Privacy Policy

Last updated: April 12, 2026

This Privacy Policy explains how Quantic Systems LLC, a New Jersey limited liability company doing business as TasiPsych (“TasiPsych,” “we,” “us,” or “our”), collects, uses, safeguards, and shares information when you access or use our websites, applications, browser extensions, and related platforms (collectively, the “Services”). It also outlines the rights available to you under applicable law.

By using the Services, you confirm that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein. If you do not agree, please discontinue use of the Services immediately.

Definitions

• “Client” (also “you” or “your”) refers to the individual or legal entity accessing or using the Services.
• “Patient” refers to any individual whose health information is created, received, maintained, or transmitted through a Client’s use of the Services. Patients are not direct users of TasiPsych accounts.
• “Protected Health Information” or “PHI” has the meaning set forth under the Health Insurance Portability and Accountability Act (HIPAA).
• “Personal Data” means any information that identifies or could reasonably identify a specific individual.
• “Service Provider” means any third-party entity engaged by TasiPsych to help deliver or support the Services.
• “Usage Data” means data collected automatically during your interaction with the Services, such as page views, session length, device identifiers, and IP addresses.

Audio Recording and Transcription

TasiPsych enables clinicians to record clinical sessions using their device’s microphone. Audio is transmitted to our cloud infrastructure using encrypted channels during or immediately following the session. It is then processed by a third-party transcription provider to generate a text transcript.

Raw audio is permanently deleted once transcription is complete. TasiPsych does not retain audio recordings beyond what is necessary to produce the transcript.

Before the resulting transcript is used in any further processing or transmitted to any third-party AI provider, all personally identifiable information (PII) is automatically redacted. This redaction is mandatory and cannot be disabled by the Client or any user. TasiPsych does not permit PII-containing transcription data to be transmitted to any AI provider under any circumstances.

The redacted transcript is retained as part of the clinical encounter record and is subject to the data retention periods described in this Policy.

AI Processing of Clinical Data

TasiPsych uses artificial intelligence — including third-party large language model providers — to process de-identified clinical data for the following purposes:

• Generating clinical notes from de-identified transcriptions
• Producing clinical documents such as referral letters, prior authorization requests, and treatment plans
• Auditing notes for compliance and coding accuracy
• Providing documentation coaching and feedback to clinicians
• Extracting structured information from notes into patient records
• Parsing and extracting data from uploaded documents

The Services may use per-user learning — retaining preferences and correction patterns — to improve output quality for that specific user. This is distinct from foundational model training.

TasiPsych does not use client clinical data to train any AI or machine learning models. Clinical data processed through the Services is used solely to deliver and improve the Services for the applicable Client.

PII is always redacted from transcription data and clinical content before it is transmitted to any third-party AI provider. This is a non-negotiable system-level control — there is no setting or configuration that permits PII to be included in data sent to AI providers. TasiPsych will never share, transmit, or make available PII to any AI provider for any purpose, including inference, fine-tuning, or model improvement.

Patient Data (Protected Health Information)

In the course of Clients using the Services, TasiPsych may collect, process, and store the following categories of patient data on behalf of the Client:

• Demographics: Name, date of birth, gender identity, sex, pronouns, race/ethnicity, contact information, and employment details
• Insurance: Payer information, policy and group numbers, and subscriber details
• Clinical: Medications, diagnoses (ICD-10 codes), allergies, treatment plans, and clinical notes
• Emergency contacts
• Patient consent records

All patient data is treated as PII & PHI and handled in accordance with HIPAA and any applicable Business Associate Agreement (BAA) in place between TasiPsych and the Client. Patients are not direct users of TasiPsych and do not create accounts. Requests from patients regarding their health information should be directed to their healthcare provider.

Patient-Facing Interactions

Patients do not create TasiPsych accounts. However, the Services may facilitate communications on behalf of Clients (healthcare practices), including:

• Delivery of patient intake and assessment forms via SMS or email
• Payment requests via SMS or email
• Follow-up and appointment-related communications via SMS or email

TasiPsych acts solely as a service provider and conduit for these communications on behalf of the Client.

The Client is solely responsible for obtaining and maintaining all required patient consents prior to sending SMS or email communications, including consent to receive text messages where applicable. Such consent is typically obtained during patient intake, registration, or scheduling workflows and is maintained within the Client’s systems (e.g., EHR or intake forms).

SMS messages sent through the Services are intended for transactional and informational purposes and may include secure links to access protected information. SMS messages will not include sensitive personal health information.

Patients may opt out of SMS communications at any time by replying STOP to any message. Message frequency varies. Standard message and data rates may apply.

