Privacy Policy

Last updated: March 28, 2026

1. Introduction

AURU Medical ("AURU", "we", "us") provides an AI-powered medical documentation assistant for orthopedic surgeons. This Privacy Policy explains how we collect, use, and protect your data when you use our Chrome extension and web application.

2. Data We Collect

Account Data

  • Email address (for authentication)
  • Name and professional information (RPPS number)

Medical Data

  • Audio recordings of medical consultations (transmitted for transcription)
  • Transcribed consultation text
  • AI-generated medical reports (reviewed and validated by the physician)
  • Patient information imported from connected services (Doctolib, calendar)

Technical Data

  • Authentication tokens (stored locally in the browser)
  • User preferences and session settings

3. How We Use Your Data

  • Audio recordings are transmitted to our servers for AI-powered transcription and report generation
  • Real-time speech-to-text is processed via Deepgram (speech recognition provider)
  • Generated medical reports are stored securely and accessible only to the authenticated physician
  • Patient data from Doctolib is imported only upon explicit physician action
  • We do not sell, share, or use your data for advertising purposes

4. Data Storage & Security

  • All medical data is stored on HDS-certified infrastructure (Hébergeur de Données de Santé) in compliance with French healthcare data regulations
  • Data is encrypted in transit (TLS) and at rest
  • No patient health data is stored in the Chrome extension's local storage (chrome.storage)
  • Authentication uses JWT tokens with automatic expiration

5. Third-Party Services

  • Deepgram — Real-time speech-to-text transcription. Audio is processed and not retained after transcription.
  • Google Calendar — Calendar synchronization for appointment scheduling, initiated only by the physician via OAuth consent.
  • Resend — Email delivery for verification codes and notifications.

6. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and French data protection law, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent at any time
  • Lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés)

7. Data Retention

Medical data is retained for the duration of the physician's account plus 20 years (in compliance with French medical record retention requirements under Article R.1112-2 of the Code de la Santé Publique). Account data is deleted upon account closure.

8. Chrome Extension Specifics

  • The extension accesses the microphone only when the physician explicitly starts a recording
  • No background audio capture occurs without active user consent
  • The extension communicates only with auru.ai, deepgram.com, and pro.doctolib.fr
  • No data is sent to analytics, advertising, or other third-party services

9. Contact

For any questions about this Privacy Policy or to exercise your data rights, contact us at:

Email: privacy@auru.ai
AURU Medical SAS
Nice, France