Privacy Policy

We collect voice audio when you use the Talk feature. Audio is transcribed and then used for sentence reconstruction. We store the raw transcription, the reconstructed sentence, and a confidence score for each session.

We collect information you voluntarily provide in your patient profile: names of family members, locations, routines, and medications. This information is used only to improve reconstruction quality for your account.

We collect standard usage data: which features you use, session count, app version, and device type. We do not collect your GPS location.

Your audio is sent to OpenAI's gpt-4o-transcribe API for transcription under their Zero Data Retention policy. This means OpenAI processes your audio in real time and does not retain it on their servers.

Your transcription and patient profile are sent to GPT-4o for sentence reconstruction. The same Zero Data Retention policy applies.

Session data (transcription, reconstruction, confidence score) is stored on our servers on Supabase infrastructure. All data is encrypted at rest using AES-256 and in transit using TLS 1.3.

AphaSay is designed and operated as a HIPAA-compliant service. We have Business Associate Agreements (BAAs) in place with all infrastructure providers that handle protected health information, including Supabase and OpenAI.

For clinical users, all patient data access is logged and auditable. Access controls enforce that only explicitly authorized parties can view patient session data.

By default, only you can see your conversation history. You may grant read-only access to family members through the companion app, and clinical access to your speech-language pathologist through the SLP portal.

You can revoke any granted access at any time from the Settings screen. AphaSay staff do not have access to individual conversation content.

The default retention period is twelve months. You can change this to three months, six months, or indefinite in Settings. Audio recordings can be set to delete immediately after transcription if you prefer not to store them.

You can delete your account from the Settings screen. All personal data is deleted within thirty days. If you need immediate deletion, email privacy@aphasay.app and we will process it within 72 hours.

The mobile app does not use advertising cookies or third-party tracking SDKs. The web portal uses a single first-party session cookie for authentication. We use Plausible Analytics for anonymized page-level web analytics with no personally identifiable information collected.

For any privacy questions, data requests, or HIPAA inquiries, contact privacy@aphasay.app. We respond within 48 hours.