Back to derojas.ai

SightFlow Privacy Policy

Last updated: May 2026

SightFlow is a Chrome extension that adds AI-assisted dictation and documentation to the Nextech EMR. This policy describes what data the extension processes, where it goes, and how it's handled.

Data We Process

When you use SightFlow, the following are processed during a session:

  • Voice audio — captured during dictation, compressed to Opus/WebM, sent to our backend for transcription.
  • Chart context — the structured contents of the patient chart open in your active Nextech tab are read so the AI can produce a coherent, non-duplicate note. This may include Protected Health Information (PHI).
  • Local configuration — your SightFlow API key, organization ID, backend URL, and UI preferences. Stored only in chrome.storage.local (or read from chrome.storage.managed if your IT administrator provisions them). Not PHI.
  • Nextech user identifier — extracted from the Nextech footer for per-user usage attribution within your practice.

We do not collect contact information, browsing history outside Nextech, location data, or data from any site other than app1.intellechart.net.

How Data Is Used

Voice and chart context are sent to SightFlow's backend Cloud Function, which forwards them to Google Cloud Vertex AI for transcription and structured output. Results are returned to your sidebar for review. Nothing is written to your Nextech chart until you click “Execute.”

Storage and Retention

  • On your device: Only configuration values. No PHI, audio, or chart contents are ever written to chrome.storage.
  • Vertex AI: Prompt and response data are not retained by Google beyond request processing and are not used for model training, per Vertex AI's data-handling commitments.
  • SightFlow backend: Audio and chart context are not persisted after the response is returned. Operational metadata (timestamps, user ID, request type — no PHI content) is retained for billing and security monitoring.

HIPAA

All AI processing runs on Google Cloud Vertex AI under our standard Google Cloud Business Associate Agreement. PHI is never sent to consumer AI APIs.

Third Parties

  • Google Cloud Platform (Vertex AI + Cloud Functions) — covered by Google's BAA.
  • Nextech (app1.intellechart.net) — your EMR; SightFlow reads and writes only on the chart you've already authenticated to.

Contact