Privacy Policy & Security Practices
Last updated: June 29, 2026
DocSoloAI is a clinician-facing clinical reasoning and documentation support tool. This Privacy Policy explains what information we collect, how we use it, and how we protect it.
DocSoloAI is intended for use by licensed clinicians. Users should avoid entering direct patient identifiers whenever possible and should use de-identified or minimally necessary clinical information when submitting case details.
Information We Collect
DocSoloAI collects information needed to operate the service, authenticate users, provide clinical support output, and manage subscriptions.
- Account information: such as name, email address, login credentials, and account status.
- Clinical case inputs: information entered by users, such as patient age range, symptoms, regions of complaint, exam findings, red flags, imaging notes, and clinician notes.
- Generated output: AI-generated clinical reasoning, differential considerations, ICD-10 suggestions, treatment planning support, home care suggestions, and follow-up responses.
- Usage information: such as case usage counts, subscription access status, and basic activity needed to enforce plan limits and maintain the service.
- Payment and subscription information: payment processing is handled by Stripe. DocSoloAI does not store full credit card numbers.
How We Use Information
We use collected information to provide and improve DocSoloAI, including:
- Authenticating users and securing account access.
- Generating clinician-facing AI output based on submitted case details.
- Managing free and paid access levels.
- Processing subscription and billing status.
- Monitoring usage limits and preventing abuse.
- Maintaining, debugging, and improving the reliability of the service.
Third-Party Service Providers
DocSoloAI uses trusted third-party service providers to operate the app. These providers may process information only as needed to provide their services to DocSoloAI.
- Supabase: authentication, database, account records, subscription-related records, and app data storage.
- OpenAI: processing submitted clinical case information to generate AI-assisted clinical support output.
- Stripe: payment processing, subscription billing, checkout, and customer billing portal services.
- Vercel: hosting, deployment, and operation of the DocSoloAI web application.
We do not sell user information.
Clinical Information and Patient Identifiers
DocSoloAI is designed to assist clinicians with reasoning, documentation, and care-planning support. It is not intended to be used as a patient-facing diagnostic tool or as a substitute for professional clinical judgment.
Users are responsible for deciding what information they enter into DocSoloAI. Whenever possible, users should avoid entering names, addresses, phone numbers, full dates of birth, medical record numbers, insurance identifiers, or other direct patient identifiers.
DocSoloAI is not currently marketed as a HIPAA-compliant electronic health record, patient portal, or medical record storage system.
Data Storage and Retention
Account, subscription, settings, and usage-related information may be stored securely in DocSoloAI's database. Clinical case information may be processed to generate output and may be stored only as needed to provide app functionality, enforce usage limits, troubleshoot issues, or maintain the service.
Users may contact DocSoloAI to request account deletion or data review. Some information may need to be retained for legitimate business, security, billing, legal, or operational reasons.
Security Practices
DocSoloAI uses reasonable administrative, technical, and organizational safeguards to protect user information.
- Authentication is handled through Supabase Auth.
- User passwords are handled by Supabase Auth and are not visible to DocSoloAI.
- Sensitive application data is protected using Supabase row-level security.
- Paid and free access are checked on the server side.
- OpenAI API keys and other sensitive secrets are kept server-side.
- Stripe handles payment processing; DocSoloAI does not store full card numbers.
- Production deployment is managed through Vercel.
- Administrative platform accounts are protected with additional account security controls where available.
- Usage limits and spend controls are used to reduce abuse and unexpected API activity.
No internet-based service can guarantee absolute security. Users should use strong passwords, protect account access, and avoid submitting unnecessary sensitive information.
User Responsibilities
Users are responsible for their use of DocSoloAI and for reviewing AI-generated output before relying on it clinically. DocSoloAI output should be considered clinical support information, not a final diagnosis, treatment order, or replacement for clinician judgment.
Users are also responsible for complying with any laws, regulations, payer requirements, professional rules, documentation standards, and privacy obligations that apply to their practice.
Changes to This Policy
We may update this Privacy Policy and Security Practices page from time to time. Updates will be posted on this page with a revised updated date.
Contact
For privacy, security, or account-related questions, contact us at docsoloai@gmail.com.
DocSoloAI Powered by OpenAI
© 2026 DocSoloAI. All rights reserved.