Privacy Policy

Locarda LLC ("Locarda," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Locarda, a transcription and reporting tool for forensic and medical documentation, including related applications, integrations, and add-ins (the "Service"). By accessing or using the Service, you agree to the terms of this Privacy Policy.

1 Definitions

1.1 Service: The Locarda application and all related applications, integrations, and add-ins provided by Locarda LLC.

1.2 User: The individual or organization accessing and using the Service.

1.3 Content: All text, data, images, voice recordings, or other materials processed by the Service.

1.4 Protected Health Information (PHI): Any health-related data subject to privacy laws such as HIPAA.

2 Information We Collect

2.1 User-Provided Information

• Account Information: When you register for a subscription, trial, or pilot, we may collect your name, phone number, email address, payment details, county, state, office name, years of experience, and medical designation (e.g., MD, DO, Pathologist Assistant).
• Consent Logs: We record whether you viewed and accepted our Terms and Conditions and Privacy Policy, along with the timestamp of acceptance.
• Disclaimer Acknowledgment: We log acknowledgment of disclaimers presented within the app.

2.2 Content Data

• Uploaded Content: Text, audio, or images you upload are stored temporarily for processing in a HIPAA-compliant environment. All transcriptions and related data are encrypted and securely stored in the cloud, accessible only to authorized users within your organization. Voice recordings remain stored locally on your device and are not transmitted to our servers.
• De-Identification: Case data is never mapped or linked to individual users. All processing occurs within a HIPAA-compliant environment under least-privilege, need-to-know access controls to ensure anonymized usage. Content Data may include limited portions of documents processed through supported integrations and add-ins when initiated by the user.

2.3 Automatically Collected Information

• Device Information: We do not collect device data directly. However, our third-party vendors may collect anonymized information such as operating system, device model, IP address, app version, and build number to support app functionality and performance monitoring.
• Crash Logs: Anonymized crash data used only to identify and fix bugs.
• Usage Analytics: Aggregated, anonymized analytics used to improve performance. No identifiable information is included.

2.4 Institutional Metadata

When the Service is used under an institutional account (e.g., county coroner's office, clinic, or medical institution), we may collect non-identifiable metadata such as organization name and subscription tier.

2.5 Microsoft Word Add-in

What We Access

The Locarda Microsoft Word Add-in accesses only the document you currently have open in Microsoft Word. It does not access or scan other files on your device, local storage, or cloud storage.

What We Collect

When you use the Word Add-in, we may collect:

• Document content that you explicitly choose to process using the AI assistant
• Account information associated with your Locarda account (such as name and email address)
• Chat conversations and prompts entered within the add-in interface

How We Use Data

Data is used solely to:

• Provide AI-assisted document drafting and editing features
• Sync case data and user context across sessions
• Maintain continuity of case-related conversations

Document content is processed transiently for AI operations and is not stored as a complete document file.

Data Storage and Security

• User preferences and chat history may be stored locally on your device
• Case-related data processed through the add-in is stored securely on third-party infrastructure operated under contractual data protection obligations
• All data transmissions use industry-standard encryption

Authentication

The Word Add-in uses your Locarda account for authentication. Locarda does not access, store, or process your Microsoft account credentials.

Service Providers

Locarda uses third-party service providers to support infrastructure, authentication, analytics, and AI-assisted functionality. These providers process data only as necessary to deliver services on Locarda's behalf and are bound by contractual confidentiality, security, and data protection requirements consistent with this Privacy Policy.

Analytics and Tracking

Locarda does not track user activity across documents or applications. We use limited, high-level analytics to understand feature usage and improve product functionality. Analytics data is not used for advertising or cross-platform tracking.

3 Use of Information

We use the collected information to:

• Provide, maintain, and improve the Service.
• Manage user accounts, subscriptions, and payments.
• Ensure legal and regulatory compliance.
• Monitor system performance and reliability.

All data referenced in Section 3 is encrypted and securely processed within our protected environment.

Aggregated, anonymized data may be used for research, analytics, and performance improvement and cannot be used to identify you or any individual associated with submitted cases.

4 Data Security

Locarda operates in a HIPAA-compliant, SOC 2–ready environment to ensure the confidentiality, integrity, and availability of all Protected Health Information (PHI) and user data.

We implement multiple safeguards to protect your data:

• Encryption: TLS 1.2+ for data in transit; AES-256 and SSE-S3 for data at rest.
• Access Controls: Role-based permissions restrict internal access on a need-to-know basis.
• Security Audits: Regular internal reviews and third-party assessments verify compliance and system integrity.
• Vendor Compliance: We maintain Business Associate Agreements (BAAs) with all vendors that process, store, or transmit your data.

Our infrastructure and data-handling protocols are designed to maintain full HIPAA compliance across all operations while meeting SOC 2 standards for security, availability, and confidentiality.

Despite these protections, no digital system can guarantee absolute security, and users should take appropriate measures to safeguard their devices and credentials. These safeguards apply to all components of the Service, including integrated applications and add-ins.

5 User Ownership and Control

You retain full ownership of all data and Content uploaded or processed through the Service.

Voice recordings are stored on the device, while transcriptions are securely stored in a HIPAA-compliant cloud accessible only to authorized organizational users.

You may delete Content directly from your device. Deleting a case removes all related data from our cloud storage. You may also request complete deletion by contacting founders@locarda.com.

6 Sharing of Information

We do not sell or share personal information under any circumstances.

Information may only be disclosed in the following limited situations:

• Legal Obligations: When required by applicable law, regulation, or valid legal process.
• Essential Service Providers: With HIPAA-compliant vendors that support the operation of our Service. All vendors are bound by Business Associate Agreements (BAAs) and must adhere to strict confidentiality and data protection standards.
• Institutional Requirements: When explicitly authorized by your affiliated institution or as necessary to comply with organizational data-sharing protocols.

7 Data Retention

• Account Information: Retained as long as your account is active or as required by law.
• Content Data: Stored securely within a HIPAA-compliant cloud environment. All case data is encrypted, accessible only to authorized users within your organization, and never shared externally.
• Integration Metadata: Interaction logs, usage records, and metadata generated through integrations or add-ins are retained in accordance with the same data retention standards.

Users and organizations are responsible for ensuring compliance with any applicable data-retention laws within their jurisdictions.

8 Your Rights

Depending on your jurisdiction, you may have the right to:

• Access personal data we hold about you.
• Correct inaccurate or incomplete information.
• Delete your personal data.

Institutional users may designate an administrator to exercise these rights on behalf of their organization.

To exercise any rights, contact us at founders@locarda.com. We respond to verified requests within 7 business days.

9 Data Breach Notification

If a breach involving your personal information occurs, Locarda will notify affected users within 72 hours of receiving notice from our third-party vendors or service providers, as required under applicable law. Notifications will include available details, remediation steps, and recommended user actions.

10 Third-Party Links

The Service may include links to external websites or integrations with third-party systems. Locarda is not responsible for the content or privacy practices of these external services. Users should review the privacy policies of any linked or integrated systems before providing information.

11 Changes to This Policy

Locarda may update this Privacy Policy periodically.

Major updates will be communicated via email.

The most current version will always be available at locarda.com/privacy-policy, with the effective date listed above. Continued use of the Service after updates constitutes acceptance of the revised policy.

12 Contact Us

For any questions, concerns, or data requests, contact us at: