EHR CopilotEHR Copilot← Back to home
Legal

Privacy Policy

Last updated: May 17, 2026

1. Introduction

EHR Copilot Inc. ("we," "us," or "our") operates ehr.life — an AI-powered clinical documentation platform built for mental health professionals. We are committed to protecting the privacy and security of all information entrusted to us, including Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA).

This Privacy Policy describes what data we collect, how we use it, and the rights you have over your information.

2. Information We Collect

  • Account Data: Name, email address, professional credentials, and billing information when you register.
  • Clinical Content: Therapy session transcripts, SOAP notes, risk assessments, and treatment plans you submit for processing. This data may constitute PHI.
  • Usage Data: Log files, device type, browser, IP address, and session duration for platform improvement.
  • Payment Data: Processed through Razorpay. We never store full card numbers or UPI credentials.

3. How We Use Your Information

  • To provide AI-generated SOAP notes, DSM-5 assessments, and clinical documentation.
  • To send transactional emails (account confirmation, payment receipts).
  • To detect security threats and prevent fraud.
  • To comply with legal obligations, including HIPAA.

Important: We do not use your clinical content to train our AI models. Your patient data is never used for any purpose beyond delivering the service you requested.

4. HIPAA Compliance

EHR Copilot operates as a Business Associate under HIPAA. We maintain appropriate administrative, physical, and technical safeguards for PHI, including:

  • AES-256 encryption at rest for all stored data.
  • TLS 1.3 encryption in transit.
  • Role-based access controls and audit logs.
  • Business Associate Agreements (BAAs) available to Pro and Team subscribers on request.

5. Data Retention

Session data is retained for 90 days by default. You may request deletion at any time by emailing privacy@ehr.life. Account data is purged within 30 days of account closure.

6. Third-Party Services

We use the following sub-processors, each bound by a data processing agreement:

  • Google Cloud / Firebase — Authentication and database infrastructure.
  • Vercel — Hosting and edge network.
  • Razorpay — Payment processing (PCI-DSS Level 1 compliant).
  • OpenAI / Gemini — AI inference (zero data retention APIs).

7. Your Rights

You have the right to access, correct, export, or delete your personal data. To exercise these rights, contact us at privacy@ehr.life. We will respond within 30 days.

8. Contact

EHR Copilot Inc.
Email: privacy@ehr.life
Website: ehr.life