WARNING: Using subQdocs may lead to unprecedented efficiency, improved patient care, and an unexpected sense of joy about documentation.

Sign Up

subQdocs Privacy Notice

Last Updated: April 24, 2025

Introduction

subQdocs, LLC (“subQdocs,” “we,” “us,” or “our”) is committed to protecting the privacy of both our users and the patients whose personal data we process while providing our Services. When we use terms like “you” and “your,” we’re referring to you as a user of our Services. This Privacy Notice explains how we collect, use, disclose, and handle personal data while providing the Services. Such personal data includes information about you while you use the Services and the Protected Health Information (PHI) of the patients processed on your behalf through the Services.
“Services” means our proprietary software as a service platform, including the recording and transcription of patient interactions, the AI-based documentation and support of clinical workflows, and your use of the Services.

By downloading, accessing and/or using the Services, you agree to the terms of this Privacy Notice and the accompanying User Agreement, which incorporates our Business Associated Agreement (BAA) governing our handling of PHI.

1. Scope & Applicability

This Notice applies to all personal data collected through your use of the Services, including through our web and mobile applications.

2. HIPAA Compliance & Legal Basis

subQdocs operates as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. We process Protected Health Information (PHI) solely on behalf of, and under the instruction of, Covered Entities pursuant to a signed BAA, incorporated within our User Agreement. Our collection, use, and disclosure of PHI are limited to those activities permitted or required by the BAA and applicable law. You are responsible for obtaining valid patient consent for audio recording and AI-based documentation processing and creation.

3. Personal Data We Collect

While providing the Services, we may collect the following types of information.

User Information

including name, email address, role, and contact information, medical license numbers and credentials, and login credentials and activity logs

Patient PHI

that is processed on your behalf including patient demographics, visit details, medical history, audio recordings, transcriptions, and documentation, images captured during visits, and provider-generated content including personal and visit notes

Integration Data

including data pulled from electronic medical records (EMRs) or office systems during integration, and data pushed back to EMRs, billing, prescription, and lab systems

System Usage

Data including IP address, browser type, device identifiers, session logs, and app interaction data

4. How We Use and Disclose Personal Data

We may use and share the personal data we collect from you as follows.

Provide the Services to you

including delivering AI-enabled documentation and visit previews, assisting with documentation during live encounters, routing information to integrated systems (EMR, lab, Rx, etc.), providing analytics, summaries, and quality assurance support, monitoring, supporting, analyzing, and improving your customer experience, and creating de-identified data in accordance with HIPAA de-identification standards (which is no longer PHI) to improve the Services

Support our day-to-day business operations

including maintaining internal business records and reporting, performing accounting, auditing, and payment collection functions, engaging in business planning, internal reporting, customer relationship management, communicating with you about your account, Services updates, and our products or services that may be relevant to your professional practice, administering our systems and networks, and executing corporate transactions, such as mergers and acquisitions

Manage legal and operational risks

including conducting troubleshooting, audits, billing, and fraud and security monitoring, and meeting our legal obligations

Market our products and services

including those that may be of interest to you, as permitted by applicable law, and evaluating the efficacy of our marketing efforts

We do not use PHI for marketing purposes.

Disclose your personal data

with third party contractors, service providers, and Business Associates (as permitted by the BAA) that assist us in providing the Services and conducting our business operations (e.g., cloud hosting, data analytics, AI service providers) subject to contractual safeguards, with subsidiaries, affiliates or other companies under common control with us, in the context of an actual or prospective business transaction, and as required by law or legal process (e.g., subpoena, court order) or to protect the rights, property, or safety of subQdocs, our users, patients, or others. The sharing of PHI with any third party will strictly adhere to the terms of our BAA with you and applicable law.

5. Data Security

We have a robust data security program that uses appropriate technical, administrative, and physical controls to protect your personal data against accidental or unlawful destruction, loss, disclosure, alteration or use. This includes measures such as encryption, access controls, and regular security assessments.

6. Retention & Deletion of Personal Data

We retain personal data for as long as necessary to fulfill the purposes outlined in this Notice, provide the Services to you under the User Agreement and BAA, and comply with legal obligations. While you may have tools to manually delete patient records or configure automatic deletion within the Services (e.g., 30-day retention), ultimate retention periods for PHI are subject to the requirements of the BAA, your instructions as the Covered Entity, and applicable legal or professional record-keeping obligations. Audio recordings are temporarily stored to generate visit notes and are deleted once the documentation process is completed.

7. Subprocessors & Third Parties

We use third-party vendors and subprocessors to help provide the Services, such as cloud infrastructure providers, AI model providers, and customer support tools. We take reasonable measures (including contractual agreements like BAAs where required) to ensure these third parties adhere to the privacy and security standards established in this Notice, our User Agreement, and applicable law.

8. AI Model Use & Improvement

  • You maintain full responsibility for clinical decisions made using AI outputs.
  • We do not use PHI to train AI models. We may enhance our use of AI using data deidentified to HIPAA standards.

9. Responsibilities of Our Customers

You are responsible for using the Services in compliance with this Notice, our User Agreement, and applicable law.

10. International Use

The Services are operated in the US and are intended for use in accordance with US law, including HIPAA. If accessed internationally, you acknowledge that your data will be processed and stored in the US. We may access or transfer personal data outside of the US in compliance with this Notice, our User Agreement, and applicable law.

11. Your Rights

Depending on your role and jurisdiction, you may have rights in your own personal data to:

  • View or correct your personal data
  • Request deletion of certain records
  • Object to processing (in limited circumstances)

If you wish to exercise privacy rights under applicable law, please contact us using the details in the Contact Us section below. We will respond to your request in the manner prescribed by law, including your right not to be discriminated against for exercising these rights. Please note, rights concerning Patient PHI (such as access, amendment, and accounting of disclosures) are governed by HIPAA and must be exercised directly by the patient through you, the Covered Entity who controls the patient’s medical record.

12. Children’s Privacy

The Services are intended for use by licensed healthcare professionals and are not directed at children under 18. Any personal data, including PHI, collected through the Services pertaining to minor patients must be collected only after you have obtained legally valid consent or authorization from the minor’s parent or legal guardian, as required by applicable law (including state-specific minor consent laws).

13. Changes to this Notice

We may update this Notice. You will be notified through the Services or by email if material changes are made.

14. Contact Us

You may contact us with questions about this Notice or our use of personal data related to the Services by mail or email at:

subQdocs, LLC

610 N Main

Richfield, UT 84701

Attn: Chief Privacy Officer

privacy@subqdocs.ai