Legal

Privacy Policy

Last updated: July 8, 2026

What we collect

When you sign in with Google OAuth, we receive your name and email address from Google. We store this information to identify your account. We also collect session data to keep you authenticated across visits, and we use Vercel Analytics to understand aggregate usage patterns; page views, feature usage, and performance metrics. We do not collect sensitive health information or billing data beyond what is necessary to process your subscription.

How we use it

Your name and email are used to authenticate your account and to communicate with you about it — for example, billing receipts or important service announcements. If you subscribe to a paid plan that includes CPT® content, we also use limited profile information (your name, organization, and city/state) to meet our royalty-reporting and record-keeping obligations to the American Medical Association under our CPT license — see “Disclosure to the American Medical Association (CPT licensing)” below. Usage analytics help us understand which features are most valuable so we can improve the product. We do not sell your personal information to third parties and we do not use it for advertising.

PHI protection

Codelle is designed so protected health information never reaches our servers. Before any clinical text leaves your browser — AI Coder notes, chat messages, Modifier Advisor context, AI search queries, per-code notes, and problem reports — patient identifiers such as names, dates, medical record numbers, phone numbers, and addresses are removed on your device and replaced with placeholders like [PATIENT] and [DATE-1]. Only this de-identified version is sent, processed by AI providers, and stored. As a second layer of protection, our servers reject requests that appear to contain identifier-shaped data.

Third-party services

Codelle uses a small number of trusted third-party services to deliver the product:

  • Google OAuth: handles sign-in. Your Google profile data is only used to create your Codelle account.
  • Stripe: processes subscription payments. Stripe stores your payment method details; Codelle never sees raw card numbers.
  • Resend: delivers transactional email (receipts, account notifications).
  • Vercel AI Gateway → Anthropic Claude: powers AI features (AI Coder, AI Chat, Modifier Advisor, and AI search). These requests contain only de-identified text: patient identifiers are removed in your browser before anything is sent (see “PHI protection” above).
  • OpenAI embeddings (via Vercel AI Gateway): powers semantic code search. Only de-identified queries are embedded, and they are matched against public code descriptions.
  • Vercel: hosts the application and provides aggregate analytics. Vercel processes request logs as part of normal infrastructure operation.
  • Deepgram: transcribes voice input when you use the dictation microphone. Audio streams directly from your browser to Deepgram's medical speech-to-text service; it never touches Codelle's servers and Codelle never stores it. The transcript Deepgram returns is de-identified in your browser before it reaches Codelle, like any other text. Deepgram does not retain or train on the audio under our business agreement.
  • PostHog: powers product analytics, error tracking, and session replay. Codelle uses session replay with all input fields and all on-screen text masked. Pasted clinical notes, dictation text, form fields, and rendered results appear as ●●●●● in recordings. PostHog stores anonymous interaction data (page views, clicks, custom events) tied to your user account; you can request deletion via account deletion or by emailing hello@codelle.com.

Each of these providers has its own privacy policy governing their handling of data.

Disclosure to the American Medical Association (CPT licensing)

Codelle licenses CPT® content from the American Medical Association (AMA). Under that license, if you hold a paid plan that includes CPT content, we are required to report to the AMA the information needed to calculate the royalties we owe for your use of CPT content. That information is limited to: your name, your organization (if you provide one), your city and state, your country, and the fact that your account is a CPT-licensed user. We report a count of CPT users together with these identity fields; we do not send the AMA your email address, your search history, your clinical notes, your billing details, or any other content. When you accept our Terms of Service as a paid CPT user, you consent to this disclosure, which our CPT license requires.

The AMA is contractually obligated to keep this information confidential and to use it only to verify our compliance with the license and to administer royalties. The AMA may, as a third-party beneficiary of our Terms, request additional information to verify what we report; we will not provide, and you are never required to provide, information that would violate applicable federal or state privacy laws.

Cookies

We use session cookies set by Auth.js to keep you signed in. These cookies are strictly necessary for authentication and expire when your session ends or after a fixed period of inactivity. We do not use tracking or advertising cookies.

Data retention

We retain your account data for as long as your account is active. Clinical text you submit — AI Coder notes, drafted claims, scrub sessions, and per-code notes — is de-identified in your browser before storage: identifiers are replaced with placeholders on your device before the text ever reaches us, so it is stored only in its de-identified form.

When you delete your account from your dashboard, we soft-delete it immediately and permanently delete your personal information seven days later. During those seven days you can sign in and cancel the deletion to restore the account fully. After day seven, your personal content — bookmarks, drafted claims, scrub sessions, per-code notes, and AI history — is removed and cannot be recovered. AI request inputs and trace IDs are part of that saved history: they are kept while your account is active so we can debug support requests, contain only de-identified text, and are removed with the rest of your data when your account is deleted.

If you ever held a paid plan that included CPT® content, we are required by our CPT license with the American Medical Association to keep a minimal record for at least three years so we can respond to an AMA royalty audit. That record contains only your name, email, organization, city/state/country, the plans you held, and the dates you held them — it does not contain your clinical notes, search history, bookmarks, or any content you created. We keep this record even after your account is deleted, and it is used only for AMA royalty compliance. Users who never held a paid CPT plan have no such record kept. Separately, some financial records (for example, Stripe payment records) may be retained where required by law.

Your rights

You have the right to access, correct, or delete the personal information we hold about you. Account deletion is self-serve from your dashboard (Danger zone → Delete account); for access or correction requests, contact us at the email below. We will respond within 30 days.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “last updated” date at the top of this page. Continued use of Codelle after any changes constitutes your acceptance of the updated policy.

Contact

Questions about this policy? Email us at privacy@codelle.com.