Privacy Policy
Last updated: February 15, 2026
Key commitment: InstantHPI is designed for HIPAA compliance. No Protected Health Information (PHI) is stored locally in the Chrome extension. Signing out clears all local data immediately.
1. Information We Collect
When you use InstantHPI, we may collect:
- Google account information: Email address and display name (used for authentication only)
- Extension settings: Your preferences (notification settings, server URL) stored locally in Chrome
- Usage data: Anonymous usage statistics to improve the extension
2. Information We Do NOT Collect or Store Locally
- Patient names, medical records, or any Protected Health Information (PHI)
- Message content from Spruce Health
- AI-generated documentation (processed server-side only)
- Passwords or authentication tokens beyond the current session
3. How We Use Information
- Authentication: Google Sign-In verifies your identity to connect to the InstantHPI server
- Notifications: To alert you of urgent patient messages (no PHI in notifications)
- Settings sync: To remember your preferences across sessions
4. Data Storage & Security
- All patient data is processed on our secure server, never stored in the extension
- Communication between the extension and server uses HTTPS encryption
- Signing out clears ALL local extension data immediately
- The extension uses Chrome's built-in secure storage API
5. HIPAA Compliance
InstantHPI is designed with HIPAA compliance in mind:
- No PHI is stored locally in the Chrome extension
- All data transmission is encrypted (HTTPS/TLS)
- Sign-out immediately purges all local data
- Notifications contain no patient-identifiable information
- Demo mode uses only fictional patient data
6. Third-Party Services
- Google OAuth: For authentication (Google Privacy Policy)
- Spruce Health: For patient messaging (data handled per Spruce's BAA)
- Anthropic Claude: For AI documentation generation (no PHI retained after processing)
7. Your Rights
- You can sign out at any time to delete all local data
- You can uninstall the extension to remove all stored preferences
- You can request deletion of your account data by emailing us
8. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.
9. Contact
For privacy-related questions or data deletion requests:
Email: instanthpi@gmail.com