PRIVACY POLICY

Preface Health Inc.

Last Updated: May 26, 2026



Preface Health Inc. (“Preface Health,” “we,” “us,” or “our”) provides healthcare technology services, including software tools that support clinical documentation, transcription, scheduling workflows, patient engagement, and related healthcare operations.



This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our website, use our applications, interact with our services, or otherwise communicate with us.



This Privacy Policy applies to information we collect through our public website and business operations, and to personal information we process through our software platform. When we process protected health information (“PHI”) on behalf of healthcare providers, clinics, health systems, or other covered entities, that information is handled in accordance with applicable HIPAA requirements and the terms of our agreements with those customers, including any applicable Business Associate Agreement (“BAA”).



This Privacy Policy is not a HIPAA Notice of Privacy Practices. If you are a patient, your healthcare provider’s Notice of Privacy Practices may separately describe how your provider uses and discloses your health information.



1. Information We Collect



A. Information You Provide to Us



We may collect information that you provide directly to us, including:



- Name

- Email address

- Phone number

- Job title

- Company or organization name

- Account login information

- Communications with us

- Demo requests, support requests, and sales inquiries

- Billing or payment-related information, if applicable

- Any other information you choose to provide



B. Information Processed Through Our Services



Depending on how our customers use Preface Health, we may process information related to patients, providers, appointments, clinical workflows, documentation, or scheduling. This may include:



- Patient name and contact information

- Patient demographic information

- Appointment or scheduling information

- Clinical documentation or note content

- Audio data submitted for transcription or dictation workflows

- Provider or staff user information

- Practice, clinic, or organization information

- Workflow metadata, timestamps, and usage logs



For transcription and dictation workflows, audio may be processed to generate clinical documentation. Where Preface Health’s product configuration states that audio is processed in real time and not stored, we use the audio only for that transcription or dictation purpose.



C. Automatically Collected Information



When you use our website or services, we may automatically collect certain technical information, including:



- IP address

- Device identifiers

- Browser type

- Operating system

- Pages viewed

- Referring URLs

- Access times

- Log data

- Error reports

- Usage events

- Security and authentication logs



We may use cookies, pixels, local storage, or similar technologies to operate our website, improve performance, understand usage, and support security.



D. Information From Third Parties



We may receive information from third parties, including:



- Healthcare customers and their authorized users

- Integration partners

- Electronic health record or scheduling systems

- Service providers

- Analytics or security providers

- Publicly available sources

- Business contacts or referral sources



2. How We Use Information



We may use information for the following purposes:



- To provide, operate, and improve our services

- To support clinical documentation, transcription, scheduling, and patient engagement workflows

- To authenticate users and manage accounts

- To provide customer support

- To communicate with customers, prospects, and users

- To respond to inquiries, demo requests, and support requests

- To monitor, secure, debug, and improve our systems

- To detect, prevent, and investigate fraud, abuse, security incidents, or unauthorized access

- To comply with legal, regulatory, contractual, and compliance obligations

- To maintain audit logs and business records

- To develop new features and improve existing functionality

- To perform billing, invoicing, and administrative functions

- To enforce our agreements and protect our rights



When we process PHI on behalf of a healthcare customer, we use and disclose that PHI only as permitted by our agreement with that customer, any applicable BAA, HIPAA, and other applicable law.



3. How We Disclose Information



We may disclose information in the following circumstances.



A. To Healthcare Customers and Authorized Users



We may disclose information to the healthcare provider, clinic, health system, or other organization that uses our services, and to its authorized workforce members or users.



B. To Service Providers



We may disclose information to vendors, contractors, and service providers who help us operate our business and services, such as:



- Cloud hosting providers

- Infrastructure and security providers

- Authentication providers

- Analytics providers

- Customer support tools

- Communication providers

- Payment processors

- Transcription, AI, or automation service providers, where applicable

- Professional advisors



We require service providers to use information only to provide services to us or as otherwise permitted by law and contract.



C. For Integrations Requested by Customers



Our services may integrate with third-party systems, such as electronic health record systems, scheduling systems, communication tools, or other healthcare technology platforms. We may disclose information through those integrations as directed by our customers or authorized users.



D. For Legal and Compliance Reasons



We may disclose information when we believe it is necessary or appropriate to:



- Comply with applicable law, regulation, legal process, subpoena, or governmental request

- Enforce our agreements

- Protect the rights, privacy, safety, or property of Preface Health, our customers, patients, users, or others

- Detect, prevent, or investigate fraud, abuse, security incidents, or technical issues

- Comply with HIPAA, where applicable



E. Business Transfers



We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar business transaction.



F. De-Identified or Aggregated Information



We may use or disclose de-identified, anonymized, or aggregated information for analytics, research, product improvement, benchmarking, or other lawful business purposes, provided the information cannot reasonably be used to identify an individual.



4. HIPAA and Protected Health Information



Preface Health may act as a “business associate” under HIPAA when we create, receive, maintain, or transmit PHI on behalf of a healthcare customer that is a covered entity or business associate.



