ChartLock is committed to protecting your privacy and safeguarding the minimal information necessary to operate a secure, HIPAA-aligned service. This Privacy Policy explains what limited personal information we may collect, why we collect it, how it is used, and the measures we take to protect it. ChartLock does not store your dictations, clinical content, or any chart data — all user-generated content is processed in real time and permanently deleted immediately after use.
We do not sell, rent, or share your personal information with third parties for advertising, analytics, profiling, or any commercial purpose. Any information we collect is used solely to support your ChartLock account, maintain system security, meet regulatory obligations, and provide the services you request.
This Privacy Policy ("Policy") describes how ChartLock ("ChartLock," "we," "us," or "our") collects, uses, safeguards, and, where applicable, retains limited personal information provided by users of our website, applications, and associated services (collectively, the "Services").
This Policy applies to all interactions you have with ChartLock through our website, platform, or customer support channels. Because we operate with a strict privacy-first model, ChartLock collects only the minimal information necessary to create and manage your account, process billing securely, comply with HIPAA and other applicable regulations, and maintain the security and integrity of the Services.
ChartLock does not collect, store, retain, or analyze the content of your dictations, clinical information, or charting data. All such content is processed in real time and permanently deleted immediately upon completion. Our systems are designed to avoid unnecessary retention of data, and we do not use your information for advertising, behavioral tracking, analytics, or profiling.
ChartLock provides clinicians with an AI-powered documentation platform designed to transform spoken dictation into structured medical charts in real time. Our service processes your dictations securely, generates the chart output you request, and immediately deletes the underlying content once processing is complete. ChartLock does not store your dictations, clinical notes, or chart data after generation.
ChartLock is not an electronic health record (EHR) system and does not function as a long-term repository for medical information. Your generated chart is delivered to you for download or transfer to your chosen EHR according to your workflow. Our role is limited to secure real-time processing — never retention — of your clinical content.
ChartLock is built on a strict privacy-first framework. We collect only the minimum information necessary to create and maintain your account, deliver the services you request, process billing securely, and comply with HIPAA and other applicable regulations. We do not collect unnecessary data, and we do not use your information for advertising, behavioral tracking, or profiling.
Over the last 12 months, we have collected the following categories of personal information:
Your name, email address, and IP address. These are required for secure account creation, login verification, customer communication, and regulatory compliance.
This includes your practice or organization name, mailing address, and telephone number. This information is used solely for account setup, support, subscription management, and billing purposes.
We maintain only the limited information needed to process your subscription payments (such as plan type and billing status). We do not store, retain, or archive the content of your dictations, clinical data, or any information you submit through the platform. All chart content is processed in real time and permanently deleted immediately after completion.
We do not track, store, or analyze your browsing behavior, search history, click patterns, or usage-based behavioral analytics. We collect only essential system-level technical logs necessary for security, fraud prevention, and HIPAA compliance. These logs do not include the content of your dictations or charts.
We do not collect or store your job title, employer information, or other professional background details. Your professional identity remains your private information.
Dictations and charting content you create on the platform are processed solely for the purpose of generating your chart and are immediately and permanently deleted once processing is completed. We do not retain, analyze, review, or repurpose your clinical content for any reason.
We receive general location information derived from your IP address, which is necessary for secure server communication and regulatory compliance. We do not request or track precise GPS-based location information.
ChartLock collects only the minimal information required to create your account, authenticate your access, and securely process your subscription payments. We do not collect additional data for marketing, analytics, profiling, behavioral tracking, or any unrelated purpose.
We collect the information you enter when signing up for a ChartLock account, such as your name, email address, practice information, mailing address, and payment details. This information is used solely to establish your account, verify your identity, process your subscription, and provide customer support.
Unlike platforms that gather extensive behavioral or marketing-related data, ChartLock does not collect or track:
We believe that your privacy is fundamental. For that reason, we intentionally avoid collecting unnecessary information of any kind.
When you access ChartLock, we receive only the limited technical information required to maintain secure server communication and HIPAA-aligned operation — such as your IP address and general location derived from it. We do not use this information for advertising, analytics, or profiling.
ChartLock does not obtain information about you from outside sources, marketing companies, data brokers, social platforms, or business partners. Your information comes from you alone.
Any dictations or chart content you submit are processed in real time and permanently deleted immediately after your chart is generated. We do not store, analyze, or reuse your clinical content for any purpose.
We use the limited personal information we collect only to:
We do not use your personal information for:
All clinical content is excluded from long-term use and is deleted immediately after real-time processing.
ChartLock follows a strict privacy-first model. Because we collect only the minimal information necessary to create and maintain your account, there is almost nothing to share — and we intentionally avoid all forms of external data distribution.
