Privacy Policy

NeuroDocs is operated by NeuroDocs Ltd, a company registered in England and Wales (Company No. 12345678), with registered office at 100 Euston Road, London, NW1 2DB. We are the data controller for personal data processed through our service.

If you have any questions about this policy, contact our Data Protection Officer at: privacy@neurodocs.io

We collect the following categories of personal data:

• Account data: name, email address, job title, organisation name, and password hash.

• Usage data: session metadata, feature interactions, and device/browser information.

• Consultation data: audio recordings, transcriptions, and generated SOAP notes that you create within the platform. This data is considered sensitive health information.

• Billing data: payment method type and last four digits (full card numbers are processed by Stripe and never stored by us).

• Communications: messages sent to our support team.

We use personal data to:

• Provide, operate, and improve the NeuroDocs service.

• Generate AI-powered SOAP notes from your consultation transcripts.

• Send transactional emails (session complete, billing receipts, account alerts).

• Respond to support requests.

• Comply with legal obligations.

We do not use patient data to train AI models. We do not sell personal data to any third party.

We process personal data under the following legal bases under UK GDPR:

• Contract: processing necessary to provide the NeuroDocs service you have subscribed to.

• Legitimate interests: improving the reliability and performance of the platform, fraud prevention, and security monitoring.

• Legal obligation: retention of records required by law.

• Consent: where we send marketing communications (you may withdraw consent at any time).

We share personal data only with the following categories of sub-processors:

• Anthropic (claude-sonnet-4-6): receives consultation transcript text to generate SOAP notes. Anthropic processes this under a strict data processing agreement and does not use it for model training.

• OpenAI (Whisper API): receives audio files you upload for transcription. Same data processing protections apply.

• Amazon Web Services: hosts our infrastructure in HIPAA-eligible regions (eu-west-1 and us-east-1).

• Stripe: processes payment card information.

• Postmark: delivers transactional email.

We maintain an up-to-date sub-processor list available on request.

• Account data is retained for the duration of your account plus 90 days after closure.

• Audio files are deleted from our servers within 24 hours of transcription completion.

• Transcripts and SOAP notes are retained until you delete them or close your account.

• Billing records are retained for 7 years as required by UK tax law.

You can request deletion of your data at any time from Settings → Data & Privacy.

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.

• Correct inaccurate personal data.

• Erase your personal data (subject to legal retention requirements).

• Restrict or object to processing.

• Port your data in a machine-readable format.

• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email privacy@neurodocs.io. We will respond within 30 days.

We protect personal data using:

• Encryption in transit: TLS 1.3 on all connections.

• Encryption at rest: AES-256 for all stored data and backups.

• Access controls: role-based access, MFA required for all staff with data access.

• Regular penetration testing by an independent security firm.

• SOC 2 Type II certification (report available under NDA on request).

Despite these measures, no internet transmission is completely secure. Please use a strong, unique password and enable two-factor authentication on your account.

Your data is processed primarily within the UK and EEA. Where sub-processors operate in the US (including Anthropic, OpenAI, and AWS us-east-1), we rely on Standard Contractual Clauses (SCCs) and, where applicable, the UK International Data Transfer Agreement (IDTA) to ensure adequate protection.

We use strictly necessary cookies to maintain your session and preferences. We use analytics cookies (Plausible Analytics) to understand aggregate usage patterns — these cookies do not track individuals or share data with advertising networks. You can opt out of analytics cookies in your account settings.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and display a notice in the app at least 14 days before the changes take effect. The date at the top of this page reflects the most recent update.

Data Protection Officer: privacy@neurodocs.io

NeuroDocs Ltd, 100 Euston Road, London, NW1 2DB, United Kingdom

For general support: support@neurodocs.io