Privacy Policy

Who we are

Sunbeam Health Inc. provides software that helps clinics run structured intake and, where enabled, in-session documentation. For privacy questions, contact david@sunbeam.health.

What data we collect

We process two broad categories:

• Intake data. Information submitted through the intake questionnaire — for example name, date of birth, contact details, and self-reported symptoms and medical history relevant to the assessment your clinician has asked you to complete.
• Session data. Where your clinic has turned on the Clinical Scribe feature, we process audio from the clinical interview and the transcript produced from that audio, so it can be merged into documentation as your clinic has configured.

Why we collect it

We use this data to generate a pre-session clinical briefing for your clinician from intake responses, and — where Scribe is used — to help produce post-session documentation your clinic can review. Sunbeam does not make diagnostic decisions. Your clinician remains responsible for assessment and diagnosis.

Who we share it with

We use Microsoft Corporation as an infrastructure and services provider: Azure (including hosting and speech services) and Azure OpenAI Service for certain language-processing tasks. Contractual terms are set out in Microsoft's Data Processing Addendum; see aka.ms/DPA. As Microsoft describes for Azure OpenAI, customer data submitted to the service is not used to train Microsoft's models for your use of the service in this way.

International transfers

Data is processed on Microsoft Azure infrastructure in the United States. Where UK GDPR applies, transfers are covered by the Standard Contractual Clauses and the UK Addendum to Microsoft's Data Processing Addendum, as relevant to your agreement with Microsoft.

How long we keep it

Patient data is not stored by Sunbeam beyond what is needed for the active session window to generate the outputs your clinic uses. Completed reports and records shown in the clinic's dashboard are retained there as part of the clinic's account; the clinic is responsible for managing those records in line with its own legal and professional obligations.

Your rights

Under UK GDPR, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. Because your clinic decides why and how your health information is processed in care, you should contact your clinic first — they are typically the data controller for your medical record. For anything specific to Sunbeam as a supplier, email david@sunbeam.health.

Cookies

We use essential cookies and similar technologies needed to run the site and keep you signed in when you use an account (for example, session cookies managed through our authentication provider). We do not use advertising cookies. We do not use third-party analytics cookies on this marketing site.

Contact

Privacy enquiries: david@sunbeam.health. We aim to respond within 30 days.

Updates

We may update this policy from time to time. The "Last updated" date at the top will change when we do. Please check back occasionally.