Legal · Privacy

Privacy Policy

Last updated: April 29, 2026

This policy explains how MedicalCode AI ("we", "us", "our") collects, uses, and protects your personal information when you use our platform at medicalcodeai.com.

1. Information We Collect

  • Account information — When you register, we collect your name, email address, and organisation name.
  • Usage data — We log feature interactions, session duration, and error events to improve the product.
  • Clinical notes — Text you submit for coding is processed transiently and is not retained beyond the session unless you explicitly save it.
  • Payment information — Billing is handled by our payment processor (Stripe). We do not store full card numbers.
  • Communications — If you contact us we retain the content of that correspondence.

2. How We Use Your Information

  • To provide, operate, and improve the MedicalCode AI service.
  • To authenticate your identity and maintain your account.
  • To send transactional emails (e.g. receipts, password resets).
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.
  • We do not sell your personal data to third parties.

3. HIPAA Considerations

MedicalCode AI is designed to be HIPAA-aware. Clinical notes you submit may constitute Protected Health Information (PHI). We strongly recommend de-identifying patient data before submission. If your organisation requires a Business Associate Agreement (BAA), please contact us at privacy@medicalcodeai.com before processing any PHI through the platform.

4. Data Retention

Account data is retained for the lifetime of your account plus 90 days after deletion. Session-only clinical note data is purged at session end. Audit logs are retained for 12 months.

5. Data Security

All data in transit is encrypted with TLS 1.2 or higher. Data at rest is encrypted using AES-256. Access to production systems is restricted to authorised personnel and is logged. We conduct regular security reviews and vulnerability assessments.

6. Cookies and Tracking

  • Session cookies — Used to keep you signed in during a browsing session.
  • Preference cookies — Used to remember your colour mode (light/dark) setting.
  • Analytics — We may use privacy-respecting analytics to understand aggregate product usage. No individual-level tracking data is sold or shared.

7. Third-Party Services

  • Google OAuth — Sign-in via Google is subject to Google's Privacy Policy.
  • Stripe — Payment processing is subject to Stripe's Privacy Policy.
  • Anthropic / Google Gemini — LLM inference providers. Clinical note content may be sent to these APIs during processing; their data-handling policies apply.

8. Your Rights

  • Access — You may request a copy of the personal data we hold about you.
  • Correction — You may update inaccurate personal data via your account settings or by contacting us.
  • Deletion — You may request deletion of your account and associated data.
  • Portability — You may request an export of your data in a machine-readable format.
  • To exercise any of these rights, email privacy@medicalcodeai.com.

9. Children's Privacy

MedicalCode AI is intended for healthcare professionals and organisations. We do not knowingly collect personal information from individuals under the age of 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, notify you by email or via an in-app banner.

11. Contact Us

Questions about this policy? Contact us at privacy@medicalcodeai.com or write to: MedicalCode AI, medicalcodeai.com.