Privacy Policy
1. Who this applies to
This policy explains how Voti ("Voti", "we") handles information when you use the Voti iOS app and this website. Voti is a tool clinicians use to draft clinical notes; the clinician or their practice remains the owner and controller of patient records.
2. Information we collect
- Account information — your name, email address, and authentication details when you create an account.
- Notes you create — the clinical notes Voti drafts and you edit, which sync to your account.
- Visit transcript — the on-device transcript text, which is sent to generate your note when you allow it (see section 3).
- Visit recordings (optional) — only if you turn on Audio Sync; otherwise recordings never leave your device (see section 3a).
- Limited diagnostics — basic, non-content app diagnostics (crashes, performance) to keep the app reliable.
By default we do not collect the visit audio, and we do not require any patient identifiers to function. If you turn on Audio Sync (off by default — see section 3a), your recordings are stored on our secure backend so you can reach them across your devices.
3. On-device transcription & AI note generation
Speech is converted to text entirely on your iPhone. By default the visit audio is processed locally and is not uploaded to Voti or to any third-party transcription service, so transcription works even with no internet connection. (You can optionally back up recordings with Audio Sync — see section 3a.)
To turn that transcript into a draft note, Voti uses artificial intelligence. The app asks for your permission before any transcript is sent, and you can review or turn this off at any time in the app's Settings.
- What is sent — the visit transcript text and the note template you choose. The audio recording itself is never sent.
- Who receives it — the transcript goes from the app to Voti's secure backend (operated by Convex), which calls an AI model hosted inside Amazon Web Services (AWS). Voti has signed Business Associate Agreements with both Convex and AWS, and the AI processing stays inside that HIPAA-covered environment.
- How it is used — only to generate your draft note. Your transcript is never sold and is never used to train AI models.
AI-generated notes are drafts: a clinician reviews and edits every note before clinical use.
3a. Optional: Audio Sync across devices
Audio Sync is an optional feature that is off by default. When a clinician turns it on (after a separate consent screen in the app), each new visit recording is uploaded to Voti's secure backend (operated by Convex) and stored encrypted, under the same signed Business Associate Agreement, so the recording can be played on the clinician's other devices.
- Off unless you enable it — with Audio Sync off, recordings stay on your device and are never uploaded.
- What is stored — the encrypted audio file, linked to the visit. It is never sold and never used to train AI models.
- You stay in control — turn Audio Sync off at any time to stop uploading new recordings; deleting a visit or your account removes the stored audio.
4. How we use information
- To provide the service — drafting notes, syncing them to your account, and signing you in.
- To provide support when you contact us.
- To maintain security and improve reliability.
We do not use your notes or transcripts to train AI models.
5. Storage & security
Account data and notes are encrypted in transit and at rest, and are protected by access controls on a HIPAA-aligned backend. Visit audio stays on your device unless you turn on Audio Sync, in which case your recordings are also stored encrypted in transit and at rest on the same backend, under our signed Business Associate Agreement.
6. Sharing
We do not sell your information. We share data only with vetted service providers needed to run the product — Convex (encrypted backend, sync, authentication, and optional audio backup) and Amazon Web Services (AI note generation, and cloud transcription where on-device transcription is unavailable) — under signed Business Associate Agreements that require them to protect it to the same standard described here and limit their use of it. We may also disclose information where the law requires it.
7. HIPAA & Business Associate Agreement
Voti is designed around HIPAA safeguards: protected health information stays on the device for transcription, and account data is encrypted in transit and at rest. A Business Associate Agreement (BAA) is available for practices and health systems. Contact us to request one.
8. Your choices & data retention
- Export — export your notes from inside the app at any time.
- Delete — delete your account and all associated data permanently, in one tap, from the app.
- We retain account data for as long as your account is active, then delete it on request or account closure.
9. Your rights
Depending on where you live, you may have rights to access, correct, or delete your personal information. To exercise them, email privacy@voti.ai.
10. Children
Voti is intended for use by clinicians and is not directed to children. We do not knowingly collect personal information from children.
11. Changes to this policy
We may update this policy as the product evolves. We'll revise the "last updated" date above and, for material changes, notify you in the app or by email.
12. Contact
Questions about privacy or a BAA? Email privacy@voti.ai or visit our contact page.