Legal

Privacy Policy

Last updated: July 2026

1. The short version

Audio is never stored. Recordings are transcribed in memory and discarded in the same request. What persists is what you choose to keep: the transcript, the note, and your account details - all deletable by you at any time.

2. What we process

Account data (name, email, specialty, hashed password), consultation records you create (transcripts, notes, optional patient identifiers you enter), pilot-request submissions, and minimal technical logs needed to operate the service.

3. How audio is handled

When you record or upload a consultation, the audio is sent over an encrypted connection, transcribed by our speech-processing subprocessors, used to generate the note, and discarded. No audio file is written to disk or retained by Katib.

4. Subprocessors

Transcription and note generation use OpenAI and Deepgram APIs; hosting runs on Vercel and data is stored on Neon (PostgreSQL, EU region, encrypted at rest). During the pilot phase, processing occurs outside the UAE - pilot participants should therefore avoid entering direct patient identifiers or use test data. In-region sovereign deployment is on our roadmap for production healthcare use.

5. Your controls

You can edit or delete any consultation, which removes it permanently. Deleting your account removes all associated records. We do not sell data, and we do not use your clinical content to train models.

6. Patient consent

The clinician is responsible for informing the patient and obtaining any consent required by applicable law before recording. Katib provides an in-product reminder before every recording.

7. Security

All traffic is encrypted in transit (TLS). Passwords are hashed with bcrypt. Sessions use signed, httpOnly cookies. Consultations are only ever accessible to the account that created them.

8. Contact

For privacy questions or deletion requests: muratirejhan@gmail.com.