Privacy Policy

Last updated: June 21, 2026

How VisitRecall handles your audio: Recording happens on your device. Transcription happens on your device using WhisperKit. Once your visit is transcribed, the audio file is deleted from your device. We never store audio recordings. We store only the resulting transcripts, summaries, and the health information you choose to keep — all encrypted in transit and at rest.

VisitRecall, Inc. ("VisitRecall," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website and mobile application.

Information We Collect

Website Analytics & Advertising: We use Google Analytics and advertising cookies on this website to measure traffic and ad performance. This helps us improve the site — it's separate from the app and your health data, and we never sell your personal information. You can decline these cookies using the consent banner shown on your first visit.

App Usage: When using the VisitRecall app, we collect:

• Transcripts of your doctor visits (audio is captured momentarily on your device for transcription only — the audio file is then deleted and never leaves your device)
• AI-generated summaries of your visits
• Health questions and conversations with our AI assistant
• Next steps and follow-up items
• Health information you choose to input
• Device information for app functionality
• Usage analytics to improve the app

How We Use Your Information

• To send you a text message when VisitRecall launches
• To provide transcription and AI-powered summaries
• To answer your health questions using AI
• To enable sharing with family members you authorize
• To communicate with you about updates and features
• To ensure the security of your data
• To improve our services

SMS / Text Messaging

The program. If you ask us to book a specialist referral, VisitRecall sends one-to-one text messages to the people who request that help. You start it yourself on our website at visitrecall.com/try-the-referral by submitting and verifying your own US mobile number. These messages coordinate and confirm your appointment and invite you to download the VisitRecall app. Any insurance details are collected on our secure web form — never over SMS — and our texts are for scheduling only.

How you opt in. You opt in by checking a box that is unchecked by default and then verifying your number with a one-time passcode we text you. We only text numbers the owner has verified this way. We never text numbers from purchased or third-party lists.

Message frequency and rates. Message frequency varies. Message and data rates may apply.

Opting out and getting help. You can opt out anytime by replying STOP. Reply HELP, or email support@visitrecall.com, for help.

Carriers are not liable for delayed or undelivered messages.

We never share your mobile information. Mobile phone numbers and the SMS consent you give us are never shared, sold, or rented to third parties or affiliates for their own marketing or promotional purposes. No mobile information is shared with third parties for marketing purposes.

AI Processing and Third-Party Services

VisitRecall uses artificial intelligence and third-party services to provide our features:

On-Device Transcription (no third party):

• WhisperKit (on-device): Audio is transcribed entirely on your device using WhisperKit, an open-source speech-recognition library that runs locally. No audio ever leaves your device, and no audio is sent to any third party. Once the transcript is created, the audio file is deleted from your device.

AI Services (transcripts and text only — never audio):

• Anthropic, PBC (Claude): We send your visit transcripts, health questions, and related context to Anthropic's Claude service for analysis, summaries, and question answering
• If you attach documents (photos or PDFs), text extracted from those documents may be sent to Anthropic for analysis
• Anthropic is contractually prohibited from using your data to train their AI models
• We obtain your explicit consent within the app before sending any data to Anthropic

Data Shared with AI Providers

Audio recordings are never sent to any third-party AI provider. Transcription happens on your device. Only the following text-based data is sent to Anthropic:

• Visit transcripts (sent to Anthropic for analysis and summaries)
• Health information you provide, including medical conditions, medications, and health history (sent to Anthropic as context for personalized AI responses)
• Document text from photos or PDFs you attach (sent to Anthropic for analysis)
• Questions you ask about your visits or health (sent to Anthropic for answering)

All data is transmitted using encryption (TLS/HTTPS). We only send the minimum data necessary to provide each feature.

Firebase and Google Cloud Services:

• Firebase Authentication: Manages user sign-in and account security
• Cloud Firestore: Stores your transcripts, summaries, questions, and profile data (encrypted at rest)
• Google Analytics: Helps us understand how users interact with the app to improve the experience
• Firebase Crashlytics: Collects crash reports and diagnostic data to help us fix bugs and improve app stability

We do not use Firebase Storage or any cloud storage for audio files. Audio is never uploaded to the cloud.

We only send the minimum data necessary to provide our services, and we never sell your personal information.

Data Storage and Security

• We never store audio files. Audio is captured on your device, transcribed on-device using WhisperKit, and then immediately deleted from your device once transcription is complete
• We store only the resulting transcripts, summaries, and other text-based health information you create
• All stored data is encrypted in transit (TLS/HTTPS) and at rest (AES-256)
• Data transmitted to Anthropic for AI analysis is encrypted in transit
• We implement industry-standard security measures to protect your information

Family Sharing

VisitRecall allows you to share your health information with family members you authorize:

• You control who can see your visit summaries, next steps, and questions
• Family members must create their own account to view shared information
• You can revoke access at any time
• Shared data is subject to the same security protections as your personal data

Data Sharing

We do not sell your personal information. We only share data with:

• Anthropic, PBC (Claude) — to generate summaries, analyses, and answer health questions from your transcripts and text-based health information (transcription itself happens on your device via WhisperKit and is not shared with any third party)
• Cloud infrastructure providers (Firebase/Google Cloud) who help us operate our services
• Family members you explicitly authorize through the app
• When required by law or to protect our rights

Your Rights and Data Control

You have the right to:

• Access your personal data at any time through the app
• Delete all your data permanently using the "Delete All My Data" feature in the app's Profile settings
• Export your transcripts and health information
• Opt out of marketing communications
• Revoke family sharing access at any time
• Correct inaccurate data

Restriction on use in legal proceedings: While you retain full access to your data for personal health management, insurance and billing disputes, and family sharing, our Terms of Service prohibit the use of transcripts, summaries, or any other VisitRecall content as evidence in legal claims or proceedings against healthcare providers. Please review Section 5 of our Terms of Service for full details.

How to Delete Your Data

You can delete all your data at any time:

1. Open the VisitRecall app
2. Go to Profile tab
3. Scroll to "Your Data" section
4. Tap "Delete All My Data"
5. Confirm by typing "DELETE"

This will permanently remove all your transcripts, summaries, questions, next steps, and profile information. (Audio files are not stored — they are deleted on your device immediately after transcription.) This action cannot be undone.

Data Retention

We retain your data for as long as you maintain an active account. When you delete your data using the in-app deletion feature:

• All your data is permanently deleted from our servers within 30 days
• Backups containing your data are purged within 90 days
• Some anonymized, aggregated analytics data may be retained for service improvement

Children's Privacy

VisitRecall is not intended for use by children under 13. We do not knowingly collect personal information from children under 13.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect
• The right to delete your personal information
• The right to opt-out of the sale of personal information (we do not sell your data)
• The right to non-discrimination for exercising your privacy rights

Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your privacy rights, please contact us at:

privacy@visitrecall.com

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will notify you through the app or via email.