Privacy Policy

Effective date: May 19, 2026

Defo Labs LTD ("we," "our," or "us"), trading as Patien, is a company registered in England and Wales with its registered office at 128 City Road, London, EC1V 2NX, United Kingdom. We operate the website usepatien.com and the Patien clinical documentation service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information. Please read it carefully.

1. Information we collect

Account information

When you register, we collect your name, email address, professional credentials, and specialty. This information is used to create and manage your account.

Clinical audio and transcriptions

When you use the recording feature, audio is captured on your device and transmitted to our servers using TLS encryption. Audio files are transcribed and then permanently deleted from our servers within 24 hours of note generation. Transcripts and structured notes are retained only as long as you maintain an active account.

Usage data

We collect information about how you interact with the service — features used, session length, note count — to improve product quality. This data is never linked to individual patient identifiers.

Payment information

Payments are processed by Stripe. We do not store credit card numbers on our servers. We retain billing records (amount, date, plan) required for tax and accounting purposes.

2. How we use your information

• To provide, maintain, and improve the Patien service
• To communicate with you about your account, billing, and product updates
• To detect and prevent fraud or abuse
• To comply with applicable laws and regulations including HIPAA

We do not sell your personal information. We do not use patient visit audio or transcripts to train AI models without explicit written consent.

3. HIPAA compliance

Patien operates as a Business Associate under HIPAA. We maintain appropriate administrative, technical, and physical safeguards for Protected Health Information (PHI). We sign Business Associate Agreements (BAAs) with all covered entity customers. For a copy of our BAA, contact privacy@usepatien.com.

4. Data sharing and disclosure

We share data only with:

• Service providers — cloud infrastructure (Cloudflare), payment processing (Stripe), and email delivery. All under data processing agreements.
• Law enforcement — only when required by a valid legal process, and only after notifying you where legally permissible.

We do not share data with advertisers, data brokers, or third-party analytics platforms.

5. Data retention

Audio files are deleted within 24 hours of processing. Notes and account data are retained while your account is active and for 90 days after cancellation, after which they are permanently deleted. You may request immediate deletion at any time.

6. Your rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a machine-readable format
• Withdraw consent for optional data processing

To exercise these rights, email privacy@usepatien.com.

7. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We conduct regular security audits and penetration tests. Access to production data is restricted to authorized personnel and logged.

8. Children's privacy

Patien is intended for licensed healthcare professionals. We do not knowingly collect information from individuals under 18.

9. Changes to this policy

We will notify you of material changes via email at least 14 days before they take effect. Continued use of the service after changes constitutes acceptance.

10. Contact

Questions about this policy: privacy@usepatien.com
Defo Labs LTD (trading as Patien)
128 City Road, London, EC1V 2NX, United Kingdom