Privacy Policy
Last updated: March 2026
Doccat (“we,” “our,” or “us”) is committed to protecting your privacy and the confidentiality of your clinical data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our clinical documentation platform.
Security & Privacy Features
Data Encryption
All data is encrypted using AES-256 both in transit (TLS 1.3) and at rest. Your clinical documents are protected by military-grade encryption.
Zero Data Mining
We never analyze, mine, or use your clinical data for any purpose other than providing our services. Your data is yours alone.
HIPAA Compliance
Our platform is built to meet HIPAA requirements with Business Associate Agreements (BAAs) available for healthcare organizations.
Secure Infrastructure
SOC 2 Type II certified data centers with 24/7 monitoring, redundant backups, and disaster recovery protocols.
Access Controls
Role-based access control (RBAC) with multi-factor authentication, session timeouts, and IP whitelisting capabilities.
Breach Notification
In the unlikely event of a security incident, we provide immediate notification and detailed incident reports within 24 hours.
Information We Collect
Clinical Data
- Clinical notes and documentation you create
- Patient templates and custom forms
- Agent configurations and knowledge base entries
- Audit logs of document access and modifications
Account Information
- Name, email address, and professional credentials
- Organization affiliation and role
- Authentication credentials (encrypted)
- Session and access logs
How We Use Your Information
Service Provision
To provide, maintain, and improve our clinical documentation platform and AI-assisted features.
Security & Compliance
To detect and prevent fraud, unauthorized access, and ensure HIPAA compliance.
Technical Support
To respond to your requests, troubleshoot issues, and provide customer support.
Important: We do not use your clinical data to train AI models without explicit consent. Any AI training is performed only on anonymized, aggregated data with appropriate data use agreements in place.
Data Sharing & Disclosure
We do not sell, trade, or otherwise transfer your clinical data to third parties. We may share information only in the following circumstances:
- With your organization: Data is shared according to your organization's access control settings
- Service providers: Trusted third parties who assist in operating our platform under strict confidentiality agreements
- Legal requirements: When required by law, court order, or to protect our rights and safety
- Business transfers: In connection with a merger, acquisition, or sale of assets (with continued privacy protections)
Your Rights
Access & Export
Request a copy of all data associated with your account at any time.
Correction
Update or correct inaccurate personal information in your profile.
Deletion
Request deletion of your account and associated data (subject to legal retention requirements).
Data Portability
Export your clinical documents in standard formats for transfer to other systems.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at: