BetaAphaSay is in beta testing. Early access is free — join the waitlist to get the app →
AphaSayAphaSay

Privacy Policy

Last updated: May 2026

The short version

  • We do not sell your data.
  • We do not show ads.
  • We do not train AI models on your conversations.
  • Your data is encrypted in transit and at rest.
  • You can delete your account and all data at any time.

1. What we collect

We collect voice audio when you use the Talk feature. Audio is transcribed and then used for sentence reconstruction. We store the raw transcription, the reconstructed sentence, and a confidence score for each session.

We collect information you voluntarily provide in your patient profile: names of family members, locations, routines, and medications. This information is used only to improve reconstruction quality for your account.

We collect standard usage data: which features you use, session count, app version, and device type. We do not collect your GPS location.

2. How we use your data

Your audio is sent to OpenAI's gpt-4o-transcribe API for transcription. Data sent to the OpenAI API is not used to train OpenAI's models.

Your transcription and patient profile are sent to GPT-4o for sentence reconstruction. The same applies — this data is not used for model training.

Session data (transcription, reconstruction, confidence score) is stored on our servers on Supabase infrastructure. All data is encrypted at rest using AES-256 and in transit using TLS 1.3.

3. Security

We take the security of your health-related data seriously. All face and camera processing happens on your device, and session data is encrypted at rest and in transit. Access controls enforce that only you and the parties you explicitly authorize can view your session data.

We are working toward formal HIPAA compliance for clinical use. If you are a clinical organization that requires a Business Associate Agreement (BAA), contact us at support@stroke.technology.

4. Who can see your data

By default, only you can see your conversation history. You may grant read-only access to family members through the companion app.

You can revoke any granted access at any time from the Settings screen. AphaSay staff do not have access to individual conversation content.

5. Data retention

The default retention period is twelve months. You can change this to three months, six months, or indefinite in Settings. Audio recordings can be set to delete immediately after transcription if you prefer not to store them.

6. Deleting your account

You can delete your account from the Settings screen. All personal data is deleted within thirty days. If you need immediate deletion, email support@stroke.technology and we will process it within 72 hours.

7. Cookies and tracking

The mobile app does not use advertising cookies or third-party tracking SDKs. The website uses a single first-party session cookie for authentication. We use Plausible Analytics for anonymized page-level web analytics with no personally identifiable information collected.

8. Contact

For any privacy questions, data requests, or security inquiries, contact support@stroke.technology. We respond within 48 hours.