← Back to Guide

Data Handling and Privacy

Data flow, minimization, retention, and storage.

What data is sent to the backend and when

• Login: Google OAuth returns your basic profile to issue a session token.
• Audio: When recording or uploading, audio is sent to secure cloud storage via short‑lived signed URLs or resumable uploads.
• Transcription: The backend reads the stored audio to produce a transcript.
• Notes: The transcript (plus optional user context, doctor type, detail level) is sent for note generation.
• Billing: SOAP note details, age, visit type, duration, diagnosis text, and brief context are sent to generate codes.
• Medications: Age (years), weight (kg), and indications are used for RAG search and suggestions; plan text may be sanitized and included to improve relevance.

PHI minimization in LLM calls

• Only the minimum text needed for the task is sent.
• Medication suggestion flows sanitize PLAN text to remove emails/phones/IDs.
• Pediatric suggestions/dosing use age, weight, and indications rather than identifiable details.

Temporary storage, retention, and auto‑deletion

• Audio and chunks use short‑lived signed URLs; bucket lifecycle can auto‑delete after a set period.
• Transcription artifacts and temporary files are short‑lived and cleaned up during processing.

Browser storage and what’s encrypted

• Encrypted: transcript, note, edited transcript, context, patient age, visit type, diagnoses, visit context, billing results, full transcript.
• Encryption: AES‑256 with a user‑specific key derived from your session; encrypted values are prefixed for detection.
• On session expiry: encrypted PHI is hidden/cleared until you re‑authenticate; optional session recovery restores PHI safely after login.