1. Introduction

Welcome to Citrus AI. Your privacy is important to us. This Privacy Policy explains how we collect, use, store, and share personal data when you use our AI-powered medical scribing and documentation services.

We are committed to complying with all relevant privacy laws and regulations, including:
●      UK General Data Protection Regulation (UK GDPR)
●      Data Protection Act 2018
●      Health Insurance Portability and Accountability Act (HIPAA) (for US-based users, where applicable)

By using Citrus AI, you consent to the data practices described in this policy.

2. Who We Are

Citrus AI is an AI-powered Clinic Assistant that helps healthcare professionals automate and streamline clinical documentation while ensuring data security and compliance.
●      Company Name: Citrus AI is the Brand name of VMLP AI Healthcare Limited
●      Registered Office: 20 Wenlock Road, London, N1 7GU, England, UK
●      Email: admin@getcitrus.ai

For any data protection inquiries, please contact our Data Protection Officer (DPO) admin@getcitrus.ai

3. What Data We Collect

3.1 Personal Data You Provide
We may collect personal data when you:
●      Sign up for Citrus AI services
●      Communicate with us via email or customer support
●      Provide feedback or participate in surveys

This may include:
Full name
Email address
Professional details (e.g., medical practice, role, specialty)
Payment details (for subscription services)

3.2 Health & Patient Data (Processed for Healthcare Providers Only)
For healthcare providers using Citrus AI, we process: Medical notes & patient records (as dictated by clinicians)
Clinical documentation data Voice recordings and transcriptions

Citrus AI does not own or control patient data. We act as a data processor, handling data strictly on behalf of healthcare providers who remain the data controllers.

3.3 Technical Data
When you use our platform, we automatically collect:
Device and browser information
IP addresses
Usage analytics & system logs

This helps us improve user experience, security, and platform performance.

4. How We Use Your Data

We process data for the following legitimate purposes:

Providing & improving Citrus AI services – Enabling medical scribing, transcriptions, and AI-powered health record analysis.
Ensuring compliance with medical and data protection regulations.
Customer support & account management – Helping users troubleshoot issues.
Security & fraud prevention – Detecting unauthorized access or misuse.
Legal & regulatory obligations – Complying with UK GDPR, NHS, and HIPAA standards.

We never sell your personal data to third parties. 

5. Data Storage & Security 

Citrus AI prioritizes data security through robust encryption, access controls, and compliance protocols.

End-to-End Encryption – All data is encrypted in transit and at rest. Secure UK/EU Data Hosting – We store data in compliant, GDPR-aligned servers.
Regular Security Audits – Conducted by third-party security firms to prevent breaches.
Strict Access Controls – Only authorized personnel have access to sensitive data.

For more details, visit our [Security & Compliance Page]. 

6. Data Retention Policy

We retain personal data only for as long as necessary to:

Provide our services
Meet legal, contractual, and regulatory obligations
Resolve disputes & enforce policies

Data is securely deleted in compliance with UK GDPR retention guidelines when no longer required. 

7. Sharing Your Data

We may share your data in limited circumstances:

With your consent – When required for specific integrations or partnerships.
With service providers – Third-party vendors assisting in hosting, analytics, or customer support (all under strict confidentiality agreements).
Legal compliance – If required by law or government authorities.

We do not share patient health data with third-party advertisers or unauthorized entities.

8. International Data Transfers

If we process data outside the UK/EU, we ensure that:
Data is transferred securely under Standard Contractual Clauses (SCCs)
All vendors meet UK GDPR & NHS compliance standards

9. Your Rights Under UK GDPR

As a user, you have the following rights regarding your data:

Right to Access – Request a copy of your personal data.
Right to Rectification – Correct inaccurate or incomplete data.
Right to Restrict Processing – Limit how your data is used.
Right to Erasure ("Right to be Forgotten") – Request deletion of your data.
Right to Object – Withdraw consent or object to processing.
To exercise your rights, contact us at admin@getcitrus.ai

10. Requesting for Data Deletion

If you wish to delete your personal data from our system, please send an email to admin@getcitrus.ai with the following details:

Full Name
Age
Doctor's Name
Date of Consultation
Your request will be reviewed and processed in accordance with GDPR compliance standards. Once completed, you will receive an email confirmation.

11. Cookies & Tracking Technologies

We use cookies to:
•   Improve user experience
•   Analyze platform performance
•   Enhance security measures

You can manage or disable cookies in your browser settings. For more details, refer to our [Cookie Policy].

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect legal changes or improvements to Citrus AI. Users will be notified of significant updates via email or platform notifications.

12. Contact Us

For any privacy-related questions or concerns, contact us at:
Email: admin@getcitrus.ai
Company Name: VMLP AI Healthcare Limited
Office Address: 20 Wenlock Road, London, N1 7GU, England, UK

Citrus AI is committed to protecting your privacy while delivering a secure and compliant AI-powered medical scribing experience.