Last Updated: April 16, 2025
This HIPAA Notice for Privacy Practices (“HIPAA Notice”) describes how Krisp Technologies, Inc. (“Krisp”) protects the privacy and security of Your Content (as defined below) that may contain electronic Protected Health Information (ePHI) submitted through its services, in accordance with the Health Insurance Portability and Accountability Act (“HIPAA”). Please read this HIPAA Notice carefully to understand how we safeguard Your Content and your rights with respect to any such content that may contain ePHI. All terms not defined herein shall have the same meaning as set forth in HIPAA.
1. Scope of this HIPAA Notice
Krisp does not knowingly collect, access, retain, process, or disclose any ePHI. However, users may submit audio recordings, transcripts, or other content through Krisp’s services (“Your Content”) that could contain ePHI at your sole discretion.
Krisp does not inspect, monitor, or analyze Your Content to determine whether it contains ePHI and does not use Your Content for any secondary purpose beyond providing the core functionality of the service. Accordingly, Krisp’s role is limited to that of a service provider delivering functionality determined and controlled by you.
2. Your Rights and Limitations.
2.1 Your Rights. When it comes to Your Content that may contain ePHI, you have the right to:
– Access or get a copy of Your Content.
– Modify or delete Your Content.
– Request confidential communications.
– Ask us to limit how we use or share Your Content, subject to the limits of the service functionality.
– Request a list of parties Your Content has been shared with, if applicable.
– Get a copy of this HIPAA Notice.
– File a complaint if you believe your privacy rights under this HIPAA Notice have been violated.
2.2. Corporate Account Limitations. If your Krisp account is provisioned under a corporate subscription, access to Your Content may be subject to your organization’s internal policies. In the event your account is deactivated (e.g., due to employment termination or subscription cancellation), Krisp may no longer be able to provide access to Your Content, including recordings or transcripts tied to a corporate email address. We recommend you consult your organization’s administrator for information about content access and retention policies.
3. Your Choices.
You may direct us in how we share your information for marketing purposes or sale of information — only with your explicit written consent.
We do not share Your Content with third parties except as required to deliver our services or with your explicit consent.
4. Our Uses and Disclosures.
Krisp does not knowingly use or disclose any ePHI. However, to the extent that user content submitted through our services may contain ePHI We may use and disclose such content solely to:
– Provide and manage our services.
– Improve and maintain our services.
– Comply with legal obligations.
– Conduct research in a secure and privacy-preserving manner.
– Respond to legal and government requests (e.g., subpoenas, law enforcement, regulatory compliance).
We do not use or disclose Your Content–including content that may contain PHI for purposes not described in this HIPAA Notice without your explicit consent.
Krisp does not create or manage psychotherapy notes or other specific forms of ePHI. However, if our corporate customers (e.g. licensed providers) upload such content to our services, and a Business Associate Agreement (BAA) is in place, we act in accordance with the terms of that BAA. In such cases, we rely on our customers to obtain the necessary authorizations from end users
5. Our Responsibilities
– We are required by law to maintain the privacy and security of Your Content that may contain ePHI.
– We will notify you promptly if a breach occurs that may have compromised your ePHI.
– We must follow the duties and privacy practices described in this HIPAA Notice.
– We will not use or share your ePHI other than as described here unless you authorize us in writing.
6. How Krisp Protects Your ePHI
While we do not inspect content for ePHI, we apply the same high standards of security and access control to all user content. Please refer to our Security for AI Meeting Assistant webpage to learn more.
7. How to Contact Us or File a Complaint
If you have questions about this HIPAA Notice or believe your privacy rights have been violated, contact our Privacy Officer at [email protected].
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.
8. Changes to This HIPAA Notice
We reserve the right to update this HIPAA Notice at any time. When we do, the revised HIPAA Notice will be posted here, and the updated date will be indicated above.