Privacy Policy

Hermetiq is a cloud-based clinical documentation platform. This policy explains how we collect, process, and protect your data.

Last updated: March 9, 2026

Our approach to privacy

Privacy by design

Hermetiq is built with privacy at its core. Your clinical data is protected by encryption and strict access controls at every layer:

  • End-to-end AES-256 encryption for all clinical data
  • Audio files are processed and immediately deleted — never stored
  • Zero data retention on AI processing infrastructure
  • SOC 2 Type II and HIPAA-certified infrastructure providers

Core privacy principles:

  • We do not use your data to train AI models
  • We do not sell or share your data with third parties
  • We collect the minimum data necessary to provide the service
  • Your privacy is protected by architecture, not just policy

Information we collect

When you create an account

To provide our service, we collect:

  • Email address (for authentication and communication)
  • Name (for your profile and generated documents)
  • Authentication credentials (securely hashed, never stored in plain text)

When you use the service

During normal use, we process:

  • Audio files (temporarily, for transcription — deleted immediately after processing)
  • Generated transcripts and clinical notes (stored encrypted in your account)
  • Client records you create (stored encrypted, accessible only to you)
  • Session metadata (dates, note types — for organizing your dashboard)

When you subscribe

Payment processing is handled by Stripe. We receive:

  • Billing country (for tax compliance)
  • Transaction ID (for support inquiries)
  • Subscription status (to manage your access)

We do not store or have access to your full payment details.

What we don't collect

Hermetiq does not collect, retain, or have access to:

  • Audio recordings (deleted after processing)
  • Unencrypted clinical content
  • Usage patterns or behavioral analytics
  • Crash reports or diagnostics
  • Feature usage statistics
  • Advertising or tracking data

Data storage and security

Your clinical data is stored encrypted on secure, SOC 2 Type II certified infrastructure. You have full control over your data:

  • Export your data at any time in standard formats
  • Delete individual records or all data from your account
  • Close your account to permanently remove all stored data
  • All data encrypted at rest and in transit using AES-256

Website analytics

Our website (gethermetiq.com) uses minimal, privacy-respecting analytics to understand general traffic patterns. We do not:

  • Track individual users across sessions
  • Sell or share visitor data
  • Use retargeting or advertising pixels

Cookies

Hermetiq uses essential cookies for authentication and session management. We do not use tracking cookies, third-party cookies, or advertising cookies.

Third-party services

We use the following third-party services to operate Hermetiq:

Groq

AI infrastructure for speech-to-text and note generation. SOC 2 Type II, HIPAA, and GDPR certified. Zero data retention enabled — audio and text are not stored after processing.

Supabase

Database and authentication infrastructure. SOC 2 Type II certified. All clinical data is encrypted at rest.

Stripe

Payment processing. Subject to Stripe's privacy policy.

Vercel

Application hosting. Subject to Vercel's privacy policy.

Audio files are processed for transcription and immediately discarded — they are never stored on our servers or by our AI providers. Generated notes are stored encrypted in your account until you delete them.

Data retention

  • Clinical data (notes, transcripts, client records)

    Retained in your account as long as your subscription is active. Permanently deleted within 30 days of account closure or upon your request.

  • Audio files

    Never stored. Processed in memory and deleted immediately after transcription.

  • Account and billing records

    Retained as required for tax and legal compliance, typically 7 years.

  • Support correspondence

    Retained as long as necessary to provide support.

Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing of your data
  • Data portability

To exercise these rights, contact us at privacy@gethermetiq.com

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.

Contact us

If you have any questions about this Privacy Policy, please contact us:

privacy@gethermetiq.com

Cyans SEZC Ltd

The Valley, Anguilla, B.W.I.