Privacy Policy

Last Updated · May 23, 2026

Westside Labs LLC, doing business as PT Studio ("PT Studio," "we," "us," or "our"), has created this Privacy Policy because we know that you care about how information you provide to us is used and shared. This Privacy Policy describes how we collect, use, and share information when you use our website at https://ptstudio.ai (the "Website") and our software-as-a-service platform (the "Platform"), which together we refer to as the "Services."

By using the Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Services.

Summary of Key Points

Who we are: PT Studio is an AI-powered clinical documentation platform for physical therapists. We are a HIPAA-compliant Business Associate to the clinicians and clinics that use our Services.
What we collect: Account information (name, email), session content you record through the Platform (audio recordings, generated notes), and basic usage data.
How we use it: To provide the Services, generate clinical documentation, improve the Platform, and communicate with you.
Who we share with: Limited third-party service providers under confidentiality and, where applicable, Business Associate Agreements. We do not sell your information. We do not use Protected Health Information for advertising.
AI training: We do not train our AI models on your Protected Health Information or your patient data.
Your rights: You can access, correct, delete, or export your information at any time by contacting us.
Contact: luka@westsidelabs.ai

1. Who This Privacy Policy Applies To

This Privacy Policy applies to:

Visitors — people who view publicly available content on our Website.
Customers — clinicians, clinics, or organizations that sign up to use the Platform.
Authorized Users — employees or contractors of a Customer who are permitted to access and use the Platform.

Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service.

2. Information We Collect

2.1 Information You Provide

When you sign up for or use the Services, we may collect:

Account information: name, email address, password, professional role, and contact preferences.
Patient session content: audio recordings of clinical sessions, transcripts, clinical notes, patient identifiers, goals, and progress measures that you submit through the Platform. This may include Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").
Communications: information you provide when you contact us by email or through support channels.

2.2 Information Collected Automatically

When you use the Services, we may automatically collect:

Usage data: pages visited, features used, time spent in the Platform, and similar diagnostic data.
Device data: IP address, browser type, operating system, and device identifiers.
Log data: access times, error reports, and other technical information our servers record.

2.3 Information from Connected Services

If you choose to connect a third-party service (such as Google Calendar) to your PT Studio account, we receive information from that service as described in Section 6 below.

2.4 What We Do Not Collect

We do not collect payment card information directly. If we offer paid subscriptions in the future, payment processing will be handled by a third-party payment processor (e.g., Stripe) subject to its own privacy policy. We do not access social media accounts. We do not collect biometric identifiers beyond voice recordings necessary to provide the Services.

3. How We Use Information

We use the information we collect to:

Provide, operate, and maintain the Services, including generating clinical documentation from session recordings.
Authenticate users and manage accounts.
Respond to your inquiries and provide customer support.
Send service-related communications (e.g., security notices, product updates).
Improve the Services, including diagnosing technical issues and analyzing usage trends.
Comply with legal obligations and enforce our Terms of Service.

We do not use PHI or patient data to train our AI or machine learning models. Patient session content is processed solely to generate clinical documentation for the Authorized User who recorded the session.

We do not use your information for targeted advertising, and we do not sell your information.

4. How We Share Information

We share information only in the following limited circumstances:

Service providers: We engage third-party providers for cloud hosting, AI processing, transcription, and similar functions necessary to deliver the Services. These providers are bound by confidentiality obligations and, where they may access PHI, by Business Associate Agreements that comply with HIPAA.
Legal compliance: We may disclose information when required by law, subpoena, or other legal process, or to protect the rights, safety, or property of PT Studio, our users, or others.
Business transfers: If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
With your consent: We may share information for any other purpose with your explicit consent.

We do not sell your information to third parties.

5. HIPAA and Protected Health Information

PT Studio acts as a Business Associate to the Customers who use our Services to document patient encounters. Our handling of PHI is governed by the Business Associate Agreement ("BAA") executed between PT Studio and each Customer.

In the event of any conflict between this Privacy Policy and an executed BAA, the BAA governs with respect to PHI.

6. Google User Data

When you connect your Google Calendar to PT Studio, we access certain Google user data through the Google Calendar API. This section describes how we handle that data, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

What we access

We request the https://www.googleapis.com/auth/calendar.events.readonly scope. This allows us to read calendar events from the Google Calendar account you connect. We access event metadata such as event title, start and end times, attendees, and event identifiers.

Why we access it

We use Google Calendar data solely to help you associate captured session recordings with the correct scheduled patient appointment. When you click the sync button in PT Studio, we fetch your calendar events and display them so you can link them to recorded sessions, or pre-set future appointments. This is so you can quickly sync your calendar with PT Studio and not have to carry over appointments manually.

How we handle it

We only read calendar events. We do not create, modify, or delete events.
We store only the minimum metadata necessary to maintain the link between a recorded session and a calendar event.
We do not sell or transfer Google user data to third parties.
We do not use Google user data for advertising.
We do not use Google user data to train AI or machine learning models.
We do not use Google user data for any purpose other than the session-matching functionality described above.
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How to revoke access

You can disconnect Google Calendar from your PT Studio account at any time within the Platform settings. You can also revoke PT Studio's access directly through your Google Account at https://myaccount.google.com/permissions.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Services. You may request deletion of your account and associated data at any time by contacting us at luka@westsidelabs.ai. We may retain certain information after deletion as required by law or for legitimate business purposes (e.g., backup retention, dispute resolution).

Patient session content (including audio recordings) is retained in accordance with the retention settings you select in the Platform and the terms of the applicable BAA.

8. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information, including:

Encryption of data in transit and at rest.
Access controls and authentication requirements for our personnel.
Regular security reviews of our infrastructure and processes.
HIPAA-compliant handling of PHI under signed Business Associate Agreements.

No system is 100% secure. While we work to protect your information, we cannot guarantee absolute security.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal information we hold about you.
Correct inaccurate information.
Request deletion of your information.
Obtain a copy of your information in a portable format.
Withdraw consent where processing is based on consent.
Opt out of certain types of processing.

To exercise any of these rights, email us at luka@westsidelabs.ai. We will respond within the timeframes required by applicable law.

California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), including:

The right to know what personal information we collect, use, disclose, and (if applicable) sell or share.
The right to request deletion of your personal information.
The right to correct inaccurate personal information.
The right to opt out of the sale or sharing of personal information. We do not sell or share personal information.
The right to limit the use of sensitive personal information.
The right to non-discrimination for exercising your privacy rights.

To exercise these rights, email luka@westsidelabs.ai.

Other US State Residents

If you are a resident of Colorado, Connecticut, Utah, Virginia, or another US state with applicable privacy laws, you may have similar rights to access, correct, delete, or obtain a copy of your personal information, and to opt out of certain processing. To exercise these rights, email luka@westsidelabs.ai.

10. Children

The Services are not intended for use by individuals under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us and we will take appropriate steps to delete it.

Patient data submitted through the Services may include information about pediatric patients. Customers are responsible for obtaining all necessary consents from patients, parents, or legal guardians before submitting such information to the Platform.

11. International Users

The Services are hosted in the United States. If you access the Services from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

12. Do Not Track

We do not currently respond to "Do Not Track" browser signals, as no uniform standard for these signals has been adopted.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. Material changes will be communicated through the Services or by email. Your continued use of the Services after changes take effect constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your information, please contact us at:

Westside Labs LLC (d/b/a PT Studio)
Email: luka@westsidelabs.ai