Sollo AI, LLC ("we," "our," or "us") is committed to protecting the privacy of healthcare providers who use our platform. This Privacy Policy describes how we collect, use, store, and protect your information when you use our AI-powered clinical documentation services.
1. Information We Collect
We collect only the information necessary to provide and maintain our services:
1.1 Account Information
When you create an account, we collect basic registration information, including:
- Your name and professional credentials
- Email address
- Password (stored in encrypted form)
- Practice or organization name (if applicable)
1.2 Audio & Clinical Data
We process the following data to provide our services:
- Audio recordings of patient encounters (uploaded or recorded through our platform)
- Text-based clinical notes entered into our system
- Transcriptions and SOAP notes generated by our AI
- Referral letters and other clinical documentation
This data may contain Protected Health Information (PHI) as defined by HIPAA. See our HIPAA Compliance page for details on how we protect this sensitive information.
1.3 Communication Data
When you communicate with us, we collect:
- Information you provide in support tickets or inquiries
- Email correspondence with our team
- Feedback submitted through our platform
1.4 Technical Data
We collect minimal technical information required to operate our service:
- IP address (for security and troubleshooting only)
- Browser type and version
- Login timestamps and activity logs
We do not use cookies for tracking or analytics purposes, nor do we employ third-party tracking services.
2. How We Use Your Information
We use the information we collect for specific, limited purposes:
2.1 Providing Services
- Processing audio recordings and text inputs to generate clinical documentation
- Converting unstructured notes into formatted SOAP notes
- Creating referral letters and other clinical documentation
- Authenticating users and maintaining account security
2.2 Data Processing and AI Training
Privacy-First AI Technology: Sollo AI uses AI models that are hosted locally on our secure infrastructure. Unlike many AI services, we never send your data to third-party AI providers like ChatGPT or other external AI companies.
All processing occurs within our closed system, ensuring maximum privacy and security for your sensitive clinical information. Our AI training and improvement processes are conducted in-house with strict privacy controls and data anonymization protocols.
2.3 Improving Our Platform
- Troubleshooting technical issues
- Analyzing performance metrics to optimize our AI models
- Enhancing features based on user feedback
Note: Any usage of data for model improvement is done only with anonymized data that has been stripped of all PHI.
2.4 Communications
- Providing customer support
- Sending service notifications about platform updates or maintenance
- Responding to your inquiries
2.5 What We Don't Do With Your Data
We do not:
- Sell your data to third parties
- Use your data for advertising purposes
- Share your data with third-party analytics services
- Train general AI models on your sensitive clinical information
- Send your data to external AI providers or services
3. Data Storage & Retention
3.1 Storage Location
Your data is stored in HIPAA-compliant, healthcare-grade cloud infrastructure located in the United States. We employ industry-standard security measures to protect your information at all times.
3.2 Geographical Restrictions
U.S. Service Only: Sollo AI's services are currently offered exclusively to healthcare providers operating within the United States. Our platform and data practices are designed specifically to comply with U.S. healthcare regulations, particularly HIPAA.
If you are accessing our services from outside the United States, please be aware that our platform is not intended for use outside the U.S., and we may not be able to ensure compliance with local privacy laws in other jurisdictions.
3.3 Retention Period
We maintain different retention policies for different types of data:
- Audio Recordings: Retained for 30 to 45 days to allow for review or reprocessing, after which they are automatically deleted.
- Generated Documents: Stored for as long as your account remains active, or until you delete them.
- Account Information: Maintained for the duration of your subscription and for a limited period after termination (typically 30 days) to facilitate account reactivation if desired.
3.4 Data Deletion
You can delete your data at any time through your account dashboard. When you delete data, it is immediately removed from active systems and permanently deleted from backups within 30 days.
4. Data Security
We implement comprehensive security measures to protect your information:
- Encryption: AES-256 encryption for all data at rest and TLS encryption for data in transit
- Access Controls: Strict role-based access controls limiting employee access to PHI
- Authentication: Multi-factor authentication for administrative access
- Monitoring: Continuous security monitoring and regular penetration testing
- Training: Regular security training for all staff members
5. Breach Response Plan
In the unlikely event of a data breach involving PHI, we will implement our comprehensive response plan:
5.1 Initial Response
- Immediately activate our incident response team
- Contain the breach and secure affected systems
- Conduct a preliminary assessment to determine the scope and impact
- Document all relevant information about the breach
5.2 Investigation
- Perform a thorough investigation to determine what happened, what data was affected, and who was affected
- Engage third-party security experts if necessary
- Identify the root cause and implement remediation measures
5.3 Notification
- Notify affected customers without unreasonable delay and within 60 days of discovery, as required by HIPAA
- Provide detailed information about the breach, including what happened, what information was involved, steps we are taking, and recommendations for protection
- Support covered entities in meeting their breach notification obligations to patients and regulatory authorities
- Notify law enforcement if appropriate
5.4 Remediation and Prevention
- Implement corrective actions to address the root cause
- Enhance security measures to prevent similar incidents
- Conduct a post-incident review to improve our response procedures
- Provide additional training to staff if necessary
This breach response plan is regularly reviewed and updated to ensure it remains effective and compliant with current regulatory requirements.
6. Children's Privacy
Sollo AI's services are designed exclusively for use by healthcare professionals and are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.
If we become aware that we have inadvertently collected personal information from a child under 18, we will promptly delete this information. If you believe we may have collected information from a child under 18, please contact us immediately at support@solloai.com.
7. Your Rights
You have several rights regarding your personal information:
- Access: You can access and view your data through your account dashboard at any time
- Correction: You can update or correct your account information through your profile settings
- Deletion: You can delete specific documents or your entire account as needed
- Export: You can export your generated documentation in various formats
- Objection: You can contact us to object to certain processing of your data
To exercise these rights beyond what's available in your dashboard, please contact us at support@solloai.com.
8. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will:
- Post the updated policy on our website
- Notify you via email or through an in-app notification for significant changes
We encourage you to review this policy periodically to stay informed about our privacy practices.