Privacy Policy

Last Updated: April 2026

ShrinkDocs™ is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our service.

What Data We Collect

Clinical Records: As a clinician using ShrinkDocs™, you enter patient records, session data, clinical notes, assessment results, and other Protected Health Information (PHI) into the platform. This sensitive data is the foundation of our service and is governed by strict HIPAA compliance measures.

Contact Information: We collect your name, email address, phone number, professional credentials, practice name, and practice address when you create your account.

Session Data: We collect information about how you interact with the platform, including login times, features used, pages visited, and session duration. This helps us understand platform usage patterns and improve your experience.

Account Information: Payment details (processed through our secure payment processor) and subscription preferences are collected to maintain your account and billing.

Communications: When you contact our support team, we retain the content of those communications to resolve your issues and improve our service.

How Your Data Is Stored

Cloud Infrastructure: All data is stored securely on Google Cloud Platform (Firebase), which maintains HIPAA compliance certification and SOC 2 Type II certification.

Encryption at Rest: All patient records and sensitive data are encrypted using AES-256 encryption while stored in our database.

Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3 protocol, protecting information from interception.

Access Controls: Access to patient data is restricted to authenticated, authorized clinicians only. Your password is securely hashed and never stored in plain text.

Audit Logging: All access to and modifications of patient records are logged and audited, allowing us to track who accessed what information and when.

HIPAA Compliance

ShrinkDocs™ is designed specifically for HIPAA-compliant healthcare workflows:

  • We maintain a signed Business Associate Agreement (BAA) with all subscribing clinicians
  • Our infrastructure provider (Google Cloud/Firebase) maintains its own HIPAA BAA and comprehensive security certifications
  • All patient data is treated as Protected Health Information and handled accordingly
  • We implement role-based access controls to limit PHI exposure
  • Comprehensive audit logs track all access to patient information
  • Data is segregated by organization and clinician permissions
  • AI features (Doc Wizard™) are processed through HIPAA-compliant configurations with no retention of PHI by the AI service after processing

How We Share Your Data

We do not sell your data or patient information to third parties. We only share information in these limited circumstances:

  • Treating Clinicians: Patient records are shared only with the licensed clinicians designated as their treatment providers within the platform
  • Service Providers: We use third-party services essential to operate the platform:
    • Google Cloud/Firebase (hosting, database, authentication)
    • Stripe (payment processing)
    • Twilio (SMS notifications and reminders)
    • Anthropic (AI clinical decision support)
  • Legal Requirements: We may disclose information if required by law, court order, or regulatory request

Your Rights As a Patient

If you are a patient receiving therapy through a clinician using ShrinkDocs™, you have the following rights:

  • Right to Access: You can request to see all your clinical records and data stored in the system
  • Right to Correction: You can request that inaccurate or incomplete information be corrected
  • Right to Deletion: You can request deletion of your personal information, subject to legal retention requirements
  • Right to Data Portability: You can request your data in a portable format that you can take to another provider
  • Right to Opt-Out: You can opt out of SMS communications and non-essential notifications

Questions About Your Privacy?

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

  • Email: privacy@shrinkdocs.io
  • Phone: Contact your treating clinician or use the support contact form in ShrinkDocs™
  • Response Time: We aim to respond to privacy requests within 30 days

This Privacy Policy is regularly reviewed and updated to reflect changes in our practices and applicable laws. We recommend reviewing this policy periodically. Material changes will be communicated to registered users at least 30 days in advance.

Back to Home