Advokit Privacy Policy

Effective Date: May 8, 2026  |  Last Updated: May 8, 2026

Advokit (“Advokit”, “we”, “us”, or “our”) provides a patient-empowerment mobile application that helps you prepare for healthcare appointments, capture and review what happens during visits, and follow up on action items afterward (the “App” or “Service”). This Privacy Policy explains what information we collect, how we use it, when we share it, and the rights and choices you have. It applies to your use of the Advokit mobile app on iOS and Android, our website at myadvokit.ai, and any related services that link to this Policy.

Important: Advokit is a personal organizational tool. It does not provide medical advice, diagnosis, or treatment, and it is not a medical device. Always consult your physician or other qualified healthcare provider for medical decisions. See our Terms of Service for additional details about how the Service is intended to be used.

Plain-language summary. We collect the information you give us (account details and the notes, recordings, and visit information you choose to enter) plus a small amount of technical data needed to operate the App. We use that information only to deliver the Service to you. We do not sell your information, we do not use it for advertising, and we do not use your health information to train AI models. You can ask us to delete your account and your data at any time.

1. Who This Policy Applies To

This Policy applies to U.S. residents who use Advokit. The App is intended for adults 18 years of age or older. A parent or legal guardian who is 18 or older may use the App to help manage healthcare appointments for a minor in their care. Adults who use the App for someone else (a child, parent, or other family member) are responsible for the information they enter about that person and for having the legal authority to do so.

We do not knowingly collect personal information directly from children under 13. See Section 13 (Children's Privacy) for more detail.

2. Information We Collect

2.1 Information You Provide to Us

  • Account information. Your name, email address, and authentication identifiers when you sign in (you may sign in with email and password, with Sign in with Apple, or with Sign in with Google).

  • Profile and visit information. Information you choose to enter about yourself or someone in your care, including health concerns, symptoms, medications, prep questions, appointment details, providers you see, and follow-up tasks.

  • Audio recordings and transcripts. If you choose to record a healthcare appointment, we collect the audio recording and an automated transcript generated from it. You control whether and when to record.

  • AI-generated content. Personalized prep guides, summaries, and follow-up suggestions that are generated for you based on the information you provide.

  • Communications. Messages you send us (for example, support requests sent to neelam@myadvokit.ai) and feedback you submit through the App.

2.2 Information Collected Automatically

  • Device and app data. Device model, operating system and version, app version, language and time zone, and general usage events such as feature opens and errors. This helps us keep the App working and diagnose issues.

  • Log data. Server logs (for example, IP address, request timestamps, and error traces) generated automatically when the App communicates with our backend.

  • Crash and performance reports. Diagnostic information provided by Apple's App Store Connect and Google Play Console when the App crashes or experiences performance issues, and equivalent information from our hosting provider's logs.

We do not currently use third-party advertising SDKs, third-party advertising identifiers, cross-app tracking, or third-party marketing analytics.

2.3 Information from Other Sources

If you sign in with Apple or Google, we receive a limited identifier and (with your permission) your name and email address from that identity provider. We do not pull contacts, photos, location, or other data from your Apple or Google account.

2.4 Permissions the App Requests

  • Microphone. Used only when you actively start a recording of an appointment.

  • Notifications. Used to send you reminders, prep nudges, and follow-up alerts you have enabled.

  • Calendar. Used, with your permission, to read or write appointment events to help you stay organized.

You can change these permissions at any time in your device settings. Denying a permission may prevent the related feature from working.

3. How We Use Your Information

We use the information described above to:

  • Provide and operate the Prepare, Visit, and Follow-up features of the App;

  • Create your account, authenticate you, and keep your account secure;

  • Generate personalized prep guides, transcripts, and visit summaries using AI;

  • Send transactional communications such as account confirmations, reminders, in-app tutorials, security notices, and product update notices to your registered email;

  • Respond to your support requests and feedback;

  • Monitor, troubleshoot, secure, and improve the App, including diagnosing crashes and abuse;

  • Comply with our legal obligations, enforce our Terms, and protect the rights, property, or safety of Advokit, our users, or others.

We do not use your health information for marketing or advertising. We do not sell your personal information. We do not use your personal health information, audio recordings, transcripts, or visit content to train public or general-purpose AI models.

4. Automated and AI Processing

Advokit uses artificial intelligence to power its core features. By using the App you acknowledge the following:

  • Preparation and synthesis. AI models help analyze the information you enter during the Prepare phase to identify themes and health priorities and to generate personalized prep guides.

  • Transcription. If you choose to record an appointment, AI-based speech-to-text converts the audio into a transcript. Automated transcription can contain errors; please review transcripts for accuracy before relying on them.

  • Summarization and follow-up. AI models generate summaries and suggested follow-up actions based on your visit content.

  • Vendors. We currently use Anthropic and Google as our AI/transcription providers. These vendors process your content under contractual confidentiality and security obligations and are not permitted to use it to train their general models.

