index | terms | privacy | contact

Privacy Notice 🔒

Docrates AI™ is prototype-stage beta software provided solely for test-user evaluation and demonstration. The software is pre-launch and not available to the general public. Access is limited to the founder’s friends, family, testers, and designated early evaluators.

All Protected Health Information (PHI) is removed using Google Cloud Sensitive Data Protection (DLP) before any content is submitted to the AI model. PHI is never sent, stored or written to logs. Analysis results do not contain PII/PHI, are encrypted, stored in encrypted storage, and retained for 3 days then destroyed. Personally identifiable information (PII) including User ID, email address, and phone number are captured during authentication, stored in Identity Platform for identity verification, and are logged to Cloud Logging for operational monitoring and auditing.

Use of Google Cloud Platform

Docrates AI runs on Google Cloud Platform (GCP) infrastructure, including:

• Google Gemini LLM
• Cloud Run (serverless, stateless compute)
• Cloud Storage (encrypted storage for datalake, configurations, logs, prompts)
• Secret Manager (secure storage for encryption keys)
• Cloud Logging (observability and audit trails)
• Sensitive Data Protection (DLP) for PHI redaction
• Identity & Access Management (least-privilege service accounts and permissions)
• Identity Platform (authentication, MFA, provider configuration)
• Firebase Authentication Client SDK (MFA as part of Identity Platform)

Current Data Protection Measures

• All data transmission occurs over HTTPS.
• Cloud Run is stateless and does not persist data.
• Uploaded files are processed in memory; PII/PHI is removed using Google DLP before any content is submitted to the AI model.
• Analysis results are encrypted before being stored in Cloud Storage, using encryption keys held in Secret Manager.
• Encrypted results stored in Cloud Storage can only be decrypted by the application with the associated encryption key.
• The application reads encrypted result files to display output or generate downloadable PDFs.
• All application activity is logged through Cloud Logging for audit and operational monitoring.
• No PHI from uploaded files or analysis results is ever logged.

Security Measures

• Access to the authentication flow requires an ACL passcode to prevent unauthorized entry.
• MFA (multi-factor authentication) is used to verify user identity.
• Identity Platform securely stores user emails and phone numbers.
• Firebase Authentication Client SDK, integrated with Identity Platform, handles MFA processing.

The software infrastructure used by Docrates AI may change at any time without notice.