Effective Date: March 1, 2025 · Last Updated: March 11, 2026
PT Documentation AI ("we," "us," or "our") is operated by Pluto Biz Solutions. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our clinical documentation platform at ptdocai.com (the "Service").
We are committed to protecting the privacy of our users and the patients whose information may be discussed during use of the Service. Please read this policy carefully. By using the Service, you agree to the practices described herein.
Account Information: When you register, we collect your name, email address, and authentication credentials.
Voice Recordings and Transcriptions: Audio recordings you submit for transcription are processed by our AI transcription service (Whisper API) and are stored temporarily to generate your SOAP note. Recordings are associated with your account and are not shared with third parties for any purpose other than transcription.
Clinical Documentation: SOAP notes, patient names, diagnoses, visit dates, and other clinical context you enter are stored in your account and are accessible only to you.
Usage Data: We collect standard server logs including IP addresses, browser type, pages visited, and timestamps to maintain and improve the Service.
Payment Information: Subscription payments are processed by Stripe. We do not store full credit card numbers. We retain only the Stripe customer ID and subscription status necessary to manage your account.
We use the information we collect to:
We do not sell, rent, or share your personal information or patient data with third parties for marketing purposes.
PT Documentation AI is designed to be used in conjunction with a signed Business Associate Agreement (BAA). If you are a covered entity or business associate under HIPAA, you must execute a BAA with us before entering any Protected Health Information (PHI) into the Service.
We implement administrative, physical, and technical safeguards consistent with HIPAA requirements to protect PHI, including encryption in transit (TLS 1.2+) and at rest, access controls, and audit logging.
You are responsible for ensuring that your use of the Service complies with HIPAA and any other applicable healthcare privacy laws. We recommend using patient initials or identifiers rather than full names wherever possible.
We retain your account data and clinical documentation for as long as your account is active or as needed to provide the Service. Voice recordings are retained for 90 days after generation of the associated SOAP note, after which they are permanently deleted. You may request deletion of your data at any time by contacting us at [email protected].
We use the following third-party services to operate the platform:
Each of these providers has their own privacy policies and data processing agreements. We have data processing agreements in place with each provider as required.
We use industry-standard security measures including TLS encryption for all data in transit, encrypted storage, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
You have the right to:
To exercise these rights, contact us at [email protected].
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the application. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, please contact us at: