← SampsonPrivacy Policy

Privacy Policy

Last updated: June 18, 2026

1. Introduction

Sampson Scribe ("Sampson," "we," "us," or "our") is a medical documentation tool designed for healthcare providers. This Privacy Policy explains how we collect, use, store, and protect information when you use our mobile application and web service (collectively, the "Service").

By using Sampson, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Our Promise: Bare-Minimum Data Collection

By default, Sampson collects only the bare legal minimum needed to operate the Service and meet HIPAA audit-logging requirements. Specifically:

  • We never use your data to train our models unless you specifically opt in — every user is opted out by default. Your transcripts, notes, and audio are never used to train third-party models (OpenAI's, Deepgram's, or any other provider's).
  • We do not aggregate your clinical content for analytics or research.
  • We do not sell, share, or license your data to anyone.
  • Audio is purged from our servers within 48 hours of upload, after transcription completes.
  • Quality-improvement data (edit deltas, flag interactions, transcription confidence) is collected only from accounts that have explicitly opted in. By default this pipeline is disabled at the API layer — nothing leaves your device for improvement purposes.

If we ever expand quality-improvement data collection (e.g., for a future paid plan), we will update this Privacy Policy and require fresh consent before enabling it on any new account.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Authentication credentials (securely hashed)
  • Account preferences and settings (e.g., custom physical-exam template)

2.2 Audio Recordings

When you use Sampson to document patient encounters, we temporarily collect:

  • The audio recording of your dictation (transient — see retention below)
  • The transcription generated from that recording
  • The clinical note generated from the transcription

Audio retention: Audio files are uploaded to a private, encrypted S3 bucket for processing, then permanently deleted within 48 hours. We do not retain raw audio long-term, and we do not copy audio to any other system for analysis or training.

2.3 Patient Information

The clinical notes you create may contain patient information that you dictate, including:

  • Patient demographics (age, gender)
  • Chief complaints and symptoms
  • Medical history, medications, and allergies
  • Physical examination findings
  • Diagnostic results and clinical assessments

These notes live in your private Sampson account and are visible only to you. They are not used to train any model, are not aggregated, and are not analyzed by anyone other than you.

You are responsible for ensuring that any patient information you input complies with applicable healthcare privacy regulations (such as HIPAA in the United States).

2.4 Operational & Compliance Logging

We automatically collect a small amount of technical metadata required to operate the Service safely and to meet HIPAA audit-trail obligations:

  • Device type, operating system, and app version
  • Crash reports and uncaught errors (captured by our own backend with text content scrubbed; no third-party error tracker is used)
  • Audit-log entries for each note generation: timestamp, your user ID, the patient ID, model used, token counts, and timing information — required for HIPAA-style access logging
  • Per-account usage counters (number of notes generated, last-active date) for billing/quota and abuse prevention
  • Transcription quality metadata (overall confidence score, word count) so the app can flag potentially unreliable transcripts back to you

None of the above contains the text of your transcripts or notes. This logging exists to keep the Service running and to satisfy compliance — not to study your content.

2.5 What We Do Not Collect by Default

Unless your account has explicitly opted in, the following are never saved to any analytics, training, or aggregation store:

  • Note text deltas (what you edited and what the AI originally generated)
  • Individual flag dismissals or corrections
  • Transcript text outside your own patient record
  • Per-encounter audio retention beyond the 48-hour processing window

These are gated server-side by a feature flag (dataCollection) that is disabled for every account by default. Even if a client mistakenly sends this data, the server discards it for non-opted-in users.

3. How We Use Your Information

We use the collected information only to:

  • Provide and maintain the Service
  • Transcribe your audio recordings into text (transient — deleted within 48 hours)
  • Generate clinical documentation from your dictations
  • Sync your notes across your own devices
  • Send you service-related notifications (e.g., "Note ready")
  • Investigate crashes and operational errors
  • Respond to your support requests
  • Detect and prevent fraud or abuse
  • Satisfy our HIPAA audit-logging obligations

We never use your data to train our models unless you specifically opt in — every user is opted out by default. Your audio recordings, transcriptions, and clinical notes are never used to train third-party models. We have data-processing addendums with our AI vendors (OpenAI, Deepgram) that explicitly prohibit them from using your content for model training. See Section 5 for vendor details.

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored using the following services:

  • Firebase (Google Cloud) - Authentication and database storage
  • Amazon Web Services (AWS) - Temporary audio file storage and processing

We store your data with infrastructure providers (AWS and Google Cloud/Firebase) that maintain SOC 2 compliant data centers located in the United States.

4.2 Security Measures

We implement industry-standard security measures:

  • Encryption in transit (TLS/SSL) for all data transfers
  • Encryption at rest for stored data
  • Secure authentication with Firebase Auth
  • Automatic session timeout — you are signed out after a period of inactivity to protect access on shared or unattended devices
  • Access controls limiting data access to authorized personnel
  • Regular security audits and monitoring

4.3 Data Retention

  • Audio recordings: Deleted within 48 hours of processing
  • Clinical notes & transcripts: Automatically deleted 14 days after creation to minimize retained patient information. You can also delete a note sooner at any time. Notes are never copied or moved out of your account for any other purpose.
  • Operational / HIPAA audit logs: Timestamps, user IDs, patient IDs, and model-call metadata are retained for 6 years to meet HIPAA audit-log retention requirements. These logs never contain the text of your transcripts or notes.
  • Account data: Retained while your account is active
  • Custom instruction history: Retained for up to 10 years for compliance, security, and legal defense purposes (see Terms of Service Section 9)
  • Quality-improvement data (opt-in only): If you have explicitly opted in (see Section 2.5), correction events and edit deltas may be retained indefinitely. By default this is disabled for every account.

Account Deletion: You can permanently delete your account at any time using the Delete Account option in the app's Settings screen (or by contacting us). When you do, we delete your clinical notes and personal profile, but we retain HIPAA audit-log records and custom instruction audit records (including your email and user ID) for the retention periods described above to protect against legal claims and maintain system integrity.

5. Third-Party Services

We use the following third-party services to provide the Service:

Deepgram

Data sent: your audio recording. Deepgram provides speech-to-text transcription. Audio is processed and not retained by Deepgram after transcription completes, and is never used to train Deepgram's models.

Deepgram Privacy Policy →

OpenAI

Data sent: your transcript (which may contain the medical information you dictated). OpenAI provides AI-powered note generation. Transcripts are processed via OpenAI's API with data retention disabled and are never used to train OpenAI's models.

OpenAI Privacy Policy →

Firebase (Google)

Provides authentication, database, and cloud messaging services.

Firebase Privacy Policy →

Amazon Web Services (AWS)

Provides cloud computing and temporary audio file storage (purged within 48 hours). Operational logs (timestamps, user IDs, patient IDs, model metadata) are retained in CloudWatch for compliance and debugging. No transcript or note text is sent to CloudWatch.

AWS Privacy Policy →

Equal protection. Every third party that receives your data is contractually bound — through Business Associate Agreements (BAAs) and/or Data Processing Addendums (DPAs) — to safeguard it with protections at least equal to those described in this Privacy Policy, to use it solely to provide their service to us, and never to use it to train their models or share it further. We send only the minimum each service needs to function: your audio to Deepgram for transcription, and your transcript to OpenAI for note generation.

6. Your Rights

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update or correct your information
  • Deletion: Delete individual notes, or permanently delete your entire account at any time using the Delete Account option in the app's Settings screen
  • Data Portability: Export your notes in a standard format
  • Withdraw Consent: Stop using the Service at any time

To exercise these rights, contact us at contact@sampsonscribe.ai.

7. Healthcare Provider Responsibilities

Sampson is a documentation tool designed for licensed healthcare providers. As the user, you are responsible for:

  • Ensuring your use of Sampson complies with applicable laws and regulations
  • Reviewing and verifying all generated clinical notes before use
  • Obtaining any required patient consents for recording
  • Maintaining appropriate safeguards for patient information
  • Recognizing that Sampson is a documentation-assistance tool only and does not provide clinical recommendations, diagnoses, or decision support; all clinical decision-making remains your sole responsibility

Sampson operates as a Business Associate under HIPAA when processing Protected Health Information on behalf of healthcare providers (Covered Entities). We maintain signed Business Associate Agreements (BAAs) with all third-party subprocessors that handle PHI. A BAA is available to customers upon request. To request a BAA, contact us at admin@sampsonscribe.ai.

8. Children's Privacy

Sampson is intended for use by healthcare professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Sampson Scribe

Email: contact@sampsonscribe.ai