Last Updated: March 2026

Privacy Policy

IntelMedica LLC ("IntelMedica," "we," "us," or "our") operates RN Scribe, a clinical documentation tool available at rnscribe.com. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Service.

1. Information We Collect

1.1 Account Information

When you create an account or sign in via your hospital's identity provider (SSO), we receive your name, email address, professional role, and hospital affiliation. We do not collect or store your SSO password.

1.2 Audio Recordings

RN Scribe captures audio recordings that you initiate for the purpose of clinical note transcription. Audio is processed locally on our servers using on-premise AI models. Audio is never sent to third-party cloud speech-to-text services (e.g., Google Cloud Speech, AWS Transcribe, or similar).

1.3 Transcription Text

We store the text output of your transcriptions so you can review, edit, and export your clinical notes.

1.4 Correction Data

When you edit a transcription, we capture the difference between the original text and your corrected text. This correction data may be de-identified and used to improve our transcription models (see Section 4).

1.5 Usage Analytics

We collect anonymized, aggregate usage data such as pages visited, referrer URLs, browser type, country, session duration, feature usage frequency, and error rates using self-hosted analytics tools (see Section 8). This data does not contain any personally identifiable information (PII) or protected health information (PHI).

1.6 Newsletter and Marketing

If you subscribe to our newsletter, we collect your email address. We use a self-hosted newsletter platform (Listmonk) to deliver email communications. Newsletter subscriptions require double opt-in confirmation. We track email opens and link clicks in sent newsletters to measure engagement. You may unsubscribe at any time using the link provided in every email.

1.7 Marketing Automation

We use a self-hosted marketing automation platform (Mautic) that sets a persistent cookie (mtc_id) on your device to track visitor behavior across sessions, including pages visited and form interactions. If you submit a form (such as a contact or newsletter form), this cookie may be linked to your email address. See Section 8 for details on cookies and how to manage them.

2. What We Do NOT Collect

RN Scribe is a clinical documentation tool designed for drafting note templates. By using the Service, you agree not to dictate patient-identifying information. Specifically, we do not intentionally collect:

  • Patient names, dates of birth, or Social Security numbers
  • Medical record numbers (MRN) or account numbers
  • Any other Protected Health Information (PHI) as defined by HIPAA

If PHI is inadvertently captured in a recording, it is processed locally and never transmitted to external services. You should review all transcriptions before use and remove any patient-identifying information.

3. How We Store and Protect Your Data

3.1 Encryption at Rest

All stored data is encrypted using AES-256 encryption. Audio files are encrypted with AES-256 server-side encryption (SSE) in our object storage. Database fields containing sensitive data use column-level encryption.

3.2 Encryption in Transit

All data transmitted between your device and our servers is encrypted using TLS 1.3. Audio streaming uses encrypted WebSocket connections (WSS).

3.3 Local AI Processing

All audio transcription and AI processing is performed on our on-premise infrastructure using locally hosted AI models. Your audio is never sent to third-party cloud APIs for processing.

3.4 Access Controls

Access to your data is restricted through role-based access controls (RBAC), multi-factor authentication (MFA), and tenant-level data isolation. Each hospital's data is logically separated and inaccessible to other organizations.

4. How We Use Your Data

  • Transcription Services: To convert your audio recordings into text and format clinical notes.
  • Service Improvement: De-identified correction data (with all PII and PHI stripped) may be used to improve the accuracy of our transcription models. You consent to this use by accepting these terms. No raw audio or identifiable data is used for training.
  • Analytics: Anonymized, aggregate usage data collected via self-hosted analytics (Umami) and marketing automation (Mautic) helps us understand feature adoption, measure marketing effectiveness, and improve the user experience.
  • Newsletter Communications: If you subscribe to our newsletter, your email address is used to deliver product updates, feature announcements, and relevant content via our self-hosted newsletter platform (Listmonk).
  • Security and Compliance: We maintain audit logs of data access for security monitoring and regulatory compliance.

5. Data Retention

5.1 Audio Recordings

Audio recordings are retained for a default period of 30 days after the transcription is finalized (signed off by the user). After this period, audio is securely deleted following NIST 800-88 guidelines. Retention periods are configurable by your hospital administrator.

