Pepperchat
Privacy Policy

PepperChat Privacy Policy

Issue Date: 2025-12-09 Document Version: v1.1.0

Version Log

v1.1.0 (2025-12-09): Updated Issue Date, Document Version, and formatting; no material changes to how data is collected, used, or shared. v1.0.0 (2025-01-29): Initial publication covering information collection, use, disclosure, security, and user rights.

Purpose

At PepperChat, LLC ("PepperChat," "we," "our," or "us"), we are strongly committed to respecting and protecting your privacy. This Privacy Policy ("Policy") is designed to help you understand how we collect, use, and share the information that we collect through the PepperChat website (the "Website"). This Privacy Policy does not apply to patient information ("Patient Information") uploaded by our customers to our platform or services. Patient Information is governed by agreements between PepperChat and our customers, and applicable laws.

Some of the concepts below are a little technical and can be confusing, but we have tried our best to explain things simply and transparently. If you have any questions about our Policy, please let us know.

Please read this Policy carefully to understand our policies and practices for collecting, using, maintaining, protecting, and disclosing your information. If you do not agree with our policies and practices, your choice is to not use our Services. By accessing and using our Services, you agree to this Policy. This Policy may change from time to time. Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

Information We Collect

We may collect Personal Information anytime you interact with our Website. The types of information we collect depend on how you use the Website.

Categories of Information We Collect

Depending on how you interact with PepperChat, we may collect the following categories of Personal Information:

  • Identifiers and contact information: such as your name, email address, telephone number, and similar identifiers used to respond to inquiries, create accounts, and provide our Services.

  • Professional and account information: such as your practice name, practice address, clinical role, and subscription or account configuration details.

  • Commercial information: including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies related to PepperChat.

  • Technical and usage data: including IP address, device identifiers, browser type and version, operating system, referring URLs, pages viewed, links clicked, time spent on pages, and other information about how you interact with our Website and Services, collected through cookies and similar technologies as described in How We Use Cookies.

  • General wellness and usage-related information: such as information about how our Customers use PepperChat's clinical documentation tools (for example, note-completion times, feature usage patterns, and documentation workflows), which we generally collect in an aggregated or de-identified form to improve the Services.

  • Physical and/or mental health–related information (PHI) about clients: When healthcare providers (our Customers) use PepperChat in connection with client care, they may upload or generate information about their clients' physical or mental health, including clinical notes, diagnoses, treatment plans, symptoms, risk indicators, progress measures, and medication-related information. This information is typically Protected Health Information ("PHI") and is governed by HIPAA and our Business Associate Agreements (BAAs) with those Customers, as described in HIPAA & Protected Health Information (PHI) below.

PepperChat does not require Date of Birth or age information from clinicians using the Services. Where age or date of birth is processed, it relates to clients/patients as part of PHI provided by our Customers.

Information You Provide To Us

The information we collect on or through our Website may include:

  • Your name, e-mail address, telephone number, and similar information related to the Website or services we provide.

  • Information that you provide by filling in forms through our services. This includes information provided at the time you contact us.

  • Records and copies of your correspondence if you contact us.

  • Details of transactions you carry out through our Website. You may be required to provide financial information before we can provide services.

  • Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Technical Information Which Is Collected Automatically

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Internet or other electronic network activity from the device you are using to access our Website. This includes information about the content you view, the time you spend viewing the content, clickstream data, and the features you access on the Website that we collect using cookies, pixels, and other similar technologies.

  • Information about your device and internet connection such as an Internet Protocol (IP) address, device identifiers (including the manufacturer and model), and Media Access Control (MAC) address.

  • Standard server log data, such as your application version number, computer type (Windows or Macintosh), screen resolution, operating system, browser type and version, error information, and the date and time of your visit.

This information will help us to improve our Website and to deliver a better and more personalized service to you. For more information about these technologies, see the section in this Policy, "How We Use Cookies".

We may also aggregate or de-identify the information described above. Aggregated or de-identified data is not considered Personal Information and is not subject to this Policy.

How We Use Your Information

We collect and use your information so that we can operate effectively and provide you with the best experience when you use our Website. We also use the information we collect to:

  • Present our Website and its contents to you.

  • Provide services to you.

  • Notify you about changes to our Website or services.

  • Enhance your customer experience and improve our services.

  • Protect against, identify, and prevent fraud and other unlawful activity, claims, and other liabilities.

  • Create, maintain, customize, and secure your account with us.

  • Provide you with customer support and respond to your inquiries and support requests, including investigating and addressing your concerns and monitoring and improving our responses.

  • Provide you with marketing and promotional content.

  • Comply with legal proceedings and requirements and perform other activities as required or permitted by law.

  • Enforce any contracts between you and us, including for billing and collection.

  • Fulfill any other purpose for which you provide the information.

  • Any other purpose for which you give your consent.

How and When We Disclose Your Information

We do not share, sell, or otherwise disclose your Personal Information for purposes other than those outlined in this Policy. We may share the information we collect with:

  • Our affiliates that help us provide services to you.

  • Contractors, service providers and other third-parties we use to support our Website and services.

  • A buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of PepperChat's assets, in which Personal Information held by us about our users is among the assets transferred.

  • Law enforcement agencies or government agencies, to comply with a law, regulation, or legal request; to enforce agreements, including for billing and collection purposes; or to detect, prevent, or otherwise address fraud, credit risk reduction, security or technical issues.

We may also disclose your information:

  • To fulfill the purpose for which you provide the information.

  • For any other purpose disclosed by us when you provide the information.

  • To enforce or apply our Terms of Use.

  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of PepperChat, our customers, or others.

  • With your consent.

Third-Party Websites

Our Website may contain links to other websites operated by third-parties. This Policy does not apply to other websites that may be accessible through our Website. Third-party websites that are accessed through our Website have separate privacy policies, data collection practices and security measures that govern their services. We do not control the practices, policies or security measures implemented by third-parties on their own websites.

How We Secure Your Information

We take the matter of security of your Personal Information very seriously. We implement appropriate technical and organizational safeguards designed to protect your Personal Information from accidental loss and unauthorized access, alteration, or disclosure.

The safety and security of your Personal Information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Although we take steps to safeguard Personal Information, no practices are 100% secure, and we do not guarantee the security of your information. Any transmission of your Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained in the Services or in your operating system.

Data Management Standards

PepperChat's privacy and security program is designed to meet the requirements of HIPAA when we act as a Business Associate handling PHI on behalf of our healthcare Customers.

In addition, we apply commonly adopted principles from widely recognised information security and data protection frameworks—such as access control, risk assessment, incident response, vendor due diligence, and data minimisation—when designing and operating our controls. These principles are similar to those found in frameworks such as ISO 27001 and the NIST Cybersecurity Framework, and we are continuing to evaluate additional third-party attestations or certifications (for example, SOC 2) as PepperChat grows.

Where we obtain formal certifications or attestations, we will make this information available to Customers upon request.

Where and How we Process your Information

We process and store Personal Information primarily in the United States. PepperChat's production systems are hosted on secure cloud infrastructure operated by Amazon Web Services (AWS) in the us-east-1 region.

Personal Information (including PHI, where applicable) is stored using recognised secure data storage practices, which include:

  • Encryption in transit, for example using TLS 1.2 or higher;

  • Encryption at rest for databases and storage volumes; and

  • Role-based access controls, audit logging, and other safeguards designed to protect against unauthorised access, use, or disclosure.

We retain Personal Information only for as long as reasonably necessary to provide the Services, comply with legal and contractual obligations, resolve disputes, and enforce our agreements. After this period, information is securely deleted or de-identified in accordance with our data retention and destruction policies.

How We Use Cookies

We use various technologies to collect and store information when you use our Website, which may include using cookies or similar technologies to identify your browser or device. These technologies allow us to understand website and Internet usage and to improve or customize the content, offerings, or advertisements on our Website. For example, we may use cookies to personalize your experience on our Website (e.g., to recognize you by name when you return), or save your password in password-protected areas. We also use these technologies to collect and store information when you interact with services from affiliated third-parties, such as advertising services.

The technologies we use for automatic information collection may include:

Cookies. A cookie is a small file placed on the hard drive of your computer or mobile device. We use cookies to store information, such as your login credentials and website preferences, so that we can remember certain choices you've made. Cookies can also be used to recognize your device so that you do not have to provide the same information more than once.

Web beacons. Pages of our website or our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Third-Party Cookies. Some content or functions on the Website are served by third-parties, including advertisers, advertisement networks and servers, content providers, application providers, and social media sites. With your consent, these third-parties may use cookies (alone or in conjunction with web beacons and other tracking technologies) to collect information about you when you access the Website. The information they collect may be associated with your Personal Information or they may collect information, including your Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based advertising and other targeted content. We do not control these third-parties' tracking technologies or how they may be used. If you have any questions about advertisements or other targeted content, you should contact the responsible provider directly.

Other technologies. There are other local storage and Internet technologies, such as local shared objects (also referred to as "Flash cookies") and HTML5 local storage, which operate similarly to the technologies discussed above.

