Privacy policy
Vocaform Privacy Policy
Effective Date: )1-September 2025
Last Updated: September 2025
1. Introduction
Vocaform Limited ("Vocaform", "we", "us", "our") is committed to protecting your privacy and personal
data. This Privacy Policy explains how we collect, use, store, and protect personal information when you
use our AI-powered case history interview platform (the "Platform").
Our Details:
Company: Vocaform Limited
Registered Address: info@vocaform.ai
Contact Email: info@vocaform.ai
Data Protection Contact: [TO BE ADDED]
This policy applies to healthcare professionals ("Practitioners") who use our Platform and patients who
participate in AI interviews through our service.
2. Legal Basis for Processing
We process personal data under the following legal bases:
Legitimate Interests: To provide our AI interview service, maintain Platform security, and improve
healthcare administration efficiency
Contract Performance: To fulfill our obligations under our Terms of Service with healthcare
practitioners
Legal Obligation: To comply with healthcare, tax, and other legal requirements
For special categories of personal data (health information), we rely on:
Healthcare Service Provision (Article 9(2)(h) GDPR): Processing health data as part of healthcare
service delivery and administration
Substantial Public Interest (Article 9(2)(g) GDPR): Improving healthcare efficiency and patient care
quality serves the public interest
Legitimate Interests: Where healthcare service provision applies, supported by appropriate
safeguards and transparency
3. Information We Collect
3.1 Practitioner Information
When healthcare professionals register for our Platform, we collect:
Personal Details: Name, email address, phone number
Professional Information: Practice details, professional credentials, specialization
Account Information: Username, password (encrypted), account preferences
Billing Information: Payment details, billing address, usage records
Communications: Support requests, feedback, correspondence with us
3.2 Patient Information
When patients participate in AI interviews, we process:
Interview Content: Spoken responses converted to text (no audio recordings stored)
Case History Data: Medical history, symptoms, concerns, and other health information disclosed
during interviews
Technical Data: IP address, device information, interview timestamps, session duration
Contact Information: Email address (when provided by the Practitioner for interview links)
3.3 Technical Information
We automatically collect:
Usage Analytics: Platform usage patterns, feature utilization, performance metrics
Log Data: Error logs, access logs, security events
Device Information: Browser type, operating system, IP address (anonymized where possible)
4. How We Use Your Information
4.1 Practitioner Data
We use Practitioner information to:
Provide access to the Platform and its features
Process usage-based billing and payments
Provide customer support and technical assistance
Send service-related communications and updates
Improve Platform functionality and user experience
Comply with legal and regulatory requirements
Protect against fraud and unauthorized access
4.2 Patient Data
We process Patient health information to:
Conduct AI-powered case history interviews
Generate case summary reports for Practitioners
Enable Practitioners to download interview transcripts and summaries
Provide technical support when specifically requested
Comply with legal obligations related to healthcare data
4.3 Future Uses (Optional - Currently Inactive)
We may in the future, with appropriate consent:
Use anonymized interview data to improve our AI models
Offer direct patient access to interview results
Provide enhanced analytics to Practitioners
5. Data Sharing and Disclosure
5.1 Third-Party Service Providers
We share limited data with trusted service providers:
AI Processing: We use OpenAI's API for speech-to-text conversion and interview processing. No
personally identifiable patient information is shared with OpenAI
Hosting Services: Our hosting providers in Ireland/EU process data to provide Platform
infrastructure
Payment Processors: Billing information is processed by secure payment providers
Support Tools: Customer service platforms may process support communications
5.2 Legal Requirements
We may disclose personal data when required by:
Irish or EU legal obligations
Court orders or legal processes
Regulatory investigations
Protection of rights, safety, or security
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the new entity
under equivalent privacy protections.
5.4 Data Insights and Research
No Sale of Personal Data: We never sell personal data or individually identifiable patient information
to third parties
Anonymized Healthcare Insights: We may, with appropriate safeguards, share anonymized and
aggregated healthcare insights derived from our platform to:
Healthcare research institutions for medical research
Public health organizations for population health studies
Healthcare technology companies to improve diagnostic tools and patient care
Academic institutions for healthcare education and research purposes
De-identification Standards: All shared data undergoes rigorous de-identification processes to
ensure individual patients cannot be identified
Research Ethics: Any research use of anonymized data follows established medical research ethics
and may require institutional review board approval
Practitioner Benefits: Revenue from anonymized data insights may help us maintain affordable
pricing and continue platform development
Future Opt-out: Should this practice commence, practitioners and patients will be notified and
provided opt-out mechanisms
6. International Data Transfers
Primary Storage: All data is stored within Ireland and the European Union
Third-Party Services: Some service providers may be located outside the EU but operate under
approved transfer mechanisms (adequacy decisions, Standard Contractual Clauses, or equivalent
protections)
AI Processing: OpenAI API processing occurs outside the EU but with contractual safeguards and no
PII sharing
7. Data Security
We implement comprehensive security measures:
7.1 Technical Safeguards
End-to-end encryption for data transmission
Encryption at rest for stored data
Regular security assessments and updates
Access controls and authentication systems
Secure API integrations
7.2 Organizational Measures
Staff training on data protection and security
Regular security policy reviews
Incident response procedures
Limited access on a need-to-know basis
Confidentiality agreements for all personnel
7.3 Healthcare-Specific Security
GDPR-compliant data handling procedures
Secure deletion protocols
Audit trails for data access
Regular backups with secure storage
8. Data Retention
8.1 Service-Based Data Storage
Active Practitioners: Interview data is retained while the practitioner maintains an active, paid
account with Vocaform
Account Termination: All patient interview data is permanently deleted when a practitioner's
account ends, regardless of reason (non-payment, cancellation, etc.)
Practitioner Responsibility: Practitioners are solely responsible for downloading and maintaining
their own patient records according to their professional and legal obligations
Service Model: Vocaform provides data storage as a service; we are not the custodian of patient
medical records
8.2 Data Deletion Timeline
Account Closure: Patient interview data deleted within 90 days of account termination
Grace Period: 30-day grace period for account reactivation before deletion process begins
Backup Deletion: All backup copies securely deleted within 6 months of account closure
Notification: Practitioners receive advance notice before data deletion with opportunities to
download their data
8.3 Practitioner Data Retention Obligations
Professional Requirements: Practitioners must comply with their professional record retention
requirements
Legal Compliance: Practitioners remain responsible for maintaining patient records as required by
law
Download Responsibility: Practitioners should regularly download and backup their data from the
Platform
Alternative Storage: Practitioners must arrange alternative storage solutions if discontinuing
Vocaform services
8.4 Technical and Billing Data
Account information: Retained for 7 years after account closure for tax and legal compliance
Billing records: Retained for 7 years for accounting and dispute resolution
Technical logs: Retained for 2 years for security and troubleshooting purposes
Anonymous usage analytics: May be retained indefinitely for service improvement (no personal
identification)
9. Your Rights Under GDPR
9.1 Individual Rights
You have the right to:
Access: Request copies of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion of your data (subject to legal obligations)
Portability: Receive your data in a portable format
Restriction: Limit how we process your data
Objection: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent for consent-based processing
9.2 Special Rights for Health Data
For health information processed during interviews:
Patients may request access to their interview data through their Practitioner
Direct erasure requests will be coordinated with the relevant Practitioner
Health data portability includes interview transcripts and summaries
9.3 Exercising Your Rights
To exercise your rights:
Email: privacy@vocaform.ai
Response Time: We respond within 30 days (may extend to 60 days for complex requests)
Verification: We may require identity verification for security
Free of Charge: Rights requests are generally free (excessive requests may incur reasonable fees)
10. Cookies and Tracking
10.1 Essential Cookies
We use essential cookies required for Platform functionality:
Session management and authentication
Security and fraud prevention
Load balancing and performance optimization
10.2 Analytics (If Applicable)
Currently not implemented, but may include:
Anonymous usage analytics to improve Platform performance
Error tracking to identify and fix technical issues
10.3 Cookie Control
You can control cookies through your browser settings, but disabling essential cookies may impact
Platform functionality.
11. Children's Privacy
The Platform is not intended for individuals under 18 years of age. Patient interviews involving minors
require appropriate parental/guardian consent, which is the responsibility of the Practitioner to obtain.
12. Changes to This Policy
We may update this Privacy Policy to reflect:
Changes in our data processing practices
Legal or regulatory requirements
Platform enhancements or new features
12.1 Notification of Changes
Material Changes: 30 days advance notice via email and Platform notification
Minor Updates: Notice through Platform or website posting
Emergency Changes: Immediate notice with explanation when legally required
13. Complaints and Supervisory Authority
13.1 Contact Us First
If you have privacy concerns, please contact us first at privacy@vocaform.ai
13.2 Data Protection Commission
You have the right to lodge a complaint with the Irish Data Protection Commission:
Website: www.dataprotection.ie
Phone: +353 57 868 4800
Email: info@dataprotection.ie
14. Contact Information
For privacy-related questions or requests:
Vocaform
[Address to be added]
Email: info@vocaform.ai
Website: https://www.vocaform.ai
Data Protection Contact: [To be designated]
This Privacy Policy was last updated on 02-09-2025 and is effective as of 02-09-2025