Privacy Policy

Last updated: May 21, 2026

Introduction

Comprehend PT is committed to protecting the privacy and security of our users' data. This Privacy Policy explains how we collect, use, handle, store, disclose, and safeguard information when you use Comprehend PT, the Comprehend Mobile EMR Integration Chrome extension, our website, mobile application, and related services. By using our services, you consent to the data practices described here.

Information We Collect

We collect only the information needed to provide medical documentation, EMR integration, account support, security, and related service functionality. Depending on how your clinic configures and uses the service, this may include:

  • Account and contact information, such as name, email address, phone number, organization, role, and account credentials or authentication tokens.
  • Patient and clinical information entered, uploaded, dictated, transcribed, summarized, or otherwise processed through the service, including protected health information (PHI) used for medical documentation.
  • Audio recordings, transcripts, generated notes, clinician edits, patient identifiers, appointment context, and other information you choose to provide while using the service.
  • EMR page content and form data that the Chrome extension reads, imports, inserts, or transmits only as needed to support the user-facing EMR integration features.
  • Usage, device, and diagnostic information, such as browser type, extension version, operating system, log events, error reports, IP address, timestamps, and security audit records.
  • Extension settings and preferences stored locally in your browser or associated with your account.

The Chrome extension is not designed to collect unrelated browsing history, unrelated website content, payment card information, or information from websites where the extension is not being used for the Comprehend PT service.

Use of Your Information

We use user data only for purposes that are directly related to providing, securing, supporting, and improving the service, including to:

  • Provide, operate, and maintain our services, including documentation generation, transcription, note review, and EMR integration.
  • Authenticate users, manage accounts, apply clinic configuration, and provide customer support.
  • Insert, retrieve, transmit, or synchronize data between supported EMR workflows and Comprehend PT features at the user's direction.
  • Improve reliability, security, accuracy, and usability of our services.
  • Understand and analyze service performance, errors, and feature usage.
  • Communicate with you about service updates, account notices, customer support, and marketing where permitted by law and with opt-out controls.
  • Process transactions and administer billing where applicable.
  • Detect, prevent, investigate, and respond to fraud, abuse, unauthorized access, security incidents, legal requests, and policy violations.

We do not sell user data. We do not use PHI, EMR content, or Chrome extension user data for advertising, ad targeting, credit eligibility, employment eligibility, or unrelated profiling. We do not transfer user data to third parties except as described in this Privacy Policy.

Chrome Extension Data Handling

The Comprehend Mobile EMR Integration Chrome extension handles user data only to provide the extension's stated functionality. When you use the extension on supported EMR or Comprehend PT pages, the extension may read visible page content, selected fields, form data, session status, and user-provided input needed to move information between the EMR and Comprehend PT. The extension may transmit that information securely to Comprehend PT systems or approved service providers so the requested workflow can be completed.

The extension does not use data from Chrome APIs or EMR pages for purposes unrelated to its single purpose. The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Storage and Security

We use administrative, technical, and physical safeguards designed to protect user data against unauthorized access, disclosure, alteration, and destruction. These safeguards include encryption in transit, encryption at rest where applicable, access controls, audit logging, role-based permissions, monitoring, and contractual confidentiality obligations for personnel and service providers with access to user data.

Some extension settings, preferences, identifiers, or temporary session information may be stored locally in the browser or in Chrome storage so the extension can function. Clinical data, account data, transcripts, generated notes, and related service records may be stored on Comprehend PT systems or approved hosting providers. Data is transmitted using secure protocols such as HTTPS/TLS.

Disclosure of Your Information

We do not sell, rent, or trade your personally identifiable information, PHI, or Chrome extension user data. We may share information only in the following circumstances:

  • With authorized users and organizations, such as the clinic, healthcare provider, or account administrator associated with the service.
  • With hosting, infrastructure, transcription, analytics, security, billing, and customer-support providers who help us operate our services and are bound by confidentiality, data-protection, and, where applicable, Business Associate Agreement obligations.
  • With EMR systems, healthcare systems, or other integrations that your clinic authorizes or that you direct us to use as part of the service.
  • With parties required by law, regulation, subpoena, court order, government request, or professional obligation.
  • When necessary to protect rights, safety, security, prevent fraud or abuse, enforce agreements, or respond to security incidents.
  • In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, subject to appropriate confidentiality and data-protection protections.

Data Retention & Deletion

We retain protected health information (PHI), account records, extension logs, audit records, and related service data only as long as necessary to deliver services, comply with legal and contractual obligations, resolve disputes, maintain security, and enforce agreements. Audio recordings and transcripts are securely deleted once they are no longer needed for note generation unless retention is required under your clinic's agreement, legal obligations, or applicable medical-record retention requirements. Clinics may request deletion of data, subject to HIPAA, contractual obligations, security requirements, and applicable medical-record retention laws.

User Choices and Access

You may contact us to request access, correction, export, or deletion of personal information, subject to identity verification, clinic authorization, HIPAA, and applicable legal limits. Chrome extension users may remove the extension from Chrome at any time. Removing the extension may delete locally stored extension data from the browser, but it does not automatically delete records already stored in Comprehend PT systems or in your clinic's EMR.

HIPAA Compliance

We adhere to HIPAA to protect the confidentiality, integrity, and security of PHI. Users sign a Business Associate Agreement (BAA). Data is encrypted in transit and at rest; access is role-based and audited; systems are regularly tested and monitored.

Children's Privacy

Our services are intended for use by healthcare professionals and authorized organizational users. They are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 outside of authorized healthcare documentation workflows.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above. Please review this page periodically for changes.

Contact Us

If you have questions or comments about this Privacy Policy, contact: contact@comprehendpt.ai