Privacy Policy

Last updated: January 2, 2026

Summary: KeisenVPA processes audio transcription locally on your device using Whisper. When you use AI document generation, transcribed text and images are sent to Anthropic's Claude API. We don't collect, store, or have access to your recordings, transcriptions, or medical data.

1. Introduction

Omar Nabil Metwally, M.D. ("we", "our", or "us") operates KeisenVPA, a voice-powered transcription assistant for medical professionals. This Privacy Policy explains how we collect, use, and protect information when you use our software and services.

We are committed to protecting your privacy and the privacy of your patients. KeisenVPA is designed with privacy as a core principle.

2. Information We Collect

2.1 Information You Provide

Account Information: When you purchase a license, we collect your name, email address, and payment information (processed by our payment provider, LemonSqueezy).
Support Requests: If you contact us for support, we collect the information you provide in your communications.

2.2 Information We Do NOT Collect

Audio Recordings: We never collect, transmit, or store your audio recordings. Audio is transcribed locally on your device.
Transcriptions & Images: We (KeisenVPA/Omar Metwally, M.D.) do not collect or store your transcriptions or images. However, when you use AI features, this data is sent to Anthropic's Claude API (see Section 3.2).
Patient Data: We have no access to any patient health information (PHI) processed by the software.
Usage Analytics: We do not track how you use the application.

2.3 License Verification

KeisenVPA uses offline license verification. Your license key is validated locally on your device without contacting our servers. We do not track or monitor your software usage.

3. How Your Data is Processed

3.1 Local Processing (Whisper Transcription)

KeisenVPA uses OpenAI's Whisper model running locally on your device. Audio is processed on your hardware and is never transmitted to external servers. Your audio recordings never leave your computer.

3.2 Cloud Processing (Anthropic Claude API)

When you use AI features (document generation or image analysis), data is sent to Anthropic's Claude API:

Transcribed text — sent to Claude for document generation (e.g., SOAP notes, H&P)
Images/screenshots — sent to Claude for analysis and text extraction

Please review Anthropic's Privacy Policy for information on how they handle data.

Important: You control when data is sent to Claude. You can review transcriptions before generating documents, and you can use KeisenVPA's transcription features without ever using the AI document generation.

Notes about Claude API usage:

Anthropic does not use API data to train their models
License keys purchased from KeisenVPA include BAA coverage with Anthropic for HIPAA-compliant workflows
If you use your own API key, you are responsible for ensuring HIPAA compliance

4. HIPAA Compliance

KeisenVPA is designed to support HIPAA-compliant workflows:

Local Audio Processing: Audio recordings and Whisper transcription remain entirely on your local device
BAA Coverage: License keys purchased from KeisenVPA include access to Anthropic's API under our Business Associate Agreement, enabling HIPAA-compliant AI document generation
No Data Storage: We (KeisenVPA) do not store any patient data, transcriptions, or images
Your Responsibility: You are responsible for securing your devices, reviewing AI-generated content, and ensuring your overall workflow complies with HIPAA

Using your own API key? If you provide your own Anthropic API key instead of using a purchased license, you are solely responsible for ensuring your API usage is HIPAA-compliant, which may require executing your own BAA with Anthropic.

For detailed HIPAA guidance, see our HIPAA Compliance documentation.

5. Data Security

We implement appropriate security measures:

License keys use cryptographic signatures
Payment processing is handled by PCI-compliant providers
We use encrypted communications (HTTPS) for our website
We do not store sensitive data on our servers

6. Third-Party Services

We use the following third-party services:

LemonSqueezy: Payment processing and license delivery. Privacy Policy
Anthropic (Claude API): Optional AI document generation. Privacy Policy

7. Your Rights

You have the right to:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your account information
Opt out of marketing communications

To exercise these rights, contact us at keisenvpa@proton.me.

8. Data Retention

We retain your account information (name, email, purchase history) for as long as your license is active and for a reasonable period afterward for legal and business purposes. You may request deletion at any time.

9. Children's Privacy

KeisenVPA is designed for professional use and is not intended for children under 18. We do not knowingly collect information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the software. Your continued use of KeisenVPA after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email: keisenvpa@proton.me
Support: keisenvpa@proton.me

Questions about HIPAA? Contact us at keisenvpa@proton.me for guidance on using KeisenVPA in your healthcare practice.