Privacy Policy

Last updated: June 3, 2026

CheirOS ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the CheirOS mobile application (the "Service").

1. Information We Collect

We collect information you provide directly to us when you use the Service:

• Account information: name, email address, and password when you create an account.
• Professional information: surgical specialty and profile details you optionally provide.
• Scheduling data: events, patients, OR requests, and notes you create within the app.
• Communications: emails and messages you send through the app.
• Voice data: voice recordings used for dictation are processed in real time and are not stored after transcription.
• Photos and documents: images and files you attach to events or patient records.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service.
• Process and display your scheduling data across your devices.
• Send communications you request through the app.
• Respond to your support requests.
• Monitor usage patterns to improve app performance.
• Comply with legal obligations.

3. Patient Data

CheirOS processes patient scheduling information on your behalf. We do not use patient data for any purpose other than providing the Service to you. Patient data is stored with encryption and is only accessible by you.

You are responsible for ensuring your use of CheirOS complies with applicable healthcare privacy laws in your jurisdiction (such as HIPAA, GDPR, or equivalent local regulations).

4. AI Features

CheirOS uses artificial intelligence to power voice dictation and appointment slip scanning. When you use these features:

• Voice recordings are transcribed in real time and immediately discarded. We do not store audio recordings.
• Appointment slip photos are processed by AI to extract scheduling information. Photos are not stored after processing.
• Dictation and OCR data is processed via OpenAI's API. OpenAI's privacy policy applies to data processed through their API.

5. Data Storage and Security

Your data is stored on Supabase infrastructure with the following protections:

• All data is encrypted in transit using TLS.
• Data at rest is encrypted using AES-256.
• Row-level security ensures your data is only accessible with your authentication credentials.
• We do not share your data with third parties except as necessary to provide the Service (Supabase, OpenAI, and Resend for email delivery).

6. Data Retention

We retain your data for as long as your account is active. You may delete your account at any time from Profile → Deactivate Account. Upon deletion, your data is removed from our systems within 30 days.

7. Third-Party Services

CheirOS uses the following third-party services:

• Supabase — database and authentication
• OpenAI — AI processing for voice and image features
• Resend — email delivery

8. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Export your data in a machine-readable format.
• Object to the processing of your data.

To exercise these rights, please contact us by email at contact@cheirosapp.com.

9. Children's Privacy

CheirOS is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the app. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us by email at contact@cheirosapp.com.