CareDraft Logo CareDraft
Legal

Privacy Policy

Effective Date: May 28, 2026  |  Last Updated: June 7, 2026

DRAFT — REQUIRES ATTORNEY REVIEW BEFORE PUBLICATION. This is a framework-based draft, not legal advice. A qualified US privacy attorney must review before this is published or linked from any app store listing.

The Short Version

CareDraft is a clinical productivity tool that runs entirely on your device.

  • CareDraft is intended for clinician-dictated, post-encounter, de-identified note drafting. It is not intended to record patient interactions or to capture patient identifiers.
  • We do not collect, store, or transmit your clinical notes, dictations, transcripts, AI summaries, patient information, or any other content you create in the app.
  • Everything you create stays on your phone or tablet. We have no servers that store your work and no way to access it.
  • The only network connections the app makes are: (1) a one-time download of AI model files from Hugging Face when you first set up the app, and (2) routine app-update checks with Expo (the framework we use to deliver app updates).
  • We do not run analytics, crash reporting, advertising trackers, or any third-party telemetry inside the app.
  • We do not sell your personal information. We do not share it with advertisers. We do not have it to sell or share.

If anything in this policy contradicts the short version, the longer text governs — but we have tried hard to make sure they say the same thing.

1. Who we are

CareDraft is published by [CareDraft LLC] ("we," "us," "our"), located at [Insert Postal Address]. You can contact us about this policy at [email protected].

CareDraft is a software application available on the Apple App Store and Google Play (the "App"). This policy describes what limited information we collect, how it is used, and your rights.

This policy does not apply to: (a) websites or services we do not control, including the Hugging Face model hosting service and the Expo Application Services update service; (b) your clinical employer's separate policies governing how you may use software with patient information; (c) other apps you may use on your device.

2. Important context: you are a clinician using a personal productivity tool

CareDraft is sold to individual clinicians as a personal productivity tool, similar to a notebook, a voice recorder, or a notes app. It is not sold to clinics, hospitals, or health systems.

CareDraft is intended for clinician-dictated, post-encounter, de-identified note drafting. It is not intended to record patient interactions or to capture patient identifiers. Timestamps shown in the App reflect when a draft was created in CareDraft and are not intended to represent encounter date, encounter time, or date of service unless you separately add that information.

[CareDraft LLC] is not a HIPAA Covered Entity. We are not a HIPAA Business Associate. We do not enter Business Associate Agreements. If your professional obligations under HIPAA, state medical privacy law, your employer's policies, or your malpractice insurance require a Business Associate Agreement before using a software tool with patient information, CareDraft is not the right tool for that use case, and you should not use it for that purpose.

You are solely responsible for:

  • Determining whether your use of the App is permitted under your employer's policies, your professional licensure rules, and applicable law.
  • Securing the device the App is installed on, including device-level encryption, screen-lock, and OS updates.
  • Protecting your PIN, biometric credentials, and any recovery code we provide.
  • Any decision to export, share, print, email, or otherwise transmit notes you create in the App.

3. Information stored on your device (we do not have access to this)

When you use CareDraft, the following is created and stored locally on your device, never on our servers:

  • Audio recordings of your dictations
  • Text transcriptions of those dictations
  • AI-generated summaries, templates, and other note content
  • Notes you type or edit manually
  • Any patient identifiers, clinical details, or other information you enter
  • Your settings and preferences

This information is encrypted at rest using AES-256-GCM with a random data-encryption key stored only through hardware-backed key wrapping. Your PIN is not stored; it is used with PBKDF2-HMAC-SHA512 to unwrap the local encryption key. If you enable biometric unlock, the App stores a separate biometric-protected copy of that encryption key in iOS Keychain or Android Keystore. We do not transmit, store, back up, or have any technical means to access this information.

This means: if you lose your PIN and your recovery code, your data is permanently inaccessible. We cannot recover it. The App provides a recovery code at setup; you should store it in a safe place outside the App.

4. Information we do receive

We receive a small amount of information indirectly when you use the App. We do not associate this information with you personally.

4.1 App update checks (Expo Application Services)

The App is built using the Expo framework. On launch, the App contacts Expo Application Services (u.expo.dev) to check whether a code update is available. This connection conveys basic technical information including: the App version, the platform (iOS or Android), the runtime version, and a randomly generated device identifier used by Expo to deliver updates. It does not convey your name, your patients' information, the contents of your notes, or any other personal or clinical information.

Expo's privacy practices are governed by Expo's own privacy policy at https://expo.dev/privacy. We do not receive this information ourselves.

4.2 Model downloads (Hugging Face)

The first time you set up the App, it downloads the AI model files needed to run speech transcription and note generation entirely on your device. These files are hosted by Hugging Face and the App makes a one-time HTTPS request to download them. This request conveys standard HTTP information (your IP address, your user agent) to Hugging Face. It does not convey any account, identity, or clinical information.

Hugging Face's privacy practices are governed by Hugging Face's own privacy policy at https://huggingface.co/privacy. We do not receive this information ourselves.

4.3 App Store / Play Store activity

When you download, install, or purchase the App, Apple and Google receive information about that transaction. Their handling of that information is governed by their own privacy policies. We may receive de-identified aggregate sales reports from Apple and Google, which contain no personal information.

