Nixi AI is a secure software tool that acts as a smart assistant for your doctor. It transcribes the conversation during your consultation and uses this text to create a structured, draft medical note. This allows your doctor to focus more on you and less on taking notes, while ensuring the documentation of your visit is thorough and accurate.

We believe in radical transparency. Here is exactly what happens to the data from your consultation when Nixi AI is used:

1. Audio Capture: During your consultation, an encrypted audio stream of the conversation is captured.
2. Transcription: The audio stream is immediately sent to our secure servers and converted into a written text transcript.
3. Immediate Audio Deletion: This is a critical privacy feature. The audio recording is permanently deleted within minutes of the transcription being successfully created. We do not store the audio of your conversation.  

1. Note Generation: Our AI model processes the text transcript to generate a draft medical note for your doctor.
2. Doctor's Control: The draft note appears in your doctor's Nixi AI application. Your doctor is in full control: they review, edit, and must approve the final text before copying it into your official patient file at the clinic.
3. Final Deletion: The text transcript and the generated note are available to your doctor for a maximum of 30 days to allow them to finalize their work. After this period, they are also permanently deleted from our systems. Your doctor can also delete this data at any time.  

Your consent is required to satisfy two different but equally important German laws:

• Data Protection Law (GDPR): This law governs how organizations can process personal data. Your consent allows your clinic and Nixi AI to legally process your health information to create the medical note.  

• Professional Secrecy Law (§ 203 German Criminal Code): Doctors in Germany are bound by a strict duty of confidentiality. Your separate waiver of this secrecy is a legal requirement that permits your doctor to use an external service like Nixi AI without committing a criminal offense.  

Your consent is completely voluntary. If you choose not to consent, the Nixi AI service will not be used. This will have no negative impact on the quality of your medical care. Your doctor will simply document the consultation manually as they have done in the past.

This is a key concept in data protection law:

• Your doctor's practice or clinic is the Data Controller. They are primarily responsible for your data, as they decide the purpose of its use (creating a medical record).  

• Nixi AI is the Data Processor. We process the data only on the direct instructions of your doctor and for the sole purpose of providing this documentation service.

All patient data is processed and stored exclusively on secure servers located within . No data is transferred outside of .  

How is my data secured? We take security extremely seriously. We implement state-of-the-art technical and organizational measures to protect your data, including:

• End-to-End Encryption: All data is encrypted while it is being transferred (in transit) and while it is stored on our servers (at rest) using strong algorithms like AES-256.  

• Strict Access Controls: Access to patient data is strictly limited to authorized systems. Nixi AI employees do not have standing access to your consultation data.
• Regular Security Testing: Our systems undergo regular security assessments and penetration tests to identify and fix potential vulnerabilities.  

The primary service of creating your medical note does not involve using your data for any other purpose. The optional, third part of the consent form asks for your separate permission to use an anonymized version of the text transcript to help train and improve our AI.

• Anonymization is a process where all personally identifying information (like your name, address, etc.) is removed or replaced to ensure the data cannot be linked back to you.  

• This consent is 100% optional and your decision has no effect on your treatment.

As your doctor's practice is the Data Controller, you should direct any requests to exercise your data protection rights to them. Nixi AI provides the necessary tools to assist your doctor's practice in fulfilling your request promptly.

As a data subject, you have the following rights regarding your personal data:

• Right to be Informed: The right to receive clear and transparent information about how your data is processed.
• Right of Access: The right to request a copy of the personal data held about you.
• Right to Rectification: The right to have inaccurate personal data corrected.
• Right to Erasure (Right to be Forgotten): The right to have your personal data deleted in certain circumstances.
• Right to Restrict Processing: The right to limit the processing of your personal data.
• Right to Data Portability: The right to receive your data in a structured, machine-readable format.
• Right to Object: The right to object to the processing of your data.

To exercise any of these rights, please contact your healthcare provider.

If you have any further questions about how Nixi AI protects your data, you can contact our Data Protection Officer:
Privacy@Nixiai.ai