Privacy Policy — Locarda LLC

Effective Date: November 23, 2025

Locarda LLC ("Locarda," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use AutopsyAI, an AI-powered transcription and reporting tool for forensic and medical documentation (the "Service").

By accessing or using the Service, you agree to the terms of this Privacy Policy.

1. Definitions

1.1 Service: The AutopsyAI application and related services provided by Locarda LLC.

1.2 User: The individual or organization accessing and using the Service.

1.3 Content: All text, data, images, voice recordings, or other materials processed by the Service.

1.4 Protected Health Information (PHI): Any health-related data subject to privacy laws such as HIPAA.

2. Information We Collect

2.1 User-Provided Information

  • Account Information: When you register for a subscription, trial, or pilot, we may collect your name, phone number, email address, payment details, county, state, office name, years of experience, and medical designation (e.g., MD, DO, Pathologist Assistant).
  • Consent Logs: We record whether you viewed and accepted our Terms and Conditions and Privacy Policy, along with the timestamp of acceptance.
  • Disclaimer Acknowledgment: We log acknowledgment of disclaimers presented within the app.

2.2 Content Data

  • Uploaded Content: Text, audio, or images you upload are stored temporarily for processing in a HIPAA-compliant environment. All transcriptions and related data are encrypted and securely stored in the cloud, accessible only to authorized users within your organization. Voice recordings remain stored locally on your device and are not transmitted to our servers.
  • De-Identification: Case data is never mapped or linked to individual users. All processing occurs within a HIPAA-compliant environment under least-privilege, need-to-know access controls to ensure anonymized usage.

2.3 Automatically Collected Information

  • Device Information: We do not collect device data directly. However, our third-party vendors may collect anonymized information such as operating system, device model, IP address, app version, and build number to support app functionality and performance monitoring.
  • Crash Logs: Anonymized crash data used only to identify and fix bugs.
  • Usage Analytics: Aggregated, anonymized analytics used to improve performance. No identifiable information is included.

2.4 Institutional Metadata

When the Service is used under an institutional account (e.g., county coroner's office, clinic, or medical institution), we may collect non-identifiable metadata such as organization name and subscription tier.

3. Use of Information

We use the collected information to:

  • Provide, maintain, and improve the Service.
  • Manage user accounts, subscriptions, and payments.
  • Ensure legal and regulatory compliance.
  • Monitor system performance and reliability.

All data referenced in Section 3 is encrypted and securely processed within our protected environment.

Aggregated, anonymized data may be used for research, analytics, and performance improvement and cannot be used to identify you or any individual associated with submitted cases.

4. Data Security

Locarda operates in a HIPAA-compliant, SOC 2-ready environment to ensure the confidentiality, integrity, and availability of all Protected Health Information (PHI) and user data.

We implement multiple safeguards to protect your data:

  • Encryption: TLS 1.2+ for data in transit; AES-256 and SSE-S3 for data at rest.
  • Access Controls: Role-based permissions restrict internal access on a need-to-know basis.
  • Security Audits: Regular internal reviews and third-party assessments verify compliance and system integrity.
  • Vendor Compliance: We maintain Business Associate Agreements (BAAs) with all vendors that process, store, or transmit your data.

Our infrastructure and data-handling protocols are designed to maintain full HIPAA compliance across all operations while meeting SOC 2 standards for security, availability, and confidentiality.

Despite these protections, no digital system can guarantee absolute security, and users should take appropriate measures to safeguard their devices and credentials.

5. User Ownership and Control

  • You retain full ownership of all data and Content uploaded or processed through the Service.
  • Voice recordings are stored on the device, while transcriptions are securely stored in a HIPAA-compliant cloud accessible only to authorized organizational users.
  • You may delete Content directly from your device. Deleting a case removes all related data from our cloud storage. You may also request complete deletion by contacting founders@locarda.com.

6. Sharing of Information

We do not sell or share personal information under any circumstances.

Information may only be disclosed in the following limited situations:

  • Legal Obligations: When required by applicable law, regulation, or valid legal process.
  • Essential Service Providers: With HIPAA-compliant vendors that support the operation of our Service. All vendors are bound by Business Associate Agreements (BAAs) and must adhere to strict confidentiality and data protection standards.
  • Institutional Requirements: When explicitly authorized by your affiliated institution or as necessary to comply with organizational data-sharing protocols.

7. Data Retention

  • Account Information: Retained as long as your account is active or as required by law.
  • Content Data: Stored securely within a HIPAA-compliant cloud environment. All case data is encrypted, accessible only to authorized users within your organization, and never shared externally.

Users and organizations are responsible for ensuring compliance with any applicable data-retention laws within their jurisdictions.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access personal data we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your personal data.

Institutional users may designate an administrator to exercise these rights on behalf of their organization.

To exercise any rights, contact us at founders@locarda.com. We respond to verified requests within 7 business days.

9. Data Breach Notification

If a breach involving your personal information occurs, Locarda will notify affected users within 72 hours of receiving notice from our third-party vendors or service providers, as required under applicable law. Notifications will include available details, remediation steps, and recommended user actions.

10. Third-Party Links

The Service may include links to external websites or integrations with third-party systems. Locarda is not responsible for the content or privacy practices of these external services. Users should review the privacy policies of any linked or integrated systems before providing information.

11. Changes to This Policy

Locarda may update this Privacy Policy periodically.

Major updates will be communicated via email.

The most current version will always be available at locarda.com/privacy-policy, with the effective date listed above. Continued use of the Service after updates constitutes acceptance of the revised policy.

12. Contact Us

If you have questions or concerns, contact us:

Email: founders@locarda.com
Phone: +1 (740) 604-3315