Transcribe Health Logo

Transcribe Health

Privacy Policy

Our commitment to protecting your personal information and healthcare data in compliance with HIPAA, GDPR, PIPEDA, and other applicable privacy regulations.

Last Updated: March 9, 2026 | Version 1.1

PRIVACY POLICY

Transcribe Health Corporation

Effective Date: December 1, 2024 Last Updated: March 9, 2026

1. INTRODUCTION AND ACCEPTANCE

This Privacy Policy ("Policy") constitutes a legally binding agreement between you and Transcribe Health Corporation, a corporation incorporated under the federal laws of Canada ("Transcribe Health," "Company," "we," "us," or "our"), governing the collection, use, disclosure, and protection of information through our AI-powered medical transcription and clinical documentation platform, including all associated services, software, applications, APIs, and websites (collectively, the "Services").

BY ACCESSING OR USING THE SERVICES, YOU EXPRESSLY ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE LEGALLY BOUND BY THIS POLICY. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY DISCONTINUE ALL USE OF THE SERVICES.

2. SCOPE, APPLICABILITY AND COVERED ENTITY RELATIONSHIPS

2.1 Scope of Application

This Policy applies to all interactions with our Services by:

  • Licensed healthcare providers and medical professionals
  • Healthcare organizations, clinics, hospitals, and medical facilities
  • Patients whose information is processed through our Services
  • Business associates and third-party integrators
  • Visitors to our websites and applications
  • Employees and contractors of covered entities

2.2 HIPAA Business Associate Status

When we process Protected Health Information ("PHI") on behalf of Covered Entities or other Business Associates, we function as a Business Associate under HIPAA. We maintain executed Business Associate Agreements ("BAAs") with all applicable clients, which supersede this Policy to the extent of any conflict regarding PHI handling.

2.3 Jurisdictional Coverage

This Policy applies globally, with specific provisions for:

  • United States: HIPAA, HITECH Act, state medical privacy laws
  • European Union/EEA: GDPR compliance
  • Canada: PIPEDA and provincial privacy legislation
  • Other jurisdictions: Local data protection laws as applicable

3. DEFINITIONS

For purposes of this Policy:

  • "AI Systems" means our proprietary and licensed artificial intelligence, machine learning, and natural language processing technologies
  • "Aggregate Data" means data that has been combined and analyzed in a way that individual patients cannot be identified
  • "Business Associate" has the meaning defined under HIPAA
  • "Clinical Documentation" means medical notes, transcriptions, summaries, and related healthcare records
  • "Covered Entity" has the meaning defined under HIPAA
  • "De-identified Data" means data that has been processed to remove all 18 HIPAA identifiers
  • "PHI" or "Protected Health Information" has the meaning defined under HIPAA
  • "Personal Information" means any information relating to an identified or identifiable natural person
  • "Voice Data" means audio recordings, voice patterns, and acoustic characteristics
  • "Voice Biometrics" means unique voice characteristics used for speaker identification

4. INFORMATION WE COLLECT

4.1 Healthcare Provider Information

  • Professional credentials (NPI numbers, DEA numbers, medical licenses, board certifications)
  • Practice information (specialty, affiliations, hospital privileges)
  • Authentication credentials and security tokens
  • Voice recordings for transcription and optional voice biometric authentication
  • Usage patterns and preferences
  • Billing and payment information

4.2 Patient Health Information

  • Demographic information (name, date of birth, contact details)
  • Medical record numbers and identifiers
  • Clinical encounter audio recordings
  • Medical history, diagnoses, treatments, and medications
  • Laboratory results and imaging reports
  • Insurance and billing information
  • Care plans and clinical notes

4.3 Voice and Audio Data

  • Real-time audio streams from clinical encounters
  • Recorded consultations and medical dictations
  • Voice characteristics for speaker separation
  • Acoustic metadata (quality, duration, timestamps)
  • Environmental audio context (with consent)

4.4 AI Processing Data

  • Transcription outputs and confidence scores
  • Clinical insights and suggested diagnoses codes
  • Natural language processing results
  • Model training feedback and corrections
  • Quality assurance annotations

4.5 Technical and Usage Data

  • Device identifiers and hardware information
  • IP addresses and network information
  • Browser type and operating system
  • Session recordings (with consent)
  • Feature usage and interaction patterns
  • Performance metrics and error logs
  • Integration logs with EHR/EMR systems

