compliant
  • HITECH Act Compliant
  • SOC 2 Type II Certified
  • GDPR Ready (for applicable international users)