Legal
Privacy Policy
Last updated: July 2026
1. The short version
Audio is never stored. Recordings are transcribed in memory and discarded in the same request. What persists is what you choose to keep: the transcript, the note, and your account details - all deletable by you at any time.
2. What we process
Account data (name, email, specialty, hashed password), consultation records you create (transcripts, notes, optional patient identifiers you enter), pilot-request submissions, and minimal technical logs needed to operate the service.
3. How audio is handled
When you record or upload a consultation, the audio is sent over an encrypted connection, transcribed by our speech-processing subprocessors, used to generate the note, and discarded. No audio file is written to disk or retained by Katib.
4. Subprocessors
Transcription and note generation use OpenAI and Deepgram APIs; hosting runs on Vercel and data is stored on Neon (PostgreSQL, EU region, encrypted at rest). During the pilot phase, processing occurs outside the UAE - pilot participants should therefore avoid entering direct patient identifiers or use test data. In-region sovereign deployment is on our roadmap for production healthcare use.
5. Your controls
You can edit or delete any consultation, which removes it permanently. Deleting your account removes all associated records. We do not sell data, and we do not use your clinical content to train models.
6. Patient consent
The clinician is responsible for informing the patient and obtaining any consent required by applicable law before recording. Katib provides an in-product reminder before every recording.
7. Security
All traffic is encrypted in transit (TLS). Passwords are hashed with bcrypt. Sessions use signed, httpOnly cookies. Consultations are only ever accessible to the account that created them.
8. Contact
For privacy questions or deletion requests: muratirejhan@gmail.com.