When we process PHI as a business associate, our use and disclosure of PHI is governed by HIPAA, our agreement with the customer, and any applicable BAA.



Patients who have questions about their medical records, treatment, privacy rights, or a healthcare provider’s use of Preface Health should contact their healthcare provider directly.



5. AI, Transcription, and Automation



Some Preface Health services may use transcription, automation, machine learning, or artificial intelligence technologies to support healthcare workflows, including clinical documentation and administrative tasks.



We do not use PHI for targeted advertising. We do not sell PHI. Where AI, transcription, or automation service providers are used, we use them only to provide and support the services and require appropriate contractual, privacy, and security protections.



Customers are responsible for reviewing outputs generated by the services before relying on them for clinical, operational, or administrative purposes.



6. Cookies and Similar Technologies



We may use cookies and similar technologies to:



- Operate our website and services

- Remember user preferences

- Authenticate users

- Improve performance

- Understand website traffic and usage

- Maintain security

- Support analytics



You may be able to control cookies through your browser settings. Disabling cookies may affect the functionality of our website or services.



7. Data Retention



We retain information for as long as reasonably necessary to provide our services, operate our business, comply with legal and contractual obligations, resolve disputes, enforce agreements, and maintain security.



For PHI processed on behalf of healthcare customers, retention may be governed by our customer agreements, applicable BAAs, customer instructions, and legal requirements.



Where product configurations provide that certain data, such as audio used for real-time transcription, is not stored, we process that data only as needed to provide the requested functionality.



8. Security



We use administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, disclosure, alteration, or destruction.



These safeguards may include access controls, encryption, logging, monitoring, secure development practices, vendor review, and other security measures.



No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect information using safeguards appropriate to the nature of the information we process.



9. Your Choices and Rights



Depending on where you live and the type of information involved, you may have rights to:



- Access personal information

- Correct personal information

- Delete personal information

- Receive a copy of personal information

- Opt out of certain uses or disclosures

- Limit certain uses of sensitive personal information

- Object to or restrict certain processing

- Withdraw consent where processing is based on consent



To exercise privacy rights, contact us using the information below.



For PHI that we process on behalf of a healthcare provider, please contact your healthcare provider directly. We may be required to direct requests related to PHI to the applicable healthcare customer.



10. California Privacy Notice



This section applies to California residents where the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to Preface Health.



California residents may have rights regarding personal information, including rights to know, access, delete, correct, and opt out of certain sharing or selling of personal information.



We do not sell PHI. We do not use PHI for targeted advertising.



We do not knowingly sell personal information.



We will not discriminate against you for exercising privacy rights.



11. Children’s Privacy



Our public website and services are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 through our public website.



When we process information about minors on behalf of healthcare customers, we do so as directed by those customers and in accordance with applicable law.



12. International Users



Preface Health is based in the United States. If you access our website or services from outside the United States, your information may be processed in the United States or other jurisdictions where our service providers operate.



13. Third-Party Links and Services



Our website or services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of third parties. You should review their privacy policies before providing information to them.



14. Changes to This Privacy Policy



We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date above and provide additional notice where required by law.



Your continued use of our website or services after an updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy.



15. Contact Us



If you have questions about this Privacy Policy or our privacy practices, contact us at:



Preface Health Inc.

Email: support@prefacehealth.com

Preface Health Inc. – Terms of Service & Privacy Policy

Effective Date: June, 2025

1. Who May Use the Services

1.1 Eligibility. You must (a) be at least 18 years old (or the age of majority in your jurisdiction), (b) have the authority to form a binding contract with Preface, and (c) use the Services only in accordance with applicable laws and regulations.

1.2 Entity Users. If you access the Services on behalf of an organization (e.g., a medical practice), you represent and warrant that you have authority to bind the organization to these Terms. “You” and “User” include both you as an individual and the organization you represent.

2. Services Description

Preface provides cloud-based software that:

Not a Substitute for Medical Judgment. The Services supply information for clinical decision support but do not provide a final diagnosis, treatment plan, or billing determination; ultimate clinical and coding decisions rest exclusively with licensed healthcare professionals.

3. Privacy, HIPAA & Data Security

3.1 Protected Health Information (PHI). To the extent we receive, create, maintain, or transmit PHI on your behalf, Preface acts as a “business associate” under HIPAA. A separate Business Associate Agreement (“BAA”) will govern each party’s HIPAA obligations. In the event of conflict between these Terms and an executed BAA, the BAA controls with respect to PHI.

3.2 Data Security. We employ industry-standard administrative, technical, and physical safeguards designed to protect User data. No security system is flawless; you acknowledge and accept residual risk.

3.3 Incident Reporting. We will notify affected Users without unreasonable delay (and within timeframes required by law) following discovery of any breach of unsecured PHI or other personal information.

4. Consent to Audio Recording & Transcription

By using the Ambient Scribing features, you represent and warrant that:

Preface expressly disclaims liability arising from a User’s failure to obtain legally adequate consent.

Privacy Policy

1. Information We Collect

Thank you for choosing Preface Health. We are committed to transparency, security, and delivering real value to your practice and patients.