Privacy Policy

Last updated: December 3, 2024

DocuHero LLC is committed to protecting your privacy and the security of your healthcare data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, organization details, and payment information.

Healthcare Documentation

We process voice recordings and transcribed documentation that you create using our service. This may include Protected Health Information (PHI) as defined by HIPAA.

Usage Data

We collect information about how you use our service, including features accessed, time spent, and technical data such as IP address, browser type, and device information.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our transcription and documentation services
  • Process your voice recordings and generate compliant documentation
  • Communicate with you about your account and service updates
  • Ensure HIPAA compliance and maintain security standards
  • Analyze usage patterns to improve our AI models and features
  • Prevent fraud and maintain the security of our platform
  • Comply with legal obligations and regulatory requirements

3. HIPAA Compliance

DocuHero LLC is designed to be HIPAA compliant. We implement administrative, physical, and technical safeguards to protect PHI, including:

  • End-to-end encryption for all data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security audits and risk assessments
  • Employee training on HIPAA compliance and data security
  • Business Associate Agreements (BAA) with covered entities
  • Secure data centers with SOC 2 Type II certification

4. Data Sharing and Disclosure

We do not sell your personal information or PHI. We may share your information only in the following circumstances:

  • With your consent: When you explicitly authorize us to share information
  • Service providers: With trusted third parties who assist in operating our service (under strict confidentiality agreements)
  • Legal compliance: When required by law, court order, or governmental regulation
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with continued privacy protection)
  • Protection of rights: To protect our rights, privacy, safety, or property, and that of our users

5. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication (MFA) options
  • Regular security audits and penetration testing
  • Automated backup and disaster recovery systems
  • Access logging and monitoring

6. Data Retention

We retain your data according to your subscription plan and applicable legal requirements:

  • Solo Provider: 30-day document retention
  • Professional: 1-year document retention
  • Agency: 7-year retention (HIPAA compliance)

After the retention period, data is securely deleted unless legally required to retain it longer.

7. Your Rights

You have the right to:

  • Access your personal information and documentation
  • Correct inaccurate or incomplete information
  • Request deletion of your data (subject to legal retention requirements)
  • Export your data in a machine-readable format
  • Opt-out of certain data collection and processing
  • Receive an accounting of PHI disclosures
  • File a complaint with us or regulatory authorities

To exercise these rights, contact us at legal@docuhero.io

8. Cookies and Tracking

We use cookies and similar technologies to improve user experience, analyze usage, and maintain security. You can control cookie preferences through your browser settings.

9. Third-Party Services

Our service may integrate with third-party applications and services. These third parties have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of third parties.

10. Children's Privacy

DocuHero LLC services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your data is primarily stored in secure data centers located in the United States. If you access our service from outside the US, your information may be transferred to, stored, and processed in the US where our servers are located.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We will also send you an email notification for significant changes.

13. Breach Notification

In the event of a data breach involving PHI, we will notify affected individuals and relevant authorities in accordance with HIPAA breach notification requirements, typically within 60 days of discovery.

14. Contact Us

For questions about this Privacy Policy or our privacy practices, please contact us at:

Company: DocuHero LLC

Email: legal@docuhero.io

Location: Atlanta, Georgia

Read our Terms of Service →