VocaTranslate Privacy Policy
Effective Date: October 8, 2025
Last Updated: October 8, 2025
HIPAA COMPLIANCE NOTICE: VocaTranslate is designed as a HIPAA-compliant communication aid for healthcare professionals. Pacific Digital Ventures LLC has established Business Associate Agreements (BAAs) with Google Cloud Platform and Microsoft Azure to ensure Protected Health Information (PHI) is handled in accordance with HIPAA requirements. The app implements robust security features including encryption, audit logs, automatic session timeouts, and secure data handling practices. Healthcare organizations should review this policy and consult with their compliance officers to ensure the app meets their specific organizational requirements.
1. Introduction
Pacific Digital Ventures LLC ("we," "our," or "us") operates VocaTranslate, a medical translation application for iOS devices. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our app.
Important: VocaTranslate is designed with a privacy-first architecture. Medical conversations and translation content are not stored by us and remain on your device only during active use.
2. Information We Collect
2.1 Information You Provide
- Account Information: Username, full name, and role (e.g., "Provider") for authentication purposes. This information is stored locally on your device only.
- Audio Input: When you speak into the app for translation, your voice is processed in real-time by speech recognition services. Audio is not recorded or stored by VocaTranslate.
- Translation Content: Text you translate is temporarily processed during your session but is not permanently stored by VocaTranslate or Pacific Digital Ventures LLC.
2.2 Automatically Collected Information
- Device Information: Device model, iOS version, and device identifier (for session management only)
- Usage Analytics: Anonymous usage statistics via Google Firebase Analytics, including:
- App launches and session duration
- Feature usage (which translation modes you use)
- Error reports and crash data
- General app performance metrics
Note: Analytics data does NOT include translation content, medical information, or patient data.
- Audit Logs: For security and compliance purposes, the app maintains encrypted audit logs on your device, including:
- Login/logout events
- Session timeouts
- Translation events (language pairs used, not content)
- System actions (mode changes, consent events)
Audit logs are stored locally on your device, encrypted with AES-256, and automatically deleted after 1 year.
3. Third-Party Services
VocaTranslate uses the following third-party services to provide translation functionality. When you use these features, data is transmitted to these services:
3.1 Google Translate API
- Data Sent: Text you speak or type for translation
- Purpose: Language translation
- Privacy Policy: https://policies.google.com/privacy
- BAA Status: ✓ Pacific Digital Ventures LLC has a Business Associate Agreement with Google Cloud Platform covering this service.
3.2 Microsoft Azure Speech Services
- Data Sent: Audio input for speech recognition (in certain translation modes)
- Purpose: Voice-to-text conversion with medical terminology support
- Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
- BAA Status: ✓ Pacific Digital Ventures LLC has a Business Associate Agreement with Microsoft Azure covering this service.
3.3 Google Cloud Text-to-Speech
- Data Sent: Translated text for audio playback
- Purpose: Text-to-speech conversion for certain languages
- Privacy Policy: https://policies.google.com/privacy
- User Consent: The app requests explicit consent before using cloud-based TTS for sensitive languages.
- BAA Status: ✓ Pacific Digital Ventures LLC has a Business Associate Agreement with Google Cloud Platform covering this service.
3.4 Google Firebase Analytics
- Data Sent: Anonymous usage statistics and crash reports
- Purpose: App improvement and performance monitoring
- Privacy Policy: https://firebase.google.com/support/privacy
- Note: No medical or patient information is sent to Firebase.
Important: When you use translation features, text and audio data is transmitted to Google and Microsoft servers for processing under established Business Associate Agreements (BAAs). These services are configured to comply with HIPAA requirements for handling Protected Health Information (PHI). Healthcare professionals should consult with their organization's compliance officer to ensure the app meets their specific organizational policies and requirements.
