Privacy Policy

Last updated: February 19, 2026

1. Introduction

Vital Minute AI ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

2. Data We Collect

We collect the following categories of data:

• Audio Recordings: When you record audio within the app. If "On-Device / HIPAA Mode" is enabled, your audio and transcripts never leave your device. If disabled (Cloud AI mode), your audio files are uploaded to and processed by third-party AI services as described in Section 4.
• Transcripts & Generated Documents: Text generated from your audio recordings, including meeting minutes, SOAP notes, study guides, and summaries.
• Account Data: Email address and authentication credentials (managed via Firebase Authentication).
• Usage Data: Anonymized app usage analytics (e.g., feature usage, crash reports). No Protected Health Information (PHI) is collected in analytics.
• Purchase Data: Subscription and credit purchase history (managed via RevenueCat).

3. HIPAA Compliance & Data Security

Adherence to HIPAA Standards: We are committed to protecting the privacy and security of health information. We follow strictly defined security protocols aligned with the Health Insurance Portability and Accountability Act (HIPAA), including:

Secure Infrastructure: We utilize Google Cloud Platform for data processing, which satisfies the requirements of HIPAA security standards. While we formalized our compliance posture, we ensure that:

Data Encryption:

• In Transit: All data is transmitted over SSL/TLS 1.3 encrypted connections.
• At Rest: Data stored on your device is protected by the operating system's sandbox encryption. Cloud data (if enabled) is encrypted using AES-256.

Your Rights: As a user handling sensitive data, you retain full ownership. You may request an accounting of disclosures or complete data deletion at any time via the app settings or our Delete Data page.

4. Third-Party AI Services & Data Sharing

When you use Cloud AI mode (the default), your data is shared with third-party services for processing. Before any data is sent, the app requests your explicit consent via an in-app dialog.

4.1 What Data Is Shared

When using Cloud AI mode, the following data is transmitted to third-party services:

• Audio recordings — your recorded audio file is uploaded to Firebase Cloud Storage for processing.
• Transcripts — the text transcription generated from your audio is sent to Google Gemini AI for document generation (e.g., meeting minutes, SOAP notes).

4.2 Who Receives Your Data

• Google Cloud Platform (Firebase): Provides secure cloud storage, authentication, backend logic (Cloud Functions), and database services. Firebase Privacy Policy
• Google Gemini AI (Vertex AI): Processes your audio transcriptions to generate structured documents. Vertex AI Data Governance
• RevenueCat: Manages subscriptions and in-app purchases. Does not receive audio or transcript data. RevenueCat Privacy Policy

4.3 How Your Data Is Used

• Your audio and transcripts are used solely to generate the document you requested (e.g., meeting minutes, clinical notes).
• We do NOT use your audio or transcripts to train, improve, or fine-tune any AI models.
• Processed data is not sold, rented, or shared with any additional third parties.
• Audio files uploaded to Firebase Cloud Storage are automatically deleted after processing is complete.

4.4 On-Device Mode (No Data Sharing)

If you enable "On-Device / HIPAA Mode" in Settings, all processing happens entirely on your device using Google MediaPipe. No audio, transcripts, or personal data are transmitted to any server or third party.

4.5 Your Consent

The app will ask for your explicit consent before sending any data to cloud AI services. You may decline at any time, and no data will be transmitted. You can switch to On-Device mode in Settings to avoid cloud processing entirely.

5. Cookies and Analytics

We use cookies and similar technologies to enhance your experience and analyze website traffic. Specifically, we use Google Analytics 4 (GA4).

Your Consent: Tracking cookies are NOT set unless you explicitly click "Accept" on our cookie banner. You may decline tracking at any time.

6. Contact Us

If you have any questions about this Privacy Policy, please contact us at: support@vitalminute.app