Privacy Policy

1. Introduction

Welcome to Journalia (hereinafter "Journalia", "we" or "us"). Journalia is an automatic transcription service developed for healthcare professionals, which converts speech to text and extracts clinically relevant information. We are committed to protecting your privacy and processing personal data in a secure and legal manner. This privacy policy explains how we collect, use and protect your personal data when you use our services.

2. Data Controller

Journalia AS is the data controller for personal data processed through our services, in accordance with the General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act.

Please note that Journalia is not the data controller for medical record data processed in connection with the medical professional's use of our services. This responsibility lies with the individual doctor or professional.

3. What personal data we collect

We collect the following types of personal data:

• Customer information: Name, email address, phone number.
• Audio data: Audio recordings from patient consultations, which are transcribed in real-time.
• Technical information: IP address, device type, browser, operating system.
• Communication data: Email correspondence, support requests.

4. Purpose of processing

We process personal data for the following purposes:

• Provide and improve our services: To deliver and improve Journalia.
• Customer service: To respond to inquiries and provide support.
• Security: To detect and prevent security threats.
• Legal obligations: To comply with applicable laws and regulations.

5. Legal basis for processing

The processing of personal data is based on the following grounds:

• Contract: Processing is necessary to fulfill a contract with you, cf. GDPR Article 6 (1) (b).
• Legitimate interest: To improve our services and ensure security, cf. GDPR Article 6 (1) (f).
• Consent: For specific purposes where we ask for your consent, cf. GDPR Article 6 (1) (a) and Article 9 (2) (a).
• Legal obligation: To comply with legal requirements, cf. GDPR Article 6 (1) (c).

6. Sharing of personal data

6.1 Third parties

We do not share your personal data with third parties, unless:

• To fulfill a contract: When necessary to deliver our services.
• With your consent: When you have given us permission.
• Legal requirements: When we are required to share information according to law.

6.2 Subprocessors

We use the following subprocessors to deliver our services:

• Signicat: For secure authentication with BankID and Buypass.
• Microsoft Azure: Platform for automatic speech recognition.
• Amazon AWS: Cloud platform.
• Google Workspace: For email services
• Clerk: User database.
• Speechmatics: Service for transcribing audio data
• CipherStash: Service for secure end-to-end encryption
• Intercom: For customer service and communication with users.

The following subprocessors are used only on the website journalia.no, and not as part of the Journalia service itself:

• Meta (Facebook Pixel): Used for analysis and measurement of advertisements.
• Google Analytics: Used for insights into user behavior and website traffic.
• Google Tag Manager: Management tool for tracking tags and analytics tools.
• Webflow: Platform for website development and operation.

All subprocessors are required to comply with our requirements for privacy and security.

7. Storage of personal data

We store personal data as long as necessary for the purposes they were collected for, or to comply with legal obligations. Specifically for audio recordings and transcribed data, the following applies:

• Audio recordings and transcribed data are automatically deleted within 48 hours after processing.
• Users can choose to delete the data manually before the 48-hour period expires, if desired.
• Data cannot be recovered after deletion, and the user is recommended to save necessary content immediately.

8. Your rights

You have the right to:

• Access: To get access to your personal data.
• Rectification: To request correction of incorrect information.
• Deletion: To request deletion of your data.
• Restriction: To request restriction of processing.
• Data portability: To receive your data in a structured format.
• Objection: To object to processing when it is based on GDPR Article 6 (1)(f).
• Withdraw consent: You can withdraw consent to processing of personal data that you have given to us.

To exercise your rights, contact us at hei@journalia.no.

9. Information security

We have implemented necessary security measures to ensure that your personal data is processed in a secure manner that ensures the confidentiality, integrity and availability of the information. The security measures shall also protect the information against unauthorized or illegal processing, as well as mitigate the risk of loss, accidental alteration, unauthorized distribution or disclosure.

10. Changes to the privacy policy

We may update this privacy policy at any time to reflect changes in our privacy practices. We encourage you to regularly review the policy to stay updated on how we collect, use and protect your information.

Significant changes will be communicated via our services or directly to you.