5.2 Transcription Text

Transcription text is retained until you delete it or until your account is terminated. You may delete individual transcriptions at any time from the dashboard.

5.3 Account Data

Account data is retained for the duration of your active account. Upon account deletion, all associated data is permanently removed within 30 days.

5.4 Auto-Deletion

An auto-deletion option is available. When enabled, all recordings and transcriptions older than your specified retention period are automatically and permanently deleted.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Delete: Delete your transcriptions, recordings, and account data at any time.
  • Export: Export your transcription data in standard formats.
  • Correction: Request correction of inaccurate personal data.
  • Withdraw Consent: Withdraw consent for data processing by deleting your account. Note that this may affect your ability to use the Service.

To exercise any of these rights, contact us at privacy@intelmedica.ai.

7. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

We may share data only in the following limited circumstances:

  • Hospital Administrators: Your hospital administrator may have access to aggregated usage statistics and user management within their organization.
  • Legal Requirements: When required by law, court order, or governmental authority.
  • Service Providers: With infrastructure providers who operate under strict data processing agreements and do not have access to the content of your recordings or transcriptions.
  • Cloudflare: We use Cloudflare for content delivery, DDoS protection, and bot verification (Turnstile) on our forms. Cloudflare may process limited technical data (IP address, browser headers) to provide these services. Cloudflare operates under its own privacy policy and data processing agreements.
  • Self-Hosted Services: Our analytics (Umami), marketing automation (Mautic), and newsletter (Listmonk) platforms are self-hosted on infrastructure we control. Data processed by these services is not shared with third parties.

8. Cookies, Analytics, and Tracking Technologies

RN Scribe uses browser localStorage to store your authentication token and application preferences. We do not use third-party advertising cookies or sell data to advertisers. The following services are used on this website and the RN Scribe application:

8.1 Umami Analytics

We use Umami, a self-hosted, privacy-friendly, cookieless analytics platform (hosted at analytics.secsols.io). Umami collects aggregate pageview data including pages visited, referrer URLs, browser type, device type, and country. Umami does not set any cookies, does not collect personally identifiable information, and cannot identify or track individual users across sessions or sites. All data is aggregated and anonymized.

8.2 Mautic Marketing Automation

We use Mautic, a self-hosted marketing automation platform (hosted at mautic.secsols.io), to understand how visitors interact with our website. Mautic sets a persistent cookie (mtc_id) on your device to track visitor behavior across sessions, including pages visited and form interactions. Initially, this tracking is anonymous. If you submit a form (such as a contact or newsletter form), Mautic may link your browsing history to your email address. This data is used solely for marketing communications and improving our website. The mtc_id cookie persists until cleared by you. You may block or delete this cookie through your browser settings at any time.

8.3 Cloudflare Turnstile

We use Cloudflare Turnstile for bot protection on our forms (such as the contact form and newsletter subscription). Turnstile uses Cloudflare's challenge infrastructure to verify that form submissions are made by humans, not automated bots. It may set temporary cookies for challenge verification purposes. Turnstile does not track users beyond form submission verification and does not collect personal data for advertising. Cloudflare's privacy policy governs the data processed by Turnstile.

8.4 Listmonk Newsletter Platform

We use Listmonk, a self-hosted newsletter platform (hosted at newsletter.intelmedica.ai), to manage email subscriptions and deliver newsletters. When you subscribe to our newsletter, Listmonk collects your email address. Subscription requires double opt-in: after submitting your email, you must confirm via a verification email before being added to our mailing list. Listmonk tracks email opens and link clicks in sent newsletters to measure engagement. Every email includes an unsubscribe link. You may unsubscribe at any time, and your email address will be removed from our mailing list.

8.5 Managing Cookies and Tracking

You can control cookies through your browser settings. Blocking or deleting cookies may affect certain website functionality (such as Mautic visitor tracking), but will not prevent you from using RN Scribe's core features. Umami analytics operates without cookies and cannot be blocked through cookie settings. To opt out of newsletter communications, use the unsubscribe link in any email.

9. Children's Privacy

RN Scribe is intended for use by licensed healthcare professionals. We do not knowingly collect information from individuals under the age of 18. If you believe we have inadvertently collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice within the application and updating the "Last Updated" date at the top of this page. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: