Privacy Policy

Last updated: March 13, 2026

Overview

ChartCoder ("Service"), operated by SmartCoding.ai ("we", "us", "our"), is committed to protecting your privacy and handling health-related data responsibly. This policy describes how we collect, use, and safeguard information when you use our Service.

HIPAA Compliance & Protected Health Information

ChartCoder is designed as a de-identified clinical note analysis tool. Users are required to remove all Protected Health Information (PHI) before submitting notes for analysis. PHI includes but is not limited to:

  • Patient names, addresses, and contact information
  • Dates of birth, admission dates, and discharge dates
  • Social Security numbers, medical record numbers, and health plan beneficiary numbers
  • Account numbers, certificate/license numbers, and device identifiers
  • Web URLs, IP addresses, biometric identifiers, and photographs
  • Any other unique identifying number, characteristic, or code

Users must confirm that submitted notes contain no PHI before each analysis. By using the Service, you accept responsibility for de-identifying all clinical content prior to submission.

Data We Collect

Account Information

When you register, we collect your email address, password (stored as a salted hash, never in plain text), and optional profile information (display name, organization, role).

Analysis Data

  • Clinical notes are transmitted securely for AI processing and are not stored on our servers after analysis is complete.
  • Note previews (first 200 characters) are stored only if you explicitly opt in via the "Save note preview" checkbox.
  • Analysis results (ICD-10/CPT codes, confidence scores, reasoning) are stored in your account history to allow you to review past analyses.
  • A SHA-256 hash of each note is stored for caching purposes. This hash cannot be reversed to reconstruct the original note.

Usage Data

We track aggregate usage counts (analyses per month) to enforce usage tier limits. We do not use third-party analytics or tracking services.

How We Use Your Data

  • To provide AI-powered medical coding analysis
  • To maintain your analysis history
  • To enforce usage limits based on your subscription tier
  • To communicate important service updates

Data Security

We implement the following safeguards to protect your data:

  • Encryption in transit: All data is transmitted over TLS/HTTPS
  • Encryption at rest: Database storage uses industry-standard encryption
  • Password security: Passwords are hashed using ASP.NET Core Identity's PBKDF2-based hashing with individual salts
  • Access controls: Analysis records are scoped to individual user accounts; users can only access their own data
  • No PHI storage: Clinical notes are processed in memory and discarded after analysis; only de-identified results are persisted
  • Data minimization: We collect only the minimum data necessary to provide the Service

Data Retention & Deletion

  • You can delete individual analysis records at any time from your history
  • Account deletion removes all associated data, including analysis history and usage records
  • Cached note hashes are retained for performance but contain no identifiable content

Third-Party Processing

Clinical notes are processed by our AI engine hosted on the SmartCoding.ai platform. No data is shared with other third parties for marketing, advertising, or any unrelated purpose.

Your Rights

You have the right to:

  • Access your stored data through the History and Profile sections
  • Delete your analysis records at any time
  • Request full account deletion by contacting us
  • Opt out of note preview storage on a per-analysis basis

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact

For privacy-related inquiries, contact us at privacy@smartcoding.ai.