Privacy Policy
Last updated: May 3, 2026
HIPAAspeak is built on a simple principle: your patient conversations never leave your device.
During a translation session
Speech recognition, translation, and voice synthesis all run entirely on your iPhone using Apple's on-device ML frameworks. No audio, text, or translated content is transmitted over the network, stored on disk, or sent to any server.
- Audio buffers exist only in RAM and are released when recognition completes
- Transcripts and translations exist only in RAM for the duration of the session
- Sessions auto-clear when the app goes to the background, after 5 minutes of inactivity, or after 30 minutes maximum
- No session content is ever written to disk, iCloud, or any database
What we collect
- Apple ID (opaque identifier): Used for authentication. We do not see your name or email unless you choose to share it during Apple Sign In.
- Credential type: Whether you verified via NPI, ARRT, nursing license, or BLS. Stored locally in your device's Keychain.
- Subscription status: Managed by Stripe. We never see your full card number.
What we never collect
- Audio recordings of any kind
- Transcripts or translations
- Patient names, diagnoses, or any protected health information
- Usage analytics on session content
- Crash reports that could contain in-memory content
Third-party SDKs
We use only Apple frameworks (Speech, Translation, AVFoundation) and the Stripe iOS SDK for payments. No Firebase, no Crashlytics, no Sentry, no analytics SDKs.
Data stored on your device
- Apple ID identifier (Keychain)
- Credential verification status (Keychain)
- App preferences (UserDefaults)
- Downloaded language models (managed by iOS, excluded from iCloud backup)
Children's privacy
HIPAAspeak is for licensed healthcare professionals. We do not knowingly collect information from anyone under 18.
Changes
Material changes will be communicated through the app before they take effect.