Privacy Policy
Effective Date: December 17, 2025
Last Updated: December 17, 2025
This Privacy Policy explains how MedTech Consulting, LLC ("Company," "we," "us," or "our") collects, uses, and protects information when you use PracticeChat.
1. Overview
PracticeChat is an AI-powered chat widget for medical practice websites. We designed it with privacy in mind:
- We do not collect patient health information
- We do not store chat conversations long-term
- We do not sell your data
- We are not a HIPAA-covered entity for this service
2. Who This Policy Applies To
This policy covers:
- Practice Customers: Medical practices that use PracticeChat
- End Users: Patients and visitors who interact with chat widgets on practice websites
3. Information We Collect
From Practice Customers
When you sign up as a Practice Customer, we collect:
- Business name and contact information
- Email address
- Billing information (processed by our payment provider)
- Practice content you upload (provider bios, locations, hours, FAQs, etc.)
- Account preferences and settings
From End Users (Chat Widget Visitors)
When you use a PracticeChat widget on a practice website, we collect:
- Chat messages you send during the conversation (temporarily processed, not stored long-term)
- Basic technical data: browser type, device type, approximate location (city/region level, not precise)
- Usage data: timestamp of interaction, conversation length
What We Do NOT Collect
We do not collect and do not want:
- Protected Health Information (PHI)
- Medical records or health conditions
- Social Security numbers
- Patient account numbers
- Insurance ID numbers
- Any data that identifies you as a patient of the practice
Do not enter personal health information into the chat widget.
4. How We Use Information
Practice Customer Information
- To provide and maintain your PracticeChat service
- To communicate with you about your account
- To send service updates and notices
- To process payments
- To improve our service
End User Information
- To generate AI responses to your questions
- To monitor service performance and errors
- To improve response quality
- To detect and prevent abuse
Aggregated Analytics
We may use aggregated, anonymized data to:
- Understand common questions patients ask
- Improve our AI responses
- Report usage statistics to Practice Customers (e.g., "Your chatbot answered 150 questions this month")
This aggregated data does not identify any individual.
5. How AI Processing Works
When you send a message to a PracticeChat widget:
- Your message is sent to our servers
- We search the practice's knowledge base for relevant information
- Your message and relevant context are sent to an AI model to generate a response
- The response is returned to you
- Message content is not stored in our databases after the conversation ends
AI Service Providers
We use Microsoft Azure OpenAI Service to power our AI responses. Your messages are processed according to Microsoft's enterprise AI terms, which include:
- Your data is not used to train Microsoft's AI models
- Data is processed in accordance with enterprise privacy commitments
- Processing occurs in secure cloud infrastructure
For details, see Microsoft's Azure OpenAI Data Privacy.
6. Information Sharing
We do not sell your personal information. We share information only in these circumstances:
Service Providers
We use trusted third-party services to operate PracticeChat:
| Provider | Purpose | Data Shared |
|---|---|---|
| Microsoft Azure | AI processing, hosting | Chat messages (for response generation) |
| Vercel | Web hosting | Technical logs |
| Pinecone | Knowledge base search | Practice content, search queries |
| Stripe | Payment processing | Billing info (Practice Customers only) |
These providers are contractually obligated to protect your information and use it only for providing services to us.
Legal Requirements
We may disclose information if required by law, legal process, or government request.
Business Transfers
If our company is acquired or merged, your information may transfer to the new owner. We will notify Practice Customers before any such transfer.
With Practice Customers
We provide Practice Customers with aggregated analytics about their chatbot usage. This does not include individual chat transcripts or personal information about end users.
7. Data Retention
| Data Type | Retention Period |
|---|---|
| Practice Customer account info | Duration of account + 1 year |
| Practice content (knowledge base) | Duration of account + 30 days |
| Chat messages | Processed in real-time, not stored long-term |
| Usage analytics (aggregated) | Up to 2 years |
| Billing records | As required by law (typically 7 years) |
8. Data Security
We implement reasonable security measures to protect your information:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for stored data
- Access controls limiting who can access data
- Regular security reviews
However, no system is perfectly secure. We cannot guarantee absolute security of your information.
9. Your Rights and Choices
For Practice Customers
You can:
- Access and update your account information through the admin dashboard
- Request a copy of your data
- Delete your account and associated data
- Opt out of non-essential communications
For End Users
You can:
- Choose not to use the chat widget
- Request information about what data we process (contact us using the information below)
California Residents
If you are a California resident, you have additional rights under the CCPA, including the right to know what personal information we collect and the right to request deletion. Contact us to exercise these rights.
European Residents
If you are in the European Economic Area, you have rights under GDPR including access, correction, deletion, and data portability. Our legal basis for processing is legitimate interest (providing the service) and contract performance.
10. Cookies and Tracking
The PracticeChat widget uses minimal cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| Session identifier | Maintain conversation state | Session only |
We do not use advertising cookies or third-party tracking in the chat widget.
Practice websites where the widget is embedded may have their own cookies—those are governed by the practice's privacy policy, not ours.
11. Children's Privacy
PracticeChat is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe we have collected such information, please contact us immediately.
12. HIPAA Statement
PracticeChat is not a HIPAA-covered service.
We designed PracticeChat specifically to avoid handling Protected Health Information (PHI):
- We do not store patient health records
- We do not process insurance claims
- We do not provide clinical services
- Chat messages are processed for response generation only, not stored
Because we do not create, receive, maintain, or transmit PHI on behalf of covered entities, we do not operate as a Business Associate under HIPAA.
Practice Customers are responsible for their own HIPAA compliance. Do not upload PHI to the PracticeChat platform.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will:
- Post the updated policy on our website
- Update the "Last Updated" date
- Notify Practice Customers of material changes via email
Continued use of PracticeChat after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or our data practices:
For data access or deletion requests, please email with the subject line "Privacy Request."
This Privacy Policy is designed to be transparent about our practices. If anything is unclear, please contact us.