Privacy Policy

1. Introduction

OTUS AI is committed to protecting the privacy of clinicians and patients. This Privacy Policy explains how we process audio, transcript, and note data in compliance with the General Data Protection Regulation (GDPR) and the UK GDPR.

2. Data Controller and Processor Roles

When a clinician uses OTUS AI, the clinician or their organisation is the Data Controller. Dental OTUS AI (the application) and Microsoft Azure act as Data Processors, processing data strictly on the controller’s behalf and under documented instructions.

3. Data We Process

• Audio input: Voice recordings captured locally in the browser and sent to Azure Speech for transcription.
• Transcripts: Text generated from audio for note drafting.
• Draft notes: Text summaries generated via Azure OpenAI.
• Visit metadata: Information you enter to organise work (e.g. patient name and visit timestamps).

OTUS AI is designed to minimise data. However, to support viewing recent visits and retrieving drafts, the app stores transcripts and generated notes in a secure database for a limited period (see Section 6). Please avoid entering more patient information than is necessary for your workflow.

4. Purpose and Legal Basis

The lawful basis for processing under Article 6 GDPR is the clinician’s legitimate interest or legal obligation to create clinical records. Processing of special-category (health) data is covered by Article 9(2)(h): necessary for medical diagnosis and provision of health care.

5. Data Residency and Security

All processing takes place on Microsoft Azure OpenAI and Speech resources hosted in EU or UK regions. Azure provides GDPR-compliant data processing terms, encryption in transit and at rest, and ensures no cross-border transfer outside these regions.

Transcripts and generated notes are stored in a database to support clinician workflows (e.g. returning to a recent visit). We use encryption in transit (HTTPS/TLS) and apply access controls so clinicians can only access their own data.

6. Data Retention

OTUS AI retains visit data (including transcripts and generated notes) for a limited period to support drafting and retrieval of recent work. Data is automatically deleted after a configured retention period (typically 60 days).

Audio is processed for transcription and is not stored by the app as a long-term recording. You can also delete a visit manually from the app, which deletes associated transcripts and notes.

You can view your organisation’s configured retention period in Settings.

Audit logs may be retained separately for security and operational purposes.

7. Data Subject Rights

Patients whose data is processed through this tool retain all GDPR rights, including the rights of access, rectification, and erasure. Clinicians can delete visits from the app, which removes associated transcripts and notes. For additional requests, please contact us using the details below.

8. Cookies and Analytics

OTUS AI uses essential cookies for authentication (for example, to maintain your signed-in session). We do not use advertising trackers. If analytics are enabled in the future, this policy will be updated accordingly.

9. Data Sharing

Data is not shared with any third party other than Azure services necessary to perform transcription and summarisation, under Microsoft’s GDPR-compliant Data Processing Addendum.

10. Contact

For any GDPR or data protection inquiries, please contact:
OTUS AI Privacy Lead
privacy@dentalscribe.ai