Privacy Policy

This Privacy Policy explains how MAIE — Medical Automation Intelligent Engine ("MAIE", "we", "us") collects, uses, shares, and protects information when you use our website, applications, and related services (the "Service").

MAIE serves both individual clinicians and clinic-style Organizations. Where we process patient information on behalf of a clinic, that clinic is the data controller and MAIE acts as a data processor under applicable law.

Account information

Name, email address, phone number, professional role, organization name, and authentication credentials.

Clinical data

Patient demographics, encounter notes, voice recordings, transcripts, AI-generated SOAP drafts, attachments, and related metadata that you or your Organization submit through the Service.

Usage and device information

Log data (IP address, timestamps, browser/OS), device identifiers, performance and error telemetry, and interaction events used to operate and improve the Service.

Billing information

For paid plans, billing details (such as country, currency, and last four digits of a payment method) are collected via our payment processors. We do not store full card numbers on our servers.

• To deliver, maintain, and secure the Service.
• To run automated speech-to-text, diarization, and AI-assisted note generation on encounter audio that you submit.
• To provide customer support and to communicate with you about your account, security alerts, and Service updates.
• To detect, prevent, and respond to fraud, abuse, and security incidents.
• To comply with legal obligations.
• To improve the Service. We do not use identifiable patient data to train third-party AI models. We may use de-identified or aggregated data for analytics and to improve our own models, only where permitted by law and by your Organization's configured consent settings.

Encounter audio is processed to produce transcripts and SOAP drafts. Whether the original audio is retained depends on your Organization's consent and retention settings:

• Consent-gated retention. Audio is only retained when retention is enabled at the Organization level and the patient (or their representative) has provided the required consent.
• Encryption at rest. Retained audio is encrypted at rest.
• Default retention period. Retained audio is automatically deleted after 60 days unless your Organization configures a shorter window or applicable law requires otherwise.
• Withdrawal of consent. When consent is withdrawn, the corresponding audio is deleted from active systems on the next scheduled retention sweep.

We share information only as described below:

• Within your Organization. Patient data is accessible to authorized members of the Organization that owns it, subject to role-based permissions.
• Service providers (sub-processors). Cloud hosting, payment processing, communications, and AI inference providers that act under written agreements requiring confidentiality and security controls. A list is available on request.
• Legal and safety. Where required by law, court order, or to protect the rights, safety, or property of MAIE, our users, or the public.
• Business transfers. In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.

We do not sell personal information.

We implement administrative, technical, and physical safeguards designed to protect the information we process, including encryption in transit and at rest, role-based access control, audit logging, and regular security reviews. No system is perfectly secure; you are responsible for protecting your account credentials.

We may process information in countries other than the one in which you reside. Where required, we use appropriate safeguards, such as standard contractual clauses, to protect cross-border transfers.

Subject to applicable law, you may have rights to access, correct, delete, or export your personal information, to object to or restrict certain processing, and to withdraw consent. To exercise these rights, contact your Organization's administrator or email us at the address below. We will respond within the timeframes required by law.

We use cookies and similar technologies to keep you signed in, remember preferences, and measure usage of our website and applications. You can control cookies through your browser settings; disabling certain cookies may affect Service functionality.

The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). Patient information about minors may only be submitted by an authorized clinician through the standard clinical workflow.

We may update this Privacy Policy from time to time. If a change is material, we will provide reasonable advance notice (for example, by email or in-app notice) before the change takes effect.

Questions or requests about this Privacy Policy? Contact privacy@maie.to.