4. How We Use Information
We use collected information for the following purposes:
- Provide Translation Services: To enable real-time language translation
- Authentication & Security: To verify your identity and protect against unauthorized access
- Audit & Compliance: To maintain secure audit logs for healthcare compliance purposes
- Improve the App: To understand how features are used and fix bugs
- Safety & Security: To detect and prevent security issues
5. Data Storage & Security
5.1 Local Storage (On Your Device)
- User accounts: Stored in encrypted UserDefaults with AES-256 encryption
- Passwords: Hashed using SHA-256 with unique salts (never stored in plain text)
- Audit logs: Stored in encrypted files using AES-GCM encryption
- Session data: Stored in iOS Keychain (hardware-encrypted)
5.2 What We DON'T Store
- Medical conversations or patient information
- Translation content beyond the active session
- Audio recordings of speech input
- Patient identifiers or personal health information (PHI)
5.3 Security Measures
- 15-minute automatic session timeout
- Account lockout after 5 failed login attempts (requires administrator to unlock)
- AES-256 encryption for all locally stored data
- Secure password requirements (minimum 8 characters, uppercase, lowercase, numbers)
- No external file sharing capabilities
- TLS 1.2+ for all network communications
6. Data Retention
- User Accounts: Stored locally until you delete the app or an administrator deletes your account
- Audit Logs: Automatically deleted after 1 year
- Translation Content: Deleted when you log out or session expires (15 minutes of inactivity)
- Analytics Data: Retained by Google Firebase according to their retention policies (typically 14 months for aggregate data)
7. Data Deletion
You can delete your data by:
- Uninstalling the app: Removes all locally stored data (accounts, audit logs, session data)
- Logging out: Clears all translation content from memory
- Contacting us: Email info@pacificdigitalventures.org to request deletion of analytics data
8. Children's Privacy
VocaTranslate is intended for use by healthcare professionals aged 18 and older. We do not knowingly collect information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information as quickly as possible.
9. Your Rights & Choices
Depending on your location, you may have the following rights:
- Access: Request a copy of your data (contact us)
- Deletion: Request deletion of your data (uninstall app or contact us)
- Correction: Update your account information within the app or contact an administrator
- Opt-Out: You cannot opt out of essential data collection (authentication, security logs). For text-to-speech features, you can decline non-HIPAA compliant services (Google Translate TTS for Samoan), but
HIPAA-compliant TTS services (Azure Speech Services) may be used automatically for optimal translation quality in supported languages.
10. Changes to Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via app update notes when submitting new versions to the App Store
- Provide a summary of changes in the app update notes
Continued use of VocaTranslate after changes constitutes acceptance of the updated policy.
11. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (Note: We do not sell your personal information)
- Right to non-discrimination for exercising your rights
To exercise these rights, contact us at info@pacificdigitalventures.org.
12. International Users
VocaTranslate is operated in the United States. If you are located outside the U.S., please be aware that information we collect may be transferred to and processed in the U.S. By using the app, you consent to the transfer of your information to the U.S.
13. HIPAA Compliance
HIPAA Compliance Statement:
VocaTranslate is designed as a HIPAA-compliant communication aid for healthcare settings. Pacific Digital Ventures LLC has implemented the following measures to support HIPAA compliance:
- Business Associate Agreements: Pacific Digital Ventures LLC has established BAAs with Google Cloud Platform (for Translate API and Text-to-Speech) and Microsoft Azure (for Speech Services).
- Technical Safeguards: The app implements AES-256 encryption, secure audit logging, automatic session timeouts (15 minutes), account lockout protections, and secure password requirements.
- Administrative Safeguards: Comprehensive audit trails, user authentication, role-based access controls (admin vs. provider), and automatic log purging after 1 year.
- Physical Safeguards: Data is stored locally on device using iOS Keychain (hardware-encrypted). No PHI is stored on external servers beyond active translation sessions.
Healthcare professionals must:
- Consult with their organization's compliance officer before deploying VocaTranslate for patient care
- Ensure their use complies with their organization's HIPAA policies, procedures, and risk assessments
- Complete required HIPAA training and understand their responsibilities under HIPAA regulations
- Review and document consent procedures for patient interactions involving translation services
- Use qualified medical interpreters where legally required by federal or state law
- Report any suspected security incidents or breaches to their organization's privacy officer immediately
Limitations: While VocaTranslate meets HIPAA technical requirements, it is designed as a communication aid and should not replace qualified medical interpreters in legally mandated situations. Healthcare organizations remain responsible for ensuring overall HIPAA compliance in their environment.
14. Disclaimer of Warranties & Limitation of Liability
AS IS" BASIS: VocaTranslate is provided "as is" without warranties of any kind, either express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.
NO MEDICAL ADVICE: This app is a communication tool only and does not provide medical advice, diagnosis, or treatment. It should not replace qualified medical interpreters where legally required.
TRANSLATION ACCURACY: While we strive for accuracy, automated translations may contain errors. Healthcare professionals are responsible for verifying translation accuracy and clinical appropriateness.
LIMITATION OF LIABILITY: To the fullest extent permitted by law, Pacific Digital Ventures LLC shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses resulting from your use of VocaTranslate.
15. Contact Us
© 2025 Pacific Digital Ventures LLC. All rights reserved.