Privacy Policy
Privacy at a Glance
- Audio is encrypted in transit, processed instantly, and never stored on any server
- Protected Health Information (PHI) is automatically redacted before cloud processing
- Our backend is stateless - we don't store transcripts or clinical notes
- We never sell your data to third parties
- You control your data and can delete it at any time
1. Introduction
Shepard Health ("we," "our," or "us") is committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the Shepard mobile application ("the App").
As a clinical documentation tool used by healthcare professionals, we understand the critical importance of protecting Protected Health Information (PHI) and maintaining HIPAA compliance. This policy reflects our commitment to privacy by design.
2. Information We Collect
2.1 Information You Provide
- Account Information: Email address, name, professional credentials, specialty, and role (e.g., attending, resident)
- Subscription Information: Payment is processed through Apple App Store or Google Play; we receive subscription status but not payment card details
- Preferences: App settings, specialty preferences, and documentation preferences
2.2 Information Processed Locally
- Audio Recordings: Securely transmitted for transcription, then immediately discarded; never stored on any server
- Transcripts: PHI is automatically redacted before note generation
- Clinical Notes: Stored locally or, for paid subscribers, encrypted in cloud storage
2.3 Information Collected Automatically
- Device Information: Device type, operating system, unique device identifiers
- Usage Data: Features used, session duration, crash reports (no clinical content)
- Log Data: IP address, access times, app version (for troubleshooting only)
3. How We Protect Patient Information
3.1 Secure Audio Processing
Audio is securely transmitted over encrypted connections for transcription, then immediately discarded. No audio files are ever stored on our servers or retained by any processing service.
3.2 Automatic PHI Redaction
Before any text is sent for AI processing, our client-side redaction engine automatically identifies and removes:
- Patient names and identifiers
- Dates of birth and ages
- Addresses and phone numbers
- Medical record numbers
- Social Security numbers
- Other identifying information as defined by HIPAA
Redacted information is replaced with tokens (e.g., [PATIENT_NAME], [DOB]) that are never stored or transmitted.
3.3 Stateless Backend
Our server processes de-identified text in real-time and does not retain transcripts, notes, or any clinical content after processing is complete. Only non-clinical metadata (e.g., word count, processing time) may be logged for service improvement.
4. Data Storage and Retention
| Data Type | Storage Location | Retention Period |
|---|---|---|
| Audio recordings | Your device only | Until you delete them |
| Local notes | Your device only | Until you delete them (or auto-delete if enabled) |
| Cloud-saved notes (paid) | Encrypted cloud storage | Until you delete them |
| Account information | Our secure servers | Until account deletion |
| Usage analytics | Our secure servers | 24 months |
5. How We Use Information
We use the information we collect to:
- Provide and maintain the App's functionality
- Process your subscription and provide customer support
- Improve our AI models using de-identified, aggregated data only
- Send important service updates and security alerts
- Comply with legal obligations
We never:
- Sell your personal or clinical data to third parties
- Use identified patient data for marketing
- Share clinical content with advertisers
6. Third-Party Services
We use the following third-party services:
- OpenAI: For AI-powered note generation (receives only de-identified text)
- Apple/Google: For app distribution and payment processing
- Cloud Infrastructure: For secure, encrypted data storage
All third-party processors are bound by data processing agreements and are required to maintain appropriate security measures.
7. Your Rights and Choices
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Delete your account and associated data
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
To exercise these rights, contact us at privacy@shepard.health.
8. Security Measures
We implement industry-standard security measures including:
- End-to-end encryption for data in transit (TLS 1.3)
- AES-256 encryption for data at rest
- Multi-factor authentication for accounts
- Regular security audits and penetration testing
- Access controls and audit logging
9. HIPAA Compliance
While Shepard is designed with privacy-first principles that minimize PHI exposure, we understand that healthcare organizations may have additional compliance requirements.
For organizations requiring a Business Associate Agreement (BAA), please contact us at compliance@shepard.health.
10. Children's Privacy
The App is intended for use by licensed healthcare professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.
11. International Data Transfers
Your information may be processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where required.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes through the App or by email. Your continued use of the App after such changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us:
Email: privacy@shepard.health
Data Protection Officer: dpo@shepard.health