Back to home

Back to home

Privacy Policy

Privacy Policy

SleepMind, Inc. (operating as Scriben)

Last Updated: February 28, 2026

Scriben, Inc. ("Scriben," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and share information through our website at https://www.scriben.ai (the "Website"), our mobile and desktop applications, and our AI scribe pen device (collectively, the "Services"). By accessing or using the Services, you agree to this Privacy Policy.

1. Who This Policy Applies To

  1. Who This Policy Applies To

This Privacy Policy applies to:

  • Visitors — individuals who access the Website and view publicly available content.

  • Customers — individuals or organizations that register for and use the Platform.

  • Authorized Users — individuals authorized by Customers to use the Platform, such as employees or contractors.

Visitors agree to this Privacy Policy and our Terms of Use by accessing the Website. Customers and Authorized Users agree to this Privacy Policy and the Platform Terms of Use by using the Platform.

Clear enough for first-time use, with extra emphasis on pairing and recording so you can focus on listening and the conversation itself.

  1. Information We Collect

  1. Information We Collect

2.1 Contact and Account Information

When you register, contact us, or subscribe to our services, we collect your name, email address, phone number, company or organization name, job title, account credentials (such as hashed passwords or identity provider tokens), and user preferences. This information is used to provide access, manage your account, and personalize your experience.


2.2 Service Data

"Service Data" means all data submitted to, processed by, or generated through the Services, including:

  • Audio recordings captured via the Scriben device or application

  • Transcripts generated from those recordings

  • AI-generated summaries, notes, action items, and structured documents

  • Speaker identification data and conversation metadata

  • Usage logs and feature interaction data

Service Data may include personal information and, in professional contexts, sensitive or regulated information (see Sections 4–5 below). Customers retain ownership and control of their Service Data.


2.3 Automatically Collected Information

We automatically collect technical and usage data, including IP address, device type, browser, operating system, session logs, and feature usage patterns. This information is used for security, reliability, and service improvement.

Clear enough for first-time use, with extra emphasis on pairing and recording so you can focus on listening and the conversation itself.

3. How We Use Your Information

  1. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Services, including audio transcription, AI-generated documentation, speaker identification, and traceability features

  • Personalize your experience based on your professional context and workflow preferences

  • Communicate with you about your account, updates, and support matters

  • Improve and develop the Services using aggregated, de-identified, or synthetic data (see Section 7)

  • Ensure security and compliance, including fraud prevention, audit logging, and regulatory obligations

  • Fulfill legal obligations, including responding to lawful requests from authorities

We do not use your personal data for advertising, nor do we sell your data to third parties for commercial purposes.

Clear enough for first-time use, with extra emphasis on pairing and recording so you can focus on listening and the conversation itself.

4. Sensitive Professional Data

  1. Sensitive Professional Data

Scriben is designed for professionals in legal, financial, healthcare, consulting, and other regulated or high-stakes fields. Depending on your use case, Service Data may include:

  • Attorney-client communications subject to legal privilege

  • Protected Health Information (PHI) as defined under HIPAA

  • Non-public financial information subject to securities or banking regulations

  • Confidential business information subject to contractual or professional obligations

Customers are responsible for determining whether their use of the Services is consistent with applicable professional rules, privilege protections, and institutional policies. Scriben provides the technical infrastructure; compliance with professional and industry-specific obligations remains the Customer's responsibility.

Clear enough for first-time use, with extra emphasis on pairing and recording so you can focus on listening and the conversation itself.

5. HIPAA and Healthcare Data

  1. HIPAA and Healthcare Data

5.1 Our Role

When Scriben processes PHI on behalf of healthcare providers or other HIPAA-covered entities, Scriben acts as a Business Associate as defined under HIPAA. Where required, Scriben will enter into a Business Associate Agreement ("BAA") with the applicable Customer prior to processing PHI.


5.2 Permitted Uses of PHI

Scriben uses PHI solely to provide transcription and AI-assisted clinical documentation, support Customer-requested workflows, and maintain, secure, and operate the Services. PHI is not used for advertising or marketing, sold or shared for commercial data brokerage, or used to train general-purpose or cross-customer AI models.


5.3 Safeguards for PHI

Scriben implements administrative, physical, and technical safeguards consistent with HIPAA requirements, including:

  • Encryption of PHI in transit and at rest

  • Role-based access controls

  • Audit logging and activity monitoring

  • Workforce confidentiality obligations


5.4 Customer Responsibilities

Healthcare Customers are responsible for determining whether and how PHI is submitted to the Services, obtaining any required patient authorizations, consents, or notices, and ensuring that use of the Services complies with applicable healthcare laws, professional obligations, and institutional policies.

  1. Other Regulated Industries

  1. Other Regulated Industries

For Customers in the legal, financial services, or other regulated industries, the following applies:

  • Legal Professionals — Customers are responsible for ensuring that use of the Services is consistent with applicable rules of professional conduct, attorney-client privilege, and confidentiality obligations. Scriben does not assert ownership over or access attorney-client communications beyond what is necessary to deliver the Services.

  • Financial Services — Customers subject to SEC, FINRA, or other financial regulatory obligations are responsible for ensuring that their use of the Services, including any recording and retention of client communications, complies with applicable rules.

  • Other Regulated Contexts — Customers operating under other regulatory frameworks (e.g., FERPA, GLBA, SOX) remain responsible for assessing whether and how the Services may be used in compliance with those frameworks.

Clear enough for first-time use, with extra emphasis on pairing and recording so you can focus on listening and the conversation itself.

7. AI Processing and Model Training

  1. AI Processing and Model Training

Service Data and PHI are processed only to deliver the functionality you have requested. Scriben does not use Customer Service Data or PHI to train or improve foundation models or general-purpose AI systems.

Any model improvements are performed using de-identified, synthetic, or non-Customer data, unless explicit written consent is provided by the Customer. De-identified data is handled in a manner that does not identify any individual and does not permit re-identification.

Clear enough for first-time use, with extra emphasis on pairing and recording so you can focus on listening and the conversation itself.

8. Data Sharing

  1. Data Sharing

8.1 Service Providers

We may share data with vetted third-party vendors that provide infrastructure, security, analytics, or payment services. All such vendors are bound by contractual confidentiality and data protection obligations consistent with this Policy.


8.2 Legal Requirements

We may disclose information where required by applicable law, court order, or government request, or where necessary to protect the rights, safety, or security of Scriben, our users, or the public.


8.3 Corporate Transactions

In connection with a merger, acquisition, financing, or sale of assets, data may be transferred to a successor entity, subject to the same privacy protections described in this Policy.


8.4 With Your Consent

We may share information for other purposes