← Back to home

Privacy Policy

Last updated: April 22, 2026

1. Introduction

SpeechLP, Inc. (“we,” “us,” “our”) operates Speechtherapist.app (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you sign up, we collect your name, email address, and profile photo via Google OAuth. We do not store your Google password.

Protected Health Information (PHI)

Patient records, session transcripts, audio recordings, SOAP notes, and clinical data you enter are treated as PHI under HIPAA. This data is encrypted at rest (AES-256-GCM) and in transit (TLS 1.2+).

Usage Data

We collect anonymized usage analytics (page views, feature usage) to improve the Service. These never contain PHI.

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Generate AI-powered clinical notes and reports from your session data
  • Process payments via Stripe (we never store card numbers)
  • Send transactional emails (account, billing, security alerts)
  • Comply with legal obligations including HIPAA

4. Data Sharing

We do not sell your data. We share information only with:

  • Service providers bound by Business Associate Agreements (BAAs): Google Cloud (Firebase), Anthropic (AI processing), Deepgram (transcription)
  • Stripe for payment processing (PCI-DSS compliant)
  • Law enforcement only when required by valid legal process

5. Data Security

We implement administrative, technical, and physical safeguards including:

  • AES-256-GCM encryption for all audio files at rest
  • TLS 1.2+ encryption for all data in transit
  • User-scoped Firestore security rules preventing cross-user data access
  • Append-only HIPAA audit logging of all PHI access
  • Content Security Policy and strict security headers
  • Regular security reviews and penetration testing

6. Data Retention

PHI is retained for the duration of your account plus 7 years, consistent with clinical record-keeping requirements. You may request data export or deletion at any time by contacting us. Audit logs are retained for a minimum of 6 years per HIPAA requirements.

7. Your Rights

You have the right to:

  • Access your personal data and PHI
  • Request correction of inaccurate data
  • Request deletion of your data (subject to retention requirements)
  • Export your data in a portable format
  • Receive an accounting of PHI disclosures

8. Children's Privacy

The Service is intended for use by licensed speech-language pathologists and is not directed at children under 13. While the Service manages pediatric patient data, this data is entered and controlled by the clinician, not the child.

9. Changes to This Policy

We will notify you of material changes via email and update the “Last updated” date. Continued use after changes constitutes acceptance.

10. Contact Us

For privacy inquiries or to exercise your rights:

Email: privacy@speechtherapist.app

Terms of Service · HIPAA Compliance · BAA Information