ChartLock does not:
ChartLock collects only the limited information required for creating and securing your user account, authenticating your login credentials, processing your subscription payment, and providing customer support when you request it. This includes your name, email address, practice information, and billing details.
This information is used solely so you can log in, manage your subscription, and access the Services securely. This information is not shared with marketing companies, data analytics firms, or unrelated parties. It remains within the secure ChartLock system and is not distributed externally for any commercial purpose.
We may disclose account information only if required by law, subpoena, court order, or lawful request by government authorities. These rare cases are the only circumstances under which disclosure occurs.
If ChartLock ever undergoes a merger, acquisition, or sale of assets, minimal account information may be transferred solely to continue providing the Service. Any acquiring organization must honor this Privacy Policy and maintain identical or stronger privacy protections.
Because ChartLock permanently deletes all user-generated content immediately after your chart is produced:
There is nothing to disclose — by design.
ChartLock does not store or retain any clinical content. Dictations, chart text, and related clinical information are processed in real time and permanently deleted immediately after your chart output is generated.
We retain only the limited account and billing information necessary to maintain your active subscription, provide support and security, and comply with applicable legal and regulatory requirements. When no longer needed for these purposes, such information is deleted or anonymized where feasible.
ChartLock uses Microsoft Azure's HIPAA-aligned infrastructure and implements administrative, technical, and physical safeguards designed to protect your account information from unauthorized access, disclosure, alteration, or destruction.
ChartLock does not use cookies, pixel tags, tracking beacons, web analytics tools, behavioral tracking technologies, or any automated data collection systems designed to monitor your browsing activity.
We do not use:
ChartLock collects only the minimal, essential technical information required to maintain a secure login session and support HIPAA-level security. This may include a temporary session token to keep you securely logged in and basic non-identifying technical information required to prevent fraud and maintain platform security. These temporary elements are not used for advertising, profiling, analytics, or behavioral tracking.
ChartLock does not:
Your privacy is not a marketing opportunity — it is a design principle.
ChartLock does not track your online activity, so "Do Not Track" browser settings have no effect. We simply do not engage in any tracking behavior.
ChartLock does not use social media integrations, social login systems, embedded social pixels, marketing SDKs, data-sharing widgets, audience-building tools, or any other technology designed to pull information from social platforms.
We do not:
ChartLock does not receive, request, or harvest:
If you independently choose to talk about ChartLock on social media, that activity occurs entirely on those platforms and is governed by their privacy policies, not ours. ChartLock does not access or ingest that data.
The ChartLock application and website do not include outbound links to third-party services for tracking, marketing, analytics, or data collection. We also do not offer any functionality that connects your ChartLock account to other platforms to exchange or synchronize data.
Your use of ChartLock is self-contained and isolated from social media and external marketing ecosystems.
Depending on where you live, you may have certain rights under applicable state privacy laws regarding the limited personal information we maintain about you (such as account and billing information). These rights may include the ability to:
You may exercise applicable privacy rights by contacting us using the information in the Contact section of this Policy. We may need to verify your identity before responding, which may include confirming your email address or basic account details. We will respond within the timeframes required by applicable law. If your request is limited or denied as permitted by law, you may have the right to appeal, and we will explain how to do so where required.
We will not discriminate against you for exercising any rights available to you under applicable privacy laws.
The ChartLock website and services are intended for licensed clinicians and other adult professionals and are not directed to individuals under the age of eighteen (18). We do not knowingly collect personal information from anyone under 18. If you are under 18, you should not use ChartLock or submit any information through the Services.
We also do not knowingly collect personal information, as defined by the U.S. Children's Online Privacy Protection Act ("COPPA"), from children under 13. If you are a parent or guardian and believe that a child has provided us with information in a way that is not permitted by law, please contact us using the information in the Contact section. We will remove such information to the extent required by applicable law.
ChartLock is based in the United States, and our Services are designed and operated in accordance with U.S. law. If you access ChartLock from outside the United States, any information you provide (such as account and billing information) will be processed and stored in the U.S.
By using the Services or providing us with information, you understand that your information may be transferred to, processed, and stored in the United States, where data protection laws may differ from those in your country of residence.
ChartLock processes only the minimal personal information necessary to operate your account, including your name, email address, login credentials, and billing information.
When you use ChartLock to generate documentation:
We may update this Privacy Policy periodically. Any revisions will be posted on our website with an updated effective date. Continued use of ChartLock following such updates constitutes acceptance of the revised Policy.
If you have any questions about this Privacy Policy or how ChartLock protects your information, you may contact us at:
Email: contact@chartlock.com