Bx
BxScribe
ABA notes & study tools
Legal

Privacy Policy

Last updated: March 7, 2026

1. Information We Collect

We collect information you provide directly when creating an account, including your name, email address, clinician role, and organization name (for agency accounts). When you use our service, we collect session note content, client profile information (stored using initials or pseudonyms you choose), and usage data such as note generation counts and feature interactions.

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the BxScribe service
  • Generate AI-drafted session notes via our OpenAI integration
  • Process payments through Stripe
  • Send transactional emails (account verification, billing receipts)
  • Improve service quality and develop new features

3. Data Sharing and Third Parties

We share data only with the service providers necessary to operate BxScribe:

  • OpenAI — Session note content is sent to OpenAI for AI-assisted note generation. OpenAI's API data usage policy applies.
  • Stripe — Payment and billing information is processed by Stripe. We do not store credit card numbers.
  • Resend — Transactional emails are delivered through Resend.

We do not sell your personal information. We do not share client session data with any party other than OpenAI for the purpose of note generation.

4. HIPAA Considerations

BxScribe is designed with privacy-first practices suitable for ABA clinical documentation. We recommend that users enter client information using initials or identifiers rather than full names. BxScribe uses encrypted connections (TLS), encrypted storage, and access controls. If your organization requires a Business Associate Agreement (BAA), please contact us at support@bxscribe.com.

5. Data Retention

We retain your account and session note data for as long as your account is active. You may request deletion of your data at any time by contacting support. Upon account deletion, we remove all personal data and session notes within 30 days.

6. Security

We implement industry-standard security measures including TLS encryption in transit, encrypted databases at rest, role-based access controls, and regular security reviews. No system is perfectly secure — if you discover a vulnerability, please report it to support@bxscribe.com.

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your account and data
  • Export your session notes
  • Withdraw consent for optional data processing

8. Contact

For privacy questions or data requests, contact us at support@bxscribe.com.