Chrome Extension (TasiPsych EHR Sync Extension)

The TasiPsych EHR Sync Extension helps clinicians securely transfer finalized TasiPsych notes into web-based EHR systems. The Extension processes only the information necessary to provide this functionality.

Data Stored by the Extension

The Extension stores only one item locally in the browser using Chrome extension storage:

• An authentication token issued by TasiPsych when you pair the Extension with your account. The token is opaque, individually revocable, and tied to your TasiPsych account.

The Extension does not store your name, email address, patient information, clinical notes, EHR field mappings, or usage history.

Information Processed During Transfer (Not Stored)

When you initiate a transfer, the Extension temporarily processes the following information in browser memory only:

• The active tab URL, used solely to identify the currently open EHR platform
• The EHR page structure (HTML / DOM), used locally to identify note input fields for note placement
• Finalized note content retrieved securely from your TasiPsych account over encrypted HTTPS/TLS connections for the duration of the transfer

This information is processed locally on your device and is never transmitted to any third party. The Extension does not send EHR page structure, field metadata, or EHR content to TasiPsych servers.

All temporary in-memory data is discarded when the transfer completes or when the Extension panel is closed.

Medical Information

When you initiate a note transfer, finalized note content is securely retrieved from your TasiPsych account using encrypted API requests, displayed within the Extension for your review, and inserted into your EHR fields only at your explicit request.

The Extension does not permanently store patient notes, clinical content, or EHR data.

EHR Data Access Limitations

The TasiPsych EHR Sync Extension is write-only on the EHR side.

The Extension reads the EHR page structure solely to determine where to insert note content and only when you explicitly initiate a transfer action. The Extension does not read, extract, export, collect, or transmit patient records, clinical data, or other information from the EHR to TasiPsych or any third party.

Revoking the Extension’s Access

You may revoke the Extension’s access to your TasiPsych account at any time:

• Without uninstalling: In TasiPsych, navigate to Profile → Chrome Extension Settings and revoke the specific device token. Revocation invalidates the token immediately.
• By uninstalling: Removing the Extension from your browser deletes the locally stored authentication token and removes the Extension’s access to your browser session.

Revoking access or uninstalling the Extension does not delete your TasiPsych account or any data securely stored on TasiPsych systems.

HIPAA

Your use of the TasiPsych EHR Sync Extension is governed by the same Business Associate Agreement (BAA) and privacy protections that apply to your TasiPsych account.

The Extension does not change the data flow boundaries between TasiPsych, your device, and your EHR. Finalized note content moves directly between your authenticated TasiPsych account, your browser session, and your EHR through encrypted connections, without passing through any third-party processors.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to support the operation and improvement of our Services. These technologies may include browser cookies, web beacons, and analytics scripts.

• Essential Cookies (Session): Required for core functionality and feature access.
• Acceptance Cookies (Persistent): Record whether you have accepted cookie use on the Services.
• Functionality Cookies (Persistent): Remember your preferences, such as login state or display settings.

We may partner with third-party analytics providers to collect interaction data for site optimization and security purposes. These providers operate under contractual data protection obligations. You may instruct your browser to refuse cookies, though doing so may limit your ability to use certain features.

How We Use Your Personal Data

TasiPsych does not sell Personal Data. We do not share Personal Data with third parties for their own marketing or advertising purposes. We may use Personal Data for the following:

• Delivering, operating, and maintaining the Services
• Managing your account and verifying your identity
• Processing transactions and sending related notifications
• Communicating with you via email, phone, SMS, or push notifications
• Providing information about Services, features, or updates (unless you have opted out)
• Responding to support requests and inquiries
• Analyzing usage patterns to improve the Services
• Detecting, preventing, and resolving technical issues, fraud, or security incidents
• Fulfilling legal and regulatory obligations

We may share information with Service Providers acting as data processors, and with affiliates or in connection with a business transaction (such as a merger or acquisition), always subject to appropriate confidentiality and data protection obligations.

Data Retention

• Audio recordings: Permanently deleted upon completion of transcription
• Finalized clinical notes: Retained for a minimum of seven (7) years, consistent with applicable healthcare records retention requirements
• Unsigned notes: Subject to configurable auto-deletion (30 to 365 days, as configured by the Client)
• Client-initiated deletion: Clients may delete any note at any time, with no restrictions imposed by the system. All deletions are permanent and irrecoverable; once deleted, notes and associated information cannot be restored
• Usage data: Retained for service improvement and analytical purposes
• Financial and billing data: Retained as required by applicable law and regulation

When data is no longer required for any operational, legal, or regulatory purpose, it is securely deleted or de-identified.