4.4 Direct communications with us

If you email us at [email protected] or otherwise contact us directly, we will receive whatever information you choose to send. We use that information only to respond to you. We do not add you to marketing lists.

4.5 What we do not receive

To be explicit: we do not receive, and the App does not transmit to us or any third party:

  • The audio of your dictations
  • The text of your notes, transcriptions, or summaries
  • Patient names, identifiers, dates of birth, medical record numbers, diagnoses, treatments, or any other clinical information
  • Your name, email address (unless you write to us), phone number, or other contact information
  • Your location
  • Crash reports, analytics events, or usage telemetry
  • Advertising identifiers

5. How information is used

The limited information described in Section 4 is used only to deliver the App to you (update checks, model downloads) and to respond to you when you contact us. We do not use it to build profiles about you, target advertising to you, or share it with marketers.

6. How information is shared

We do not sell personal information. We do not "share" personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act / California Privacy Rights Act (Cal. Civ. Code § 1798.140).

We may disclose information in the following narrow circumstances:

  • To respond to a lawful subpoena, court order, or legal process (and we will resist any request that is overbroad or unlawful);
  • To protect our legal rights or comply with legal obligations;
  • In connection with a merger, acquisition, or asset sale, subject to a successor's agreement to honor this policy.

7. Your privacy rights

7.1 Rights that apply to everyone

You can exercise these rights at any time without contacting us:

  • Right to delete: Uninstalling the App deletes your encrypted data along with the App. On iOS, you may need to confirm "Delete App" rather than "Remove from Home Screen." On Android, choose "Uninstall" from the App's information panel.
  • Right to access: Your data is on your device, in the App. You can view, edit, and export it at any time.
  • Right to opt out of selling/sharing: We do not sell or share personal information for advertising. There is nothing to opt out of.

7.2 California residents (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to know what personal information we collect, use, disclose, and (if applicable) sell or share. See Section 4 above.
  • Right to delete personal information. We retain essentially no personal information about you, so there is nothing for us to delete. To delete data stored locally on your device, uninstall the App.
  • Right to correct inaccurate personal information.
  • Right to limit use of sensitive personal information. Information you input into the App is "sensitive personal information" (including health information), but it never leaves your device, so we do not use it.
  • Right to non-discrimination for exercising your rights.

To exercise California rights, email us at [email protected]. We will verify your identity before responding to substantive requests. We will respond within 45 days as required by law.

7.3 Other US states

If you are a resident of a state with a comprehensive consumer privacy law (currently including Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia, with others taking effect), you have rights similar to those described in Section 7.2 under your state's law. To exercise them, email [email protected].

7.4 Washington residents (My Health My Data Act)

Washington residents have additional rights specifically governing consumer health data under the Washington My Health My Data Act (RCW 19.373). Those rights, and how to exercise them, are described in our separate Washington Consumer Health Data Privacy Policy, available at https://caredraft.app/privacy/washington.

7.5 Appeals

If we deny a privacy rights request and you wish to appeal, reply to our denial within 30 days. We will respond to your appeal within 60 days. If we deny your appeal, you may contact your state's attorney general.

8. Children's privacy

CareDraft is not directed to children under 13 and is not intended for use by children under 13. We do not knowingly collect information from children under 13. If you believe a child under 13 has used the App and provided information to us, contact us at [email protected] and we will investigate.

9. Security

We have designed the App to keep your information secure:

  • All clinical content stored by the App on your device is encrypted using AES-256-GCM.
  • Access to the App requires a PIN (4 to 6 digits) and supports biometric authentication (Face ID, Touch ID, or fingerprint).
  • The PIN is processed using PBKDF2-HMAC-SHA512 key derivation to unwrap a hardware-backed encrypted key. The PIN itself is not stored.
  • Optional biometric unlock uses a separate biometric-protected key in iOS Keychain or Android Keystore; it does not store or replay your PIN.
  • Session keys exist only in device memory during an unlocked session and are cleared on app lock.

No security measure is perfect. The security of your information also depends on you: keep your device updated, use a strong device passcode, do not share your PIN, store your recovery code in a safe place, and uninstall the App if your device is lost or shared with others.

10. Data retention

Because we do not collect or store your clinical content, we do not retain it. Your data is retained on your device for as long as the App is installed; uninstalling the App deletes it.

For the limited information described in Section 4 (Expo update checks, Hugging Face model downloads, App Store purchase reports), retention is governed by those third parties' own policies. Direct communications you send to us are retained as long as needed to respond and to maintain records of our correspondence, and then deleted.

11. International users

The App is currently offered only in the United States. If you are accessing the App from outside the United States, please be aware that we have not designed the App for use outside the United States, and our practices may not comply with the privacy laws of your country. If you wish us to support additional jurisdictions, contact us at [email protected].

12. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last Updated" date at the top of the policy. If we make material changes, we will provide additional notice through the App (such as a banner or prompt on next launch). Your continued use of the App after we post changes constitutes your acceptance of those changes.

13. Contact us

For privacy questions, requests, or complaints:

[CareDraft LLC]
[Insert Postal Address]
Email: [email protected]

*This policy was prepared with assistance from an AI legal-workflow tool and reviewed by qualified counsel before publication. It is not a substitute for individualized legal advice about your situation.*