  • No automated decisions with legal effect. Advokit does not use AI to make decisions about you that have legal or similarly significant effects, and AI output is not a substitute for the judgment of a licensed clinician.

5. Audio Recording and Consent

Recording laws vary by state. Some states require the consent of all parties to a conversation before it may be recorded. As of 2026, the following states are generally treated as “all-party consent” states: California, Delaware, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania, and Washington.

It is your responsibility to understand and follow the recording laws in your state. If you are in an all-party consent state, you must obtain your healthcare provider's consent before starting a recording. Even in one-party consent states, we strongly encourage you to seek your provider's consent. You are solely responsible for your decision to record and for any consequences of that decision.

6. How We Share Your Information

Advokit does not sell your personal information and does not share it with advertisers or marketing partners. We share information only in the limited situations described below:

  • With service providers (sub-processors). Vendors that operate the App on our behalf, such as cloud hosting, authentication, transactional email, AI/transcription, and error logging providers. These vendors may process your information only to provide services to us and under contractual confidentiality and security obligations.

  • With you and people you authorize. If you choose to export, share, or send content (for example, a prep guide or summary) to another person or to your healthcare provider, that information leaves Advokit's control and is subject to your sharing choices.

  • For legal reasons. We may disclose information if we believe in good faith that disclosure is required by law, legal process, or government request; necessary to detect, prevent, or address fraud or security issues; or necessary to protect the rights, property, or safety of Advokit, our users, or others.

  • In a business transfer. If Advokit is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you (for example, by email or in-app notice) of any change in ownership or use of your information.

  • With your consent. In any other case where you direct us to share your information.

7. Service Providers and Sub-processors

We work with the following categories of service providers. We update this list as our infrastructure changes and post the current list in this Policy.

  • Hosting and infrastructure: Google Cloud (including Cloud Run) and Vercel – hosting of our backend services and web frontend.

  • Database and authentication: Supabase – user accounts, authentication, and storage of user-generated content. User data is logically separated by user account.

  • Transactional email: Resend – delivery of account, reminder, tutorial, and update emails.

  • AI and transcription: Anthropic and Google (including Google Cloud Speech-to-Text and Gemini) – AI processing and automated speech-to-text.

  • App distribution and platform analytics: Apple App Store and Google Play – app distribution, in-app purchase processing, and platform-provided crash and performance reports.

These vendors may store and process information in the United States. We do not currently transfer user data outside the United States other than as needed by these vendors to operate their services.

8. Email and Push Notifications

With your registered email, we send transactional messages such as account confirmations, password and security notices, appointment reminders you have set up, in-app tutorials and tips, and product update notices. These messages are part of the Service and are not used for third-party advertising. You can disable optional reminders and tutorials in the App. Account, security, and legal notices may continue to be sent so we can operate the Service.

Push notifications are delivered through Apple Push Notification service and Google Firebase Cloud Messaging at the operating-system level. You can disable push notifications at any time in your device settings.

9. Data Retention

We retain your account information and the visit content you create for as long as your account is active or as needed to provide the Service. When you ask us to delete your account, we will delete or de-identify your account information and your visit content within 30 days of confirming the request, except for limited information we are required to keep for legal, tax, audit, dispute resolution, or security purposes (for example, certain logs and abuse-prevention records). Backup copies are deleted on our regular backup rotation schedule.

10. How We Protect Your Information

We use industry-standard technical and organizational measures designed to protect your information, including encryption in transit (HTTPS/TLS), encryption at rest for our databases, role-based access controls, and logical separation of user data by account so that one user's data is not exposed to another user. We rely on the security programs of our cloud providers (Google Cloud, Supabase, Vercel, and others) for the underlying infrastructure.

Advokit is an early-stage startup and does not yet maintain enterprise-grade security certifications such as SOC 2, HITRUST, or ISO 27001. No method of transmission or storage is perfectly secure, and we cannot guarantee the security of information you transmit to or store with us.

11. HIPAA Notice

Advokit is not a “covered entity” as defined by the Health Insurance Portability and Accountability Act (HIPAA). The App does not transmit or receive Protected Health Information (PHI) to or from healthcare providers or insurance plans. All data stored within the App is provided voluntarily by you for your personal use. You are responsible for the privacy of the information you input and share from your device.

Advokit uses standard industry security practices — including secure hosting and database controls provided by our infrastructure partner Supabase, encryption in transit (HTTPS/TLS), encryption at rest, and logical separation of user data — to protect the information you entrust to us. We intend to pursue HIPAA-aligned controls and related security attestations as Advokit matures, but Advokit is not currently HIPAA-compliant and does not at this time act as a “business associate” of any covered entity. You should not rely on Advokit to satisfy HIPAA obligations that may apply to your healthcare provider, employer, or other covered entity.

12. Your Privacy Rights and Choices

All Advokit users may exercise the following rights regarding personal information we hold about you:

  • Access. Request a copy of the personal information we hold about you.

  • Correct. Ask us to correct information you believe is inaccurate. You can also edit much of your profile and visit content directly in the App.

  • Delete. Ask us to delete your account and the personal information associated with it.

  • Portability. Request a copy of your information in a portable, machine-readable format.

  • Withdraw consent. Where we rely on your consent, withdraw it at any time. Withdrawing consent does not affect processing already performed.

To exercise these rights, email neelam@myadvokit.ai from the email associated with your account, or contact us as described in Section 18. We will verify your request and respond within the timeframes required by applicable law (generally within 45 days, with one extension where allowed). We will not discriminate against you for exercising your privacy rights.

12.1 Account Deletion

You may delete your Advokit account and the data associated with it by contacting us at neelam@myadvokit.ai. We will also offer an in-app option to request account deletion. Deletion is permanent and we cannot recover your data after it has been removed from our active systems.

13. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (“CCPA”), as amended by the CPRA, gives you specific rights:

  • The right to know what personal information we collect, use, disclose, and (if applicable) sell or share, and to receive a copy of that information;

  • The right to delete personal information we have collected from you, subject to certain exceptions;

  • The right to correct inaccurate personal information we maintain about you;

  • The right to limit the use and disclosure of sensitive personal information to what is necessary to provide the Service;

  • The right to opt out of the “sale” or “sharing” of personal information for cross-context behavioral advertising; and

  • The right not to be discriminated against for exercising your privacy rights.

Categories of Personal Information

In the past 12 months we have collected the following categories of personal information defined by the CCPA:

  • Identifiers (such as name, email, account ID, IP address);

  • Customer records information (such as account contact information);

  • Internet or other electronic network activity information (such as app usage events and crash logs);

  • Sensory information (such as audio recordings of appointments you choose to record);

  • Sensitive personal information – specifically, account login credentials and the health-related information you choose to enter; and

  • Inferences drawn from the above to generate your personalized prep guides and summaries.

We collect these categories from you directly and from your device when you use the App, and we share them with the categories of service providers described in Section 7. We do not “sell” personal information and we do not “share” personal information for cross-context behavioral advertising as those terms are defined under the CCPA. We use sensitive personal information only for the purposes permitted by Cal. Civ. Code § 1798.121 – namely, to provide the Service you have requested, to ensure security and integrity, and to perform the limited operational purposes the law allows.

Submitting a California Request

California residents may submit access, deletion, correction, or limit-use-of-sensitive-personal-information requests by emailing neelam@myadvokit.ai. We will verify the request by matching the email address to your account and may ask for additional information to confirm your identity. You may use an authorized agent; we will require written proof of authorization. We honor opt-out preference signals such as the Global Privacy Control to the extent applicable to our processing.

Notice of Financial Incentive

We do not offer financial incentives in exchange for personal information.

14. Other U.S. State Privacy Rights

Residents of states with comprehensive consumer privacy laws (including, as of the effective date, Colorado, Connecticut, Delaware, Indiana, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia) have rights similar to those described in Section 12, including the rights to access, delete, correct, and obtain a portable copy of their personal information, and to opt out of targeted advertising, sale of personal data, and certain profiling. Advokit does not engage in targeted advertising, sale of personal data, or qualifying profiling.

To exercise your rights, email neelam@myadvokit.ai. If we deny your request, you may have the right to appeal by replying to our denial; we will respond to appeals within the timeframes required by your state's law.

15. Children's Privacy

Advokit is not directed to children under 13, and we do not knowingly create accounts for, or knowingly collect personal information directly from, children under 13. The App is intended for users 18 and older.

A parent or legal guardian who has an Advokit account may enter information about a minor child in their care to help manage that child's healthcare appointments. If you do so, you confirm that you have the legal authority to provide that information and to make privacy decisions on the child's behalf. Information you enter about a minor is treated with the same protections as your own account content. If you would like us to delete information you have entered about a minor, please contact neelam@myadvokit.ai.

If we learn that we have collected personal information directly from a child under 13 without verifiable parental consent, we will delete it as quickly as possible. If you believe a child has provided personal information to us, please contact neelam@myadvokit.ai.

16. Geographic Scope

Advokit is offered to users in the United States. The App is not intended for use by individuals located outside the United States. If you access the App from outside the United States, you do so at your own initiative and you are responsible for compliance with local laws. Your information will be processed and stored in the United States.

17. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this Policy. If we make material changes, we will provide additional notice (for example, by email to your registered address or through an in-app notice) before the changes take effect. Your continued use of the App after the effective date of the updated Policy means you accept the updated terms.

18. Contact Us

If you have questions, requests, or concerns about this Privacy Policy or our handling of your information, please contact us at:

Advokit — attn: Privacy

Email: neelam@myadvokit.ai

Website: https://www.myadvokit.ai