4.6 Third-Party Integration Data

  • EHR/EMR system data (Epic, Cerner, Athena, etc.)
  • Practice management system information
  • Laboratory and imaging system interfaces
  • Pharmacy and prescription data
  • Insurance eligibility and claims data

5. AI-SPECIFIC DATA PROCESSING

5.1 AI Model Training and Improvement

We employ the following approaches to AI model training and improvement:

  • Third-Party AI Processing: We use established AI providers (such as Anthropic and Google Cloud Vertex AI) under Business Associate Agreements for transcription processing
  • Data Minimization: Only the minimum necessary data is sent to AI providers for processing, and no PHI is retained by AI providers beyond the processing session
  • No Persistent Training on PHI: Your patient data is not used to train general-purpose AI models
  • De-identified Data Only: Any aggregate analysis or model improvement uses fully de-identified data in accordance with HIPAA safe harbor requirements

5.2 Voice Processing and Biometrics

  • Voice data is processed using advanced acoustic models for accurate transcription
  • Optional voice biometric authentication available for enhanced security
  • Speaker diarization to distinguish between multiple speakers
  • Acoustic data retained only for the minimum necessary period
  • Voice prints stored using irreversible hashing when biometrics enabled

5.3 Clinical Intelligence Generation

Our AI systems generate:

  • Automated clinical documentation and SOAP notes
  • ICD-10/CPT coding suggestions
  • Clinical decision support insights (not medical advice)
  • Quality measure tracking and reporting
  • Population health analytics (aggregate only)

5.4 De-identification and Anonymization

  • Automated removal of all 18 HIPAA identifiers
  • Expert determination method for complex cases
  • Synthetic data generation for model training
  • K-anonymity and l-diversity techniques
  • Regular audits of de-identification effectiveness

5.5 Model Transparency and Explainability

  • Audit logs of all AI-generated content
  • Confidence scores and uncertainty quantification
  • Explainable AI features showing decision rationale
  • Human-in-the-loop review options
  • Regular bias testing and fairness audits

6. LEGAL BASIS AND LAWFUL PROCESSING

6.1 HIPAA Permitted Uses

We process PHI under HIPAA's permitted uses for:

  • Treatment activities as directed by healthcare providers
  • Healthcare operations including quality improvement
  • Payment activities including claims processing
  • As required by law or court order
  • Public health activities as permitted
  • Health oversight activities
  • Research with appropriate authorization

6.2 GDPR Legal Bases

For EU/EEA residents, we process data based on:

  • Performance of contract (service delivery)
  • Legal obligations (regulatory compliance)
  • Vital interests (emergency medical situations)
  • Legitimate interests (security, fraud prevention)
  • Explicit consent (marketing, optional features)
  • Special category data processed under Article 9(2)(h) for healthcare

6.3 Consent and Authorization

  • Informed consent obtained for voice recording
  • HIPAA authorizations for uses beyond treatment, payment, and operations
  • Granular consent for optional features
  • Parental consent for minors where required
  • Opt-in consent for marketing communications

7. USE OF INFORMATION

7.1 Primary Service Delivery

  • Real-time medical transcription and documentation
  • Clinical note generation and structuring
  • Medical coding assistance and validation
  • Integration with healthcare IT systems
  • Provider workflow optimization
  • Quality assurance and accuracy improvement

7.2 AI and Machine Learning

  • Training and improving transcription models
  • Enhancing medical terminology recognition
  • Developing clinical intelligence features
  • Reducing bias and improving fairness
  • Creating specialty-specific models
  • Generating aggregate insights (fully de-identified)

7.3 Security and Compliance

  • Identity verification and authentication
  • Fraud detection and prevention
  • Security incident investigation
  • HIPAA compliance auditing
  • Regulatory reporting obligations
  • Risk assessment and mitigation

7.4 Business Operations

  • Billing and payment processing
  • Customer support and service
  • Product development and improvement
  • Analytics and performance monitoring
  • Legal compliance and dispute resolution
  • Corporate transactions (with appropriate safeguards)

8. DISCLOSURE AND SHARING

8.1 Healthcare Ecosystem Sharing

We share information within the healthcare ecosystem solely as permitted by HIPAA and applicable law:

  • Referring and consulting physicians
  • Healthcare facilities and hospitals
  • Laboratories and imaging centers
  • Pharmacies (for medication-related information)
  • Health information exchanges (HIEs)
  • Accountable care organizations (ACOs)

8.2 Service Provider Disclosures

We engage carefully vetted service providers under strict contractual obligations:

  • Cloud infrastructure providers (Google Cloud Platform)
  • AI/ML processing services (Anthropic, Google Cloud Vertex AI - with BAAs where applicable)
  • Content delivery and security services (Cloudflare)
  • Payment processors (Stripe - PCI-DSS Level 1 compliant)
  • Security and monitoring services
  • Professional service firms (under confidentiality)

8.3 Legal and Regulatory Disclosures

We may disclose information when required by:

  • Court orders, subpoenas, or legal process
  • Government investigations or audits
  • Public health authorities
  • Health oversight agencies
  • Law enforcement (with appropriate legal basis)
  • National security or intelligence agencies

8.4 Business Transfers

In connection with any merger, acquisition, or sale of assets:

  • Due diligence under strict confidentiality
  • Successor entities bound by this Policy
  • Notice provided of any material changes
  • Opportunity to request data deletion where permitted
  • Continued protection under applicable BAAs

9. DATA SECURITY AND SAFEGUARDS

9.1 Technical Security Measures

We implement industry-leading security including:

  • Encryption: AES-256 at rest, TLS 1.3+ in transit
  • Zero-Knowledge Architecture: Where technically feasible
  • Multi-Factor Authentication: Required for all PHI access
  • Network Security: Next-generation firewalls, IDS/IPS, DDoS protection
  • Endpoint Protection: EDR, anti-malware, device management
  • Vulnerability Management: Continuous scanning and patching
  • Secure Development: SAST, DAST, dependency scanning

9.2 Administrative Safeguards

  • Security officer designation and responsibilities
  • Workforce training and awareness programs
  • Access management and least privilege principles
  • Sanction policies for violations
  • Regular risk assessments and audits
  • Business continuity and disaster recovery plans
  • Incident response team and procedures

9.3 Physical Security

  • Data center security with industry-standard protections
  • Environmental controls and monitoring
  • Media disposal and sanitization procedures
  • Facility access controls and surveillance
  • Workstation security policies
  • Mobile device management

9.4 Compliance Program

Our compliance program includes:

  • HIPAA Security Rule and Privacy Rule compliance (active)
  • SOC 2 Type 2 Trust Services Criteria alignment (active)
  • PIPEDA and provincial health privacy legislation compliance (active)
  • NIST Cybersecurity Framework alignment (active)
  • ISO 27001/27701 certification (roadmap)
  • HITRUST CSF certification (roadmap)

10. DATA RETENTION AND DELETION

10.1 Retention Periods

  • PHI: Minimum 7 years per HIPAA, extended as required by state law
  • Voice Recordings: 30 days maximum (automatic deletion)
  • Account Data: Duration of account plus 7 years
  • Audit Logs: 7 years for HIPAA compliance
  • De-identified Data: Indefinite for research and improvement
  • Marketing Data: Until consent withdrawal plus legal requirements

10.2 Deletion and Disposal

  • Cryptographic erasure for encrypted data
  • Physical destruction of storage media
  • Secure overwriting procedures
  • Certificate of destruction provided
  • Audit trail of deletion activities
  • Third-party verification where applicable

11. INTERNATIONAL DATA TRANSFERS

11.1 Data Residency Options

  • US-only data storage option available
  • Canadian data residency for PIPEDA compliance
  • EU data residency for GDPR compliance
  • On-premise deployment for complete data control
  • Hybrid cloud options with geographic restrictions

11.2 Transfer Mechanisms

When international transfers occur:

  • Standard Contractual Clauses (EU Commission approved)
  • Adequacy decisions where applicable
  • Binding Corporate Rules for intra-group transfers
  • Explicit consent for specific transfers
  • Derogations for vital interests or legal claims

11.3 Transfer Safeguards

  • End-to-end encryption for all transfers
  • Transfer impact assessments
  • Supplementary measures per Schrems II
  • Government access transparency reporting
  • Enhanced contractual guarantees

12. YOUR PRIVACY RIGHTS

12.1 HIPAA Rights

  • Access your PHI and receive copies
  • Request amendments to incorrect PHI
  • Accounting of disclosures
  • Request restrictions on uses and disclosures
  • Confidential communications
  • File complaints with OCR

12.2 GDPR Rights (EU/EEA Residents)

  • Access (Article 15)
  • Rectification (Article 16)
  • Erasure/"Right to be Forgotten" (Article 17)
  • Restriction of processing (Article 18)
  • Data portability (Article 20)
  • Object to processing (Article 21)
  • Automated decision-making rights (Article 22)

12.3 CCPA/CPRA Rights (California Residents)

  • Know what information we collect
  • Delete personal information
  • Opt-out of sale/sharing
  • Non-discrimination
  • Correct inaccurate information
  • Limit use of sensitive information

12.4 PIPEDA Rights (Canadian Residents)

  • Access personal information
  • Challenge accuracy and completeness
  • Withdraw consent
  • Register complaints with Privacy Commissioner
  • Know about breaches affecting you

12.5 Exercising Your Rights

  • Submit requests to: [email protected]
  • Identity verification required
  • Response within 30 days (45 for complex requests)
  • No fee for reasonable requests
  • Appeal process available
  • Designated agent submissions accepted with authorization

13. CHILDREN'S PRIVACY

13.1 Age Restrictions

  • Services not directed to children under 13
  • Parental consent required for minors' PHI
  • Enhanced protections for adolescent health information
  • Compliance with COPPA where applicable
  • Special handling of reproductive health information

13.2 Parental Rights

  • Access to minor's information (subject to state law)
  • Consent management for minor patients
  • Restrictions on sensitive health topics per jurisdiction
  • Transition procedures at age of majority

14. COOKIES AND TRACKING TECHNOLOGIES

14.1 Technologies We Use

  • Essential Cookies: Authentication, security, load balancing
  • Analytics Cookies: Usage patterns, performance monitoring
  • Functionality Cookies: Preferences, settings, personalization
  • Marketing Cookies: With explicit consent only
  • Session Recording: For quality assurance (with consent)

14.2 Your Choices

  • Cookie consent management platform
  • Browser-based controls
  • Global Privacy Control (GPC) signals honored
  • Do Not Track (DNT) signal response
  • Opt-out of analytics via [email protected]

15. AI TRANSPARENCY AND ETHICS

15.1 AI Principles

We commit to:

  • Transparency: Clear disclosure of AI use
  • Fairness: Regular bias testing and mitigation
  • Accountability: Human oversight of AI decisions
  • Privacy by Design: Privacy considered at every stage
  • Beneficence: AI used to improve healthcare outcomes
  • Non-maleficence: Do no harm principle

15.2 Clinical Decision Support Disclaimer

IMPORTANT: Our AI-generated clinical insights are provided for informational purposes only and do not constitute medical advice. Healthcare providers retain full responsibility for clinical decisions. AI outputs must be reviewed and validated by qualified medical professionals before use in patient care.

15.3 Research and Development

  • Research conducted on de-identified data only
  • IRB approval for research involving PHI
  • Publication only of aggregate results
  • Opt-in participation for specific research
  • Right to withdraw from research uses

16. DATA BREACH NOTIFICATION

16.1 Breach Response Procedures

In the event of a breach:

  • Immediate investigation and containment
  • Risk assessment and harm evaluation
  • Notification within HIPAA required timeframes (60 days)
  • GDPR notification within 72 hours where applicable
  • Individual notice via email and certified mail
  • Regulatory reporting to HHS, state attorneys general
  • Credit monitoring offered where appropriate

16.2 Breach Prevention

  • Continuous security monitoring
  • Regular penetration testing
  • Employee security training
  • Vendor risk assessments
  • Incident response drills
  • Cyber insurance coverage maintained

17. LIMITATION OF LIABILITY AND INDEMNIFICATION

17.1 LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL TRANSCRIBE HEALTH, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AFFILIATES, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR RELATING TO THIS POLICY OR THE SERVICES, REGARDLESS OF THE THEORY OF LIABILITY AND WHETHER OR NOT TRANSCRIBE HEALTH HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

OUR TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS POLICY SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNT YOU HAVE PAID US IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY, OR (B) ONE HUNDRED DOLLARS ($100).

17.2 Indemnification

You agree to defend, indemnify, and hold harmless Transcribe Health and its affiliates from and against any claims, damages, losses, and expenses (including reasonable attorneys' fees) arising out of or relating to:

  • Your violation of this Policy
  • Your violation of applicable laws or regulations
  • Your use of the Services in a manner not authorized by this Policy
  • Any content or data you provide through the Services
  • Your violation of any third-party rights

17.3 Healthcare-Specific Exclusions

We expressly disclaim liability for:

  • Clinical decisions made using our Services
  • Medical malpractice or professional liability claims
  • Accuracy of AI-generated clinical insights
  • Integration failures with third-party systems
  • Compliance with your specific regulatory obligations

18. DISCLAIMERS AND WARRANTIES

18.1 Service Disclaimer

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. WE SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

18.2 Medical Disclaimer

WE DO NOT PROVIDE MEDICAL ADVICE. THE SERVICES ARE TOOLS TO ASSIST HEALTHCARE PROVIDERS AND DO NOT REPLACE PROFESSIONAL MEDICAL JUDGMENT. WE ARE NOT RESPONSIBLE FOR ANY MEDICAL DECISIONS, DIAGNOSES, OR TREATMENTS BASED ON THE USE OF OUR SERVICES.

18.3 Accuracy Disclaimer

WHILE WE STRIVE FOR HIGH ACCURACY, WE DO NOT GUARANTEE 100% ACCURACY IN TRANSCRIPTION OR AI-GENERATED CONTENT. ALL OUTPUT MUST BE REVIEWED AND VALIDATED BY QUALIFIED HEALTHCARE PROFESSIONALS.

19. QUALITY IMPROVEMENT AND HEALTHCARE OPERATIONS

19.1 Quality Improvement Programs

We may use de-identified data for:

  • Improving transcription accuracy
  • Enhancing clinical documentation quality
  • Developing specialty-specific models
  • Benchmarking and performance metrics
  • Population health management
  • Healthcare cost analysis

19.2 Healthcare Operations Support

Our Services support your healthcare operations including:

  • Quality assessment and improvement
  • Patient safety activities
  • Protocol development
  • Case management and care coordination
  • Practice management activities
  • Accreditation and licensing

20. DISPUTE RESOLUTION AND GOVERNING LAW

20.1 Mandatory Binding Arbitration

ANY DISPUTE ARISING OUT OF OR RELATING TO THIS POLICY OR THE SERVICES SHALL BE RESOLVED THROUGH BINDING ARBITRATION ADMINISTERED BY THE ADR INSTITUTE OF CANADA UNDER ITS ARBITRATION RULES FOR CANADIAN RESIDENTS, OR BY THE AMERICAN ARBITRATION ASSOCIATION (AAA) UNDER ITS COMMERCIAL ARBITRATION RULES FOR US RESIDENTS. The arbitration shall be conducted in Ontario, Canada, and judgment on the award may be entered in any court having jurisdiction.

20.2 Class Action Waiver

YOU AGREE TO BRING CLAIMS AGAINST US ONLY IN YOUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, REPRESENTATIVE, OR COLLECTIVE ACTION.

20.3 Governing Law

This Policy shall be governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to its conflict of law principles. For international users, local mandatory consumer protection laws may apply.

20.4 Venue

Exclusive venue for any dispute not subject to arbitration shall be the courts located in Ontario, Canada.

20.5 Time Limitation

You must bring any claim within one (1) year after the cause of action arises, or such claim is forever barred.

21. REGULATORY COMPLIANCE

21.1 United States Compliance

  • HIPAA Privacy, Security, and Breach Notification Rules
  • HITECH Act requirements
  • 42 CFR Part 2 (substance abuse records)
  • State medical records laws
  • CCPA/CPRA (California)
  • Biometric privacy laws (Illinois BIPA, Texas, Washington)
  • State breach notification laws

21.2 Canadian Compliance

  • PIPEDA (federal)
  • Ontario: Personal Health Information Protection Act, 2004 (PHIPA)
  • Quebec: Act Respecting the Protection of Personal Information in the Private Sector and Law 25
  • Alberta: Health Information Act (HIA)
  • British Columbia: Personal Information Protection Act (PIPA BC)
  • Saskatchewan: Health Information Protection Act (HIPA)
  • Manitoba, New Brunswick, Newfoundland and Labrador: Personal Health Information Acts (PHIA)
  • Nova Scotia, PEI, Territories: PIPEDA as applicable federal legislation

21.3 International Compliance

  • GDPR (European Union) - applicable when serving EU-based users
  • UK Data Protection Act - applicable when serving UK-based users
  • Other applicable national laws as required by jurisdiction

21.4 Industry Standards

  • HL7 FHIR specifications
  • ONC certification requirements
  • NIST Cybersecurity Framework
  • ISO 27001/27799 standards
  • Cloud Security Alliance guidelines

22. PRIVACY PROGRAM GOVERNANCE

22.1 Privacy by Design

We implement privacy by design principles:

  • Proactive not reactive
  • Privacy as default setting
  • Full functionality with privacy
  • End-to-end security
  • Visibility and transparency
  • Respect for user privacy
  • Privacy embedded into design

22.2 Privacy Impact Assessments

We conduct assessments for:

  • New features and services
  • AI model deployments
  • Third-party integrations
  • International data transfers
  • High-risk processing activities

22.3 Transparency Reporting

We publish annual transparency reports including:

  • Government data requests
  • Law enforcement requests
  • Breach statistics (anonymized)
  • Privacy rights requests
  • Third-party audit results

23. CONTACT INFORMATION

Privacy Officer

For privacy-related inquiries, data subject rights requests, or concerns about our privacy practices:

Chief Privacy Officer
Transcribe Health Corporation
Email: [email protected]
Response Time: Within 48 business hours

Additional Contacts

For comprehensive contact information including security incidents, legal inquiries, compliance matters, and audit support, please visit our Compliance page.

Regulatory Authorities

Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca

U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W., Washington, D.C. 20201
Toll-free: 1-877-696-6775
Website: www.hhs.gov/ocr

European Data Protection Authorities
For EU/EEA residents: Contact your local supervisory authority
Directory: https://edpb.europa.eu/about-edpb/board/members_en

24. CHANGES TO THIS POLICY

24.1 Right to Modify

We reserve the right to modify this Policy at any time, in our sole discretion. Changes become effective immediately upon posting unless otherwise specified.

24.2 Notice of Material Changes

For material changes, we will:

  • Email notice to registered users
  • In-app notifications
  • Banner notice on website
  • 30-day advance notice for material adverse changes

24.3 Continued Use

Your continued use of the Services after changes constitutes acceptance of the modified Policy. If you disagree with changes, you must discontinue use.

24.4 Version History

Previous versions available upon written request to [email protected]. We maintain a complete version history for compliance purposes.

25. SEVERABILITY AND WAIVER

25.1 Severability

If any provision of this Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

25.2 Waiver

No waiver of any term of this Policy shall be deemed a further or continuing waiver of such term or any other term, and our failure to assert any right or provision shall not constitute a waiver of such right or provision.

26. FORCE MAJEURE

We shall not be liable for any failure or delay in performance under this Policy which results from any cause beyond our reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, pandemics, strikes, or shortages of transportation facilities, fuel, energy, labor, or materials.

27. ASSIGNMENT

You may not assign or transfer any rights or obligations under this Policy without our prior written consent. We may assign our rights and obligations without restriction.

28. ENTIRE AGREEMENT

This Policy, together with our Terms of Service and any applicable BAA, constitutes the entire agreement between you and Transcribe Health regarding privacy and data protection, and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties.

29. SURVIVAL

Sections relating to limitation of liability, indemnification, disclaimers, dispute resolution, and any other provisions that by their nature should survive, shall survive any termination or expiration of this Policy.

30. ACKNOWLEDGMENT AND ACCEPTANCE

BY USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTAND IT, AND AGREE TO BE BOUND BY ALL OF ITS TERMS AND CONDITIONS. IF YOU ARE ACCEPTING ON BEHALF OF AN ORGANIZATION, YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ORGANIZATION.

Β© 2024-2026 Transcribe Health Corporation. All rights reserved.

EFFECTIVE DATE: December 1, 2024 LAST UPDATED: March 9, 2026 VERSION: 1.1 DOCUMENT ID: POL-PRIV-2024-001

Back to Home
Terms of ServiceComplianceContact Us
Privacy Policy | Transcribe Health