Security & privacy
Your records are processed, then gone
Medical records are sensitive by nature. Here’s exactly what happens to a file you upload, what we keep, and what we don’t yet offer.
Principles
How Chartely treats your data
Records are processed in memory, not stored
The medical records you upload are used only to run the extraction and build your chronology. Source files are not retained after processing, we don't warehouse the documents you upload.
Encrypted in transit
Every upload and API call runs over HTTPS/TLS. Your account, chronology results and API usage data live in an encrypted Postgres database (Supabase) with access restricted to what's needed to operate the Service.
Page citations make review fast
Every extracted event carries a citation back to its source page and a confidence signal, so a low-confidence read is visible and checkable, not smoothed over.
API keys stored hashed
API keys are stored hashed, never in plaintext, and can be rotated or revoked instantly from your account if one is ever exposed.
No training on your data
We don't use the content of the records you upload to train models for other customers, and we don't sell your data.
Not legal or medical advice
Chartely organizes the medical records you provide. It is not legal or medical advice, and automated extraction can misread poor-quality scans. Review the chronology before you rely on it. Every event links to its source page, so review takes minutes, not days.
What we don’t yet offer
- A signed Business Associate Agreement (BAA) under HIPAA.
- SOC 2 or similar third-party security certification.
We’d rather say this plainly than let silence imply a compliance status we haven’t earned.
FAQ
Security questions
Do you keep a copy of the medical records I upload?
No. Uploaded records are processed in memory to build your chronology and are not retained after processing.
What data do you keep?
We keep the structured chronology result (events, gaps, narrative, confidence) in your account so you can re-download or re-export it, plus your account and billing details. The source records themselves are not retained.
Is my data encrypted?
Yes, all traffic to and from Chartely runs over HTTPS/TLS, and stored data lives in an encrypted Postgres database with restricted access.
Do you use uploaded records to train AI models?
No. We don't use the content of the records you upload to train models, for us or anyone else.
Do you offer a BAA or hold SOC 2 certification?
Not yet, we say so plainly rather than implying a compliance status we haven't earned. If either is a hard requirement for your firm, contact us before uploading records that would require one.
Read the full privacy policy
Details on what we collect, why, and how to delete it.