You may be able to refuse or disable cookies by adjusting your web browser settings. Some browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. Because each web browser is different, please consult the instructions provided by your web browser (typically in the "help" section). Please note that you may need to take additional steps to refuse or disable local shared objects and similar technologies. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you. Deleting cookies may, in some cases, cancel the opt-out selection in your browser. You can also learn more about cookies at: allaboutcookies.org.

Do Not Track Signals and Similar Mechanisms: Our website is not configured to read or respond to "do not track" settings or signals in your browser headings.

Your Rights and Choices

We believe you should be in control of your Personal Information. If you do not wish to have your Personal Information used by us to contact you for marketing or promotional purposes, you can opt-out by clicking on the "Unsubscribe" or similar link in the most recent communication you received from us and by following the prompts that appear. Marketing and promotional emails are optional and are not required to use the core PepperChat Services. This opt-out does not apply to information provided as a result of a product purchase, product service experience, or other related transaction.

Right to Rectification (Correction)

You have the right to request that we correct inaccurate or incomplete Personal Information that we maintain about you. Where appropriate, you may also be able to update certain account details directly within the Services.

To request a correction, please contact us at legal@pepperchat.ai and describe the information you believe is inaccurate or incomplete. We may ask for additional information to verify your identity and to understand the context of the requested change.

Processing You Cannot Opt Out Of (Essential Processing)

Certain processing activities are strictly necessary for PepperChat to provide the Services safely, securely, and in compliance with applicable laws. Because these activities are fundamental to operating an account and delivering core functionality, you cannot opt out of them while continuing to use the Services.

We must process certain Personal Information in order to:

  • Create, manage, and maintain your account, subscription, and service preferences;

  • Authenticate your identity and secure access to your account;

  • Detect, investigate, and help prevent security incidents, fraud, misuse, or unauthorized access;

  • Meet legal, regulatory, and auditing requirements applicable to clinical documentation and healthcare-related systems; and

  • Communicate important service information, such as security notices, policy updates, and essential account or subscription messages.

If you request deletion or cessation of processing for Personal Information needed for these essential purposes, we may be unable to provide some or all of the Services to you.

Repercussions of Refusing or Limiting Certain Processing

Some types of data are optional, but others are necessary for PepperChat to function. If you request deletion or restrict processing, the impact depends on the type of data involved:

  • Essential account, security, and billing data:

We must process this information to create, maintain, and secure your account and subscription. If you restrict or delete this data, we may be unable to provide some or all of the Services.

  • Clinical data:

PepperChat uses clinical documentation and intake responses to generate recommendations, summaries, insights, and other AI-powered features. Deleting or limiting this data will not prevent you from using the Service, but it may reduce functionality or result in incomplete or unavailable features.

  • Optional data such as marketing preferences or non-essential cookies:

Limiting this data will not affect core Services, but may disable certain website preferences or prevent you from receiving product updates and educational content.

Your California Privacy Rights

If you are a California resident, you may request information regarding the disclosure of your personal information to third parties for their direct marketing purposes. To make such a request, please send an email to legal@pepperchat.ai.

Children's Information

Our Services are not intended for children under 16 years of age. No one under age 16 may provide any information to or through the Website. We do not knowingly collect Personal Information from children under 16. If you are under 16, do not use our Website and do not provide any information to us. If we learn we have collected Personal Information from a child under 16, we will delete that information. If you believe we might have collected any information from or about a child under the age of 16, please contact us at legal@pepperchat.ai.

Changes to Our Privacy Policy

It is our policy to post any changes we make to this Privacy Policy on this page and to update the "Last updated" date at the top.

If we make material changes to how we collect, use, or share Personal Information, we will provide additional notice, such as by:

  • Sending an email to the primary email address associated with your account; and/or

  • Displaying a prominent notice within the Website or Services.

If we intend to use your Personal Information for new purposes that are materially different from those described in this Policy, we will update this Policy and, where required by law, seek your consent again before those changes take effect.

Your continued use of the Services after we post changes to this Privacy Policy will signify your acceptance of those changes, unless applicable law requires your express consent, in which case we will not implement the new processing until you have provided such consent.

Contact Us

If you believe your Personal Information has been used in a way that is inconsistent with this Policy or your specified preferences, or if you have further questions related to our privacy practices, please contact us at legal@pepperchat.ai.

Document Control

Owner: Legal & Compliance

Review Cadence: At least annually, and after material changes to privacy practices or applicable laws

Next Scheduled Review: 2026-01-31

Copyright Ⓒ PepperChat LLC.

All rights reserved