QuillMD
Start free trial
Legal

Privacy Policy

Last updated: 2026-04-20

[DRAFT — PENDING LEGAL REVIEW]

This document is a placeholder structure. The content below is an operational summary of how we handle data; it has not yet been reviewed by counsel and is not the final, binding Privacy Policy. Please email the contact at the bottom of this page if you need to cite a reviewed version.

1. Who we are

QuillMD is a medical-transcription product operated by AshTech Group. This Privacy Policy covers information collected through the QuillMD app (https://app.quillmd.com once DNS lands) and the marketing site you're reading now.

2. What we collect

We collect two kinds of information:

  • Account data: email, name, hashed password, IP + user agent at sign-in, and product usage analytics.
  • Clinical data: audio recordings you upload, transcripts, SOAP notes, ICD/CPT codes, prescriptions, and any text you paste into the editor. This content may contain Protected Health Information (PHI) under HIPAA.

3. How we use it

  • Operate the product: generate transcripts, SOAP notes, and related artifacts on your behalf.
  • Improve model prompting using anonymized signals from how doctors edit AI drafts (see the HIPAA page for the de-identification approach).
  • Communicate with you about the product (transactional email only; no marketing unless you opt in separately).
  • Comply with legal obligations, including HIPAA audit logs.

4. Who we share it with

We use subprocessors for specific functions. All subprocessors that touch PHI have signed Business Associate Agreements:

  • Anthropic — Claude models (SOAP generation, structured extraction).
  • OpenAI — embeddings for style-matching.
  • Deepgram — audio transcription.
  • Resend — email delivery for signed-note exports.

We do not sell your data. We do not share clinical data with any party outside this list.

5. Your rights

You can request a copy of your data, correction of inaccurate information, or deletion of your account at any time from the Settings page within the app, or by emailing the contact address below.

6. Retention

Audio files: 90 days past visit completion (configurable per practice). Transcripts and signed notes: 7 years minimum (HIPAA recordkeeping). Account data: until you delete the account. Edit-pattern embeddings: indefinitely while the account is active.

7. Contact

Privacy questions: privacy@ashtechgroup.com. We respond within 30 days.