top of page

Privacy Policy

Last Updated 12/19/2025

The plain-language summaries (marked with 👉) are provided for convenience only and are not legally binding. If there's any conflict, the formal language controls.

Introduction

Alcott, Inc. ("Alcott," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our services, including visit.alcottai.com (for patients), medipen.alcottai.com (for healthcare providers), and our Provider Search GPT.

​

Our goal is to help you organize your health information and prepare for medical visits. Alcott, Inc. is not a medical device and does not provide medical advice, diagnosis, or treatment. The Services are intended for use within the United States. See our Terms of Service for eligibility, account terms, and recording consent requirements.

​

​

👉 Translation: We’re here to help you get organized, not to act as your doctor. And yes — for now, we’re only built for U.S. users.

What We Collect

Alcott Visit Companion

When you create an account, you provide basic information like your name, email, date of birth, and phone number, or use Google authentication.

​

Health Information

​You may provide health information through several features:

​

  • Visit Preparation: Chat conversations about your symptoms, questions, and health concerns for upcoming appointments

  • Medical Record Upload: Documents you upload (lab results, medical notes, PDFs) which you can view and chat with our AI about

  • Scribe: Audio recordings of your medical visits, which are transcribed and summarized (see Scribe section below)

  • Provider Sharing: Visit summaries that you choose to share with your healthcare providers

​

On Behalf Of

If you are completing a visit on behalf of someone else (such as a child or elderly family member), we collect your name as the caregiver and the patient's name and health information.

​

Technical Data

We collect technical data (device type, browser, IP address, crash reports) to keep the service working properly.

​

Scribe Feature

When you use our Scribe feature to record a medical visit:

  • Audio recordings are deleted immediately after transcription — we never store audio

  • Transcripts and Summaries are stored according to our retention policy below

​

​

​

Alcott Medipen

Medipen is a provider-only tool for AI-assisted medical form completion. Patients do not access Medipen directly.

​

When providers use Medipen, we collect:

  • Uploaded PDF forms (which may contain patient health information)

  • Completed form outputs

  • Provider account and usage information

Uploaded documents are processed in memory and not retained after download. Form templates (without patient data) are retained until the provider deletes them.​​​​

​

Provider Search GPT:

When you search for providers using our GPT, your queries (provider names, specialties, locations, insurance info) are processed by OpenAI's platform. Alcott does not access or store these conversations.

​

👉 Translation: We collect what you give us — your account info, health details you share, documents you upload, and basic technical info to keep things running. If you're helping a family member, we note that too.


How We Use and Share Information

👉 Translation: Ask the GPT about doctors if you’d like — OpenAI processes it, not us. We don’t keep a copy.

👉 Translation: Medipen helps your doctor fill out paperwork faster. You never log in—they handle it and send you forms through their own channels.

We use your information to operate the Services, generate visit preparation summaries, transcribe and summarize recorded visits, enable sharing with caregivers or clinicians if you choose, and send important service communications. We do not sell your information or use health data for advertising.

 

We share information only with trusted service providers:

​​​

  • AWS: Hosting, AI processing (Bedrock), transcription (Transcribe Medical)

  • Supabase: Database (self-hosted on AWS)

  • Twilio: Multi-factor Authentication

  • Stripe: Payment processing (providers only)

  • Google: Authentication (if selected by user)

  • OpenAI: Provider Search GPT only

​

We may also share information if required by law or to protect safety.

​

For Healthcare Providers:  If you use Alcott services as a healthcare provider, please see our Business Associate Agreement in our Terms of Service.​​​​

👉 Translation: We use your info to run Alcott, not to run ads. And we only share with vendors who help make the service work.

Data Retention

​

​

 

 

 

​

Scribe-specific retention:

  • Audio recordings: Deleted immediately after transcription

  • Transcripts and Summaries: Follow retention policy above

 

Provider-linked users: If you access Alcott through a healthcare provider's invitation without creating an account, your data is retained until the provider's agreement with Alcott ends, plus 30 days.

 

Anonymized metadata: includes non-identifying information like visit types, feature usage patterns, and question categories. This data cannot identify you and helps us improve our services.

​

Medipen: Uploaded documents are processed in memory and not retained after download. Form templates (without patient data) are retained until the provider deletes them.

​

​

​​

​

👉 Translation: For Visit Companion, your stuff stays until you delete it (or 90 days if no account). For Medipen, we don't keep filled forms after download. We keep anonymous stats to make Alcott better.

Security

We use industry-standard security including encryption, access controls, and system monitoring. We conduct regular security assessments and maintain HIPAA-compliant safeguards. In case of a data breach, we'll notify users as required by law.

👉 Translation: We lock the doors, set alarms, and if anything ever goes wrong, we'll tell you.

HIPAA Compliance

Alcott maintains administrative, technical, and physical safeguards to protect your health information in accordance with HIPAA requirements. This includes:

  • Encryption of data in transit and at rest

  • Access controls and audit logging

  • Business Associate Agreements with our vendors

  • Regular security assessments

  • Incident response procedures

For healthcare providers using Alcott, a Business Associate Agreement is included as part of our Terms of Service.

👉 Translation: We take HIPAA seriously and follow the rules to protect your health info.

Your Rights

You can access, download, or delete your information and close your account anytime. To exercise these rights, contact us at legal@alcottai.com. We will respond within 30 days.

👉 Translation: Your data is your call. Email us and we'll help.

Children

We don't collect data from children under 13. Parents may manage health information for children using our "On Behalf Of" feature. See our Terms of Service for complete eligibility requirements.

👉 Translation: Parents can manage family info using our caregiver feature, but no direct accounts for kids under 13.

Changes to This Policy

We may update this Privacy Policy occasionally. Material changes will be communicated by updating the date above or through app notifications.

Contact Us

Email: legal@alcottai.com

Website: www.alcottai.com

👉 Translation: Real humans are behind this — reach out anytime.

bottom of page