Is Psynopsis HIPAA compliant?

Yes, Psynopsis is fully HIPAA compliant. We maintain strict data security protocols, offer Business Associate Agreements (BAA) for all paid plans, and use enterprise-grade encryption for all data at rest and in transit. Our infrastructure is hosted on HIPAA-compliant cloud servers with regular security audits.

How does NPI verification work?

During signup, we verify your National Provider Identifier (NPI) against the NPPES database to ensure only licensed healthcare providers can access our platform. This verification process typically takes less than 24 hours and helps maintain the professional integrity of our user base.

Does Psynopsis integrate with my EHR?

Psynopsis is designed to work alongside your existing EHR system. While we don't directly integrate with EHRs yet, our documentation can be easily copied and pasted into any system. We're actively developing direct integrations with major EHR platforms—contact us if you'd like to be notified when your EHR is supported.

How accurate is the AI transcription?

Our AI transcription achieves over 95% accuracy for psychiatric terminology and clinical language. The system is specifically trained on mental health documentation and continuously improves based on user feedback. All transcriptions can be reviewed and edited before finalizing.

What happens to my patient data?

We take patient privacy extremely seriously. All data is encrypted, we never sell or share patient information, and you retain full ownership of your documentation. Data is stored on secure, HIPAA-compliant servers and can be exported or deleted at any time upon request.

How long does onboarding take?

Most providers are up and running within 30 minutes. Our platform is designed to be intuitive, and we offer guided tutorials, documentation, and support to help you get started quickly. Enterprise customers receive dedicated onboarding assistance.

Privacy Policy

Last updated: March 2, 2026

1. Introduction

AI SIMP LLC ("Psynopsis," "we," "us," or "our") operates the Psynopsis psychiatric documentation platform, including the web application at app.psynopsis.ai, the marketing website at psynopsis.ai, and the Psynopsis AI Chrome Extension (collectively, "the Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use any part of the Service. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

Name and professional credentials
Email address
National Provider Identifier (NPI)
Practice or facility information
Subscription and billing information (processed by Stripe; we do not store credit card numbers)

2.2 Clinical Documentation

Clinical notes, transcriptions, and documentation generated through the Service are encrypted and stored securely. We do not access, review, or share patient information except as necessary to provide the Service.

2.3 Audio Data

When you use real-time transcription (via the web application or Chrome extension), audio is streamed to our transcription service for real-time processing. Audio is never stored, recorded, or retained on our servers. Once a transcription segment is generated, the corresponding audio data is immediately discarded. Audio is never used for AI model training.

2.4 Usage Data

Log data (timestamps, feature usage, error reports)
Device and browser information
IP address (used for security and fraud prevention only)
Anonymized analytics to improve the Service

2.5 Chrome Extension–Specific Data

The Psynopsis AI Chrome Extension requests the following permissions:

Permission	Why We Need It
tabCapture	Captures audio from the active browser tab for real-time transcription during telehealth sessions. Audio is streamed directly to our transcription service and never stored.
activeTab	Accesses the currently active tab to enable audio capture. Only activated when you explicitly start a transcription session.
storage	Stores your authentication token and user preferences locally in the browser. No clinical data is stored in extension storage.
offscreen	Creates an offscreen document to process audio capture in the background, as required by Chrome's Manifest V3 architecture.
contentSettings	Manages microphone access settings for transcription functionality.
host_permissions	Enables audio capture on telehealth platforms (e.g., Zoom Web, Doxy.me, Google Meet) regardless of the specific URL. No page content is read or modified.

The Chrome extension does not read, modify, or collect any webpage content. It does not inject scripts into pages. It does not track your browsing history. It is used solely for audio capture during transcription sessions that you explicitly initiate.

3. How We Use Your Information

To provide, operate, and maintain the Service
To verify your professional credentials via NPI
To generate clinical documentation from your dictation or transcription
To process payments and manage subscriptions
To improve the Service through anonymized usage analytics
To communicate with you about updates, support, and security notices
To comply with legal obligations, including HIPAA

We do not sell, rent, or trade your personal information or clinical data.

4. HIPAA Compliance

Psynopsis is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA). We implement appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of protected health information (PHI).

We offer Business Associate Agreements (BAA) to covered entities
PHI is encrypted at rest (AES-256) and in transit (TLS 1.3)
Access to PHI is logged and auditable
We conduct regular security assessments
Patient data is never used to train AI models

5. 42 CFR Part 2 Compliance

Psynopsis complies with 42 CFR Part 2, the federal regulation governing the confidentiality of substance use disorder patient records. Our platform maintains strict separation between psychotherapy notes and progress notes, with consent-based disclosure controls and a complete audit trail for all access to protected records.

6. Data Security

Encryption at rest	AES-256
Encryption in transit	TLS 1.3
Audio storage	None — processed in real-time, never stored
Data residency	United States (HIPAA-compliant cloud infrastructure)
Access controls	Role-based with complete audit trail
AI training	Patient data is never used to train AI models
Incident response	Documented breach notification process per HIPAA requirements

7. Data Retention

We retain your account data and clinical documentation for as long as your account is active or as needed to provide the Service. You may request deletion of your data at any time. Upon account deletion, we will permanently remove your data from our systems within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

8. Third-Party Services

We use the following categories of third-party services:

Transcription: Deepgram for real-time speech-to-text processing
AI Processing: Azure OpenAI for clinical note generation (data processed under BAA; not used for model training)
Payment Processing: Stripe (PCI DSS compliant; we never store credit card numbers)
Cloud Infrastructure: HIPAA-compliant hosting with BAA in place
Analytics: Privacy-focused analytics (no cross-site tracking, no ad networks)

All third-party services that process PHI are bound by Business Associate Agreements and are required to handle your data in accordance with HIPAA requirements.

9. Your Rights

You have the right to:

Access your personal data and clinical documentation
Correct inaccurate information in your account
Delete your account and all associated data
Export your clinical documentation in standard formats
Opt out of marketing communications
Withdraw consent for data processing at any time

To exercise any of these rights, contact us at privacy@psynopsis.ai.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to non-discrimination for exercising your privacy rights. We do not sell personal information to third parties.

11. Children's Privacy

The Service is intended for use by licensed healthcare providers and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page indicates the most recent revision. Continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

AI SIMP LLC
Chandler, AZ

Privacy inquiries: privacy@psynopsis.ai
Compliance inquiries: compliance@psynopsis.ai
General support: support@psynopsis.ai