Privacy Policy
Last Updated 9/16/25
Introduction
Alcott AI (“Alcott,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our services, including the Alcott App (web and iOS) and our Provider Search GPT.
​
Our goal is to help you organize your health information and prepare for medical visits. Alcott AI is not a medical device and does not provide medical advice, diagnosis, or treatment. The Services are intended for use within the United States.
​
👉 Translation: We’re here to help you get organized, not to act as your doctor. And yes — for now, we’re only built for U.S. users.
What We Collect
Alcott App (Web and iOS):
When you create an account, you provide basic information like your name, email, date of birth, and password, or use third-party authentication services. You can upload health files (lab results, medical notes, wearable data, PDFs) and enter information like symptoms or questions. We also collect technical data (device type, browser, IP address, crash reports) to keep the app working properly.
​
Your uploaded information is sent to our AWS servers where we generate summaries using Anthropic’s Claude model. If you don’t create an account, uploads are automatically deleted within 30 days. If you do create an account, your data is stored until you delete it or close your account.
​
👉 Translation: With an account, your stuff stays put. Without one, it disappears after 30 days and you can’t access anything except the summary once you exit the chat.
Provider Search GPT:
When you search for providers, your queries (provider names, specialties, locations, insurance info) are processed by OpenAI’s platform. Alcott does not access or store these conversations. Our provider directory on Supabase may log search requests for troubleshooting, which are deleted within 30 days.
​
👉 Translation: Ask the GPT about doctors if you’d like — OpenAI processes it, not us. We don’t keep a copy.
How We Use and Share Information
We use your information to operate the Services, generate visit preparation summaries, enable sharing with caregivers or clinicians if you choose, and send important service communications. We do not sell your information or use health data for advertising.
We share information only with trusted service providers: AWS (hosting, AI processing, authentication), Supabase (provider directory), Twilio (communications), OpenAI (Provider Search GPT), and Apple (App Store, Sign in with Apple). We may also share information if required by law or to protect safety.
👉 Translation: We use your info to run Alcott, not to run ads. And we only share with vendors who help us make the app work.
Security & Data Retention
We use industry-standard security including encryption, access controls, and system monitoring. We conduct regular security assessments and maintain enterprise-grade controls. In case of a data breach, we’ll notify users promptly as required by law.
​
When you close your account, we delete your health information within 30 days, though some technical logs may be retained longer for security and legal compliance.
​
👉 Translation: We lock the doors, set alarms, and if anything ever goes wrong, we’ll tell you.
Important Disclaimers
HIPAA
Alcott v.25 is a consumer app, so HIPAA doesn’t apply to our current design. However, we maintain strong security safeguards and plan to pursue HIPAA compliance as we expand into enterprise offerings.
​
👉 Translation: HIPAA doesn’t cover us yet — but we’re building like it will.
Healthcare
Alcott AI is not a medical device and doesn’t provide medical advice, diagnosis, or treatment. All outputs are for informational purposes only. Always consult healthcare professionals for medical decisions. If you have a medical emergency, call 911 immediately.
​
👉 Translation: We’re the clipboard, not the clinician. If it’s urgent, call 911, not Alcott.
Children
We don’t allow children under 13 to create accounts. Parents may use their accounts to manage health information for dependents. If we learn we’ve collected information from a child under 13, we’ll delete it.
​
👉 Translation: Parents can manage family info, but no direct kid accounts under 13.
Your Rights and Contact
You can access or delete your information and close your account anytime. Contact us to exercise these rights.
We may update this Privacy Policy occasionally. Material changes will be communicated by updating the date above or through app notifications. This Privacy Policy is effective as of 9/16/2025 and applies to all information collected on or after that date.
​
👉 Translation: Your data is your call. If we make big changes, we’ll let you know.
​
​
Contact Us:
Email: legal@alcottai.com
Website: www.alcottai.com
​
👉 Translation: Real humans are behind this — reach out anytime.