Privacy Policy — DropRecs™

Effective 2026-04-27 · Last updated 2026-04-27

          In one paragraph. DropRecs™ is designed so that
          patient-identifiable information (PHI) does not leave the physician's
          device. The physician types a patient's first name locally for the
          greeting only; the recording contains clinical recommendations
          without patient identifiers. The recording is transcribed entirely
          on-device on the physician's iPhone — audio never leaves the device.
          The resulting de-identified clinical text is rewritten into
          patient-friendly recommendations by a HIPAA-eligible cloud AI
          provider under DropCharge LLC's signed Business Associate Agreement
          (BAA). No patient data is stored on our servers. No advertising.
          No third-party analytics.
        

1. Who we are

DropRecs^™ is a product of DropCharge LLC (the "Company"), a New York limited liability company. This Privacy Policy describes how we handle data when you use the DropRecs iOS application or the web application at droprecs.app (together, the "Service").

2. Data we collect and where it lives

On your device, never sent to us

Patient first name — you type it locally for the greeting on the final recs PDF. It is not transmitted to our servers or to any third-party API.
Doctor signature — the name and credentials you enter in Settings appear on the PDF the patient receives. Stored in your browser's local storage.
Saved templates — reusable rec templates you create in the Library. Stored in your browser's local storage.
Recents log — the Recents tab stores the timestamp of each share action, optionally a single-letter patient initial, and the de-identified rec content (the recommendations you generated, with no patient name or other identifiers). The rec content is kept on-device so you can reopen a past rec, AirDrop it again, or save it as a reusable template — same on-device-only treatment as saved templates.
Preferences — your theme (light/dark), patient language (English/Spanish), auto-lock mode, biometric-lock flag.

Sent to us (servers we operate)

Access code — during closed beta we verify a per-physician access code on each API request. The code is not personally identifying.
De-identified clinical transcript — the recording is transcribed on-device on the physician's iPhone (audio never leaves the device). The resulting transcript, which contains clinical recommendations without patient identifiers, is sent to a HIPAA-eligible cloud AI provider via our API for rewriting into patient-friendly language. The cloud provider processes the transcript under DropCharge LLC's signed HIPAA Business Associate Agreement (BAA). Neither the transcript nor the resulting recs is stored on our servers after processing — results are passed back to the physician's device and discarded.

What we do NOT collect

No patient full names, MRNs, dates of birth, addresses, or phone numbers.
No third-party analytics trackers, advertising identifiers, or behavioral tracking.
No device location data.
No photos or contacts.

3. Third-party processors

DropRecs uses the following processors to deliver its core functionality. They are contacted only with de-identified clinical content — never patient-identifying data:

HIPAA-eligible US cloud infrastructure provider — hosts the API and executes the AI rewrite of clinical transcripts into patient-friendly recommendations. DropCharge LLC has signed a Business Associate Agreement (BAA) with this provider. Inference runs in US regions only — data does not leave the United States. The provider does not log, retain, or use the request content for model training. A current list of named subprocessors is available on request to privacy@droprecs.app.
Static site host — hosts the marketing pages and the patient-facing install landing. No PHI is transmitted to this host; it serves only static HTML and the iOS install redirect.

Because DropRecs is architected so that patient identifiers never reach these processors, no PHI is shared with them in routine use. We additionally instruct the AI model to omit proper names and absolute dates from its output.

4. iOS permissions

Microphone — used only when you tap Record. Captured audio is transcribed on-device on your iPhone and never leaves the device.
Speech Recognition — used by iOS's on-device speech recognizer to convert your dictation to text without sending audio off the device.
Face ID / Touch ID — used locally to unlock the app. Biometric templates never leave Apple's Secure Enclave; we receive only a pass/fail signal.

5. Retention and deletion

Content you create (recordings, recs, templates, recents log) lives on your device and nowhere else. Deleting the app from your iPhone, or clearing your browser's local storage, erases everything DropRecs has stored about you.

We retain server-side request logs for 30 days for operational purposes (rate limiting, abuse prevention). Logs include request timestamps, HTTP status codes, and your access code; they do not include transcript or rec text.

6. Children

DropRecs is for use by licensed clinicians and their adult patients. It is not directed at children under 13 and we do not knowingly collect data from them.

7. Your rights

Because your DropRecs content lives on your device, you can delete all of it any time by uninstalling the app or clearing your browser's local storage.

You may contact us about any data we hold at the address below.

8. Changes

We may update this Privacy Policy as the product evolves. Material changes will be announced inside the app; the "Last updated" date above will also be bumped.

9. Contact

Questions or concerns: privacy@droprecs.app
DropCharge LLC · New York, USA