Data Security

• All data is encrypted in transit (TLS) and at rest
• Infrastructure is hosted on Microsoft Azure under a signed Business Associate Agreement (BAA) supporting HIPAA compliance. Azure maintains a comprehensive set of independent certifications and attestations, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2 Type II, and SOC 3
• PII is always redacted from clinical content before transmission to any AI provider — this control cannot be disabled
• TasiPsych is HIPAA compliant and executes Business Associate Agreements (BAAs) with Clients who are Covered Entities or Business Associates
• Regular security assessments and penetration testing are performed
• Access to PHI is restricted to authenticated, authorized users with role-based access controls
• Audit logs are maintained in accordance with HIPAA requirements

While we implement commercially reasonable safeguards, no electronic transmission or storage system is completely immune from risk. TasiPsych cannot guarantee the absolute security of your information.

Third-Party Service Providers

TasiPsych engages the following categories of third-party Service Providers to support delivery of the Services. All providers are contractually obligated to protect data in accordance with applicable law, and Business Associate Agreements are executed where required:

• Cloud infrastructure providers
• Audio transcription providers
• AI and machine learning model providers (receive only PII-redacted data; never receive raw PII)
• E-prescribing platform provider
• Insurance clearinghouse provider
• Authentication and identity provider
• Analytics and product improvement providers

We do not disclose the specific identities of our Service Providers in this Policy. Clients subject to BAAs may request a current list of sub-processors by contacting us at compliance@tasipsych.com.

Your Rights

Subject to applicable law, you have the right to:

• Access the Personal Data we hold about you
• Correct inaccurate or incomplete Personal Data
• Request deletion of your Personal Data, subject to legal retention obligations
• Receive your data in a structured, portable format
• Opt out of marketing communications at any time
• Withdraw consent where processing is based on consent (withdrawal may limit certain Service functionality)

To exercise any of these rights, contact us at compliance@tasipsych.com. We will respond within the timeframe required by applicable law.

Note regarding patient data: Patients whose information is processed through the Services should direct access, correction, or deletion requests to their healthcare provider (our Client). TasiPsych processes patient data on behalf of Clients and will act on Client instructions with respect to such requests.

State-Specific Privacy Rights

California (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, including the right to know what Personal Data we collect and how it is used, the right to delete Personal Data, the right to opt out of sale or sharing of Personal Data (TasiPsych does not sell Personal Data), the right to non-discrimination for exercising privacy rights, the right to correct inaccurate Personal Data, and the right to limit the use of sensitive Personal Data.

Other States

Residents of other states with applicable consumer privacy laws — including Virginia, Colorado, Connecticut, Utah, and Texas, among others — may have similar rights under their respective state laws. To exercise any state-specific privacy right, please contact us at compliance@tasipsych.com.

Mobile Messaging (SMS/MMS)

If you opt in to receive messages from TasiPsych, we collect your phone number, consent status, messaging preferences, and message logs to operate the messaging program. Messages may include onboarding materials, reminders, support communications, or promotional content where separately consented.

Telecommunications carriers and messaging infrastructure providers process messages as our Service Providers and are prohibited from using your data for their own purposes.

You may opt out at any time by replying STOP; a confirmation will be sent. Message frequency varies. Standard message and data rates may apply. Opt-in and opt-out records are retained for at least six months following opt-out. No mobile messaging information will be shared with or sold to third parties for marketing or promotional purposes.

Children’s Privacy

The Services are not directed to individuals under the age of 13, and account creation requires users to be at least 18 years of age. TasiPsych does not knowingly collect Personal Data from children under 13. If we learn that such data has been collected, we will promptly delete it.

Transfer of Personal Data

Your information may be transferred to and processed on servers located outside your state, province, or country. By using the Services, you consent to this transfer. TasiPsych will take all reasonably necessary steps to ensure your data is handled securely and in accordance with this Privacy Policy and applicable law.

Disclosure of Personal Data

Your data may be disclosed in the following limited circumstances:

• Business transactions: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.
• Legal obligations: When required by law, regulation, valid legal process, or enforceable governmental request.
• Protection of rights: To protect the rights, property, or safety of TasiPsych, our Clients, patients, or others.

Links to Third-Party Websites

Our Services may include links to external websites or services not operated by TasiPsych. We have no control over, and take no responsibility for, the content, privacy practices, or policies of such third-party sites. We encourage you to review the privacy policy of every website you visit.

Changes to This Privacy Policy

We may revise this Privacy Policy periodically. When we do, we will update the “Last updated” date at the top of this page. For material changes, we may provide additional notice via email or through the Services. Your continued use of the Services after any update constitutes your acceptance of the revised Policy.

Contact Us

For privacy-related inquiries, data requests, or concerns about this Privacy Policy, please reach out to:

Quantic Systems LLC (d/b/a TasiPsych)
Email: compliance@tasipsych.com
Website: www.tasipsych.com
New Jersey, USA