Privacy Policy

Last updated: May 9, 2026

1. Who we are

Capture is operated by Capture, a US-based company. This Privacy Policy describes how we collect, use, and disclose information when you use our website and service. Capture is an AI-assisted surgical billing tool that produces CPT and ICD-10 code suggestions and operative-note enhancements from clinical text submitted by users.

2. Information we collect

  • Account information. Name, email address, and authentication identifiers when you sign up or sign in (including via Google OAuth).
  • Clinical content you submit. Operative notes, document instructions, prompts, replies, and any related text you upload or paste into the service. This content may include Protected Health Information (PHI).
  • Service-generated content. Our AI suggestions, your edits, thread replies, and the resolved coding decisions you make on each document.
  • Billing information. Subscription tier, billing email, and Stripe customer/subscription identifiers. We do not store payment card numbers; Stripe does.
  • Operational metadata. Timestamps, request identifiers, error types, page paths, and aggregate usage counts. We do not log clinical content in error reports.

3. How we use information

  • To provide the service: generate code suggestions, store your documents, and surface your prior work.
  • To operate and secure the service: monitor errors, prevent abuse, and enforce access controls.
  • To bill you and manage your subscription, via Stripe.
  • To communicate service updates, security notices, and product information you have requested.
  • To improve the service in aggregate. We do not use your clinical content to train third-party foundation models.

4. Protected Health Information (PHI)

When you use Capture as a HIPAA-covered entity or business associate, you may submit PHI to our service. In that case, Capture acts as your Business Associate. PHI is processed under our Business Associate Agreement (BAA) and the additional commitments described on our HIPAA page. We require a signed BAA before a customer may submit PHI on behalf of a covered entity.

5. Subprocessors

We rely on a small set of subprocessors to deliver the service:

  • Google Cloud (Firebase, Firestore, Cloud Run, Vertex AI). Hosting, database, authentication, and AI inference. Covered by Google’s HIPAA BAA.
  • Stripe. Subscription billing and payments. Receives only billing identifiers and email; does not receive PHI.
  • Slack. Receives operational error metadata (request IDs, error types, route names) for engineering alerts. Does not receive PHI.

We will provide our current list of subprocessors on request and notify customers under BAA before adding any new subprocessor that handles PHI.

6. Sharing

We do not sell personal information. We disclose information only to (a) the subprocessors above to provide the service, (b) law enforcement or regulators when legally required, and (c) parties to a corporate transaction (merger, acquisition, financing) under confidentiality obligations.

7. Retention

We retain account and document content for the duration of your account. Operative-note content and AI outputs are stored in our database to power your dashboard, history, and audit trail. You may delete documents at any time. You may also request full account deletion via the in-product control or by emailing hello@joincapture.ai. Customer-specific retention terms in a signed BAA take precedence over these defaults.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated data.
  • Export your data in a machine-readable format.
  • Object to or restrict certain processing.

California residents have additional rights under the CCPA/CPRA, including the right to know what categories of personal information we collect and the right not to be discriminated against for exercising privacy rights. To exercise any of these rights, email hello@joincapture.ai.

9. Security

We use HTTPS in transit, encryption at rest provided by Google Cloud, scoped IAM access controls, idle-session timeouts, and a HIPAA-aware logging pipeline that excludes clinical content from error reports. Details on technical and administrative safeguards are listed on our HIPAA page.

10. Children

Capture is not directed to individuals under 18 and we do not knowingly collect personal information from children.

11. International users

Capture is operated from the United States. By using the service from outside the US, you consent to processing of your information in the United States.

12. Changes

We may update this Privacy Policy. Material changes will be communicated via email or in-product notice and the “Last updated” date above will be revised.

13. Contact

Capture
Email: hello@joincapture.ai

Questions? Email hello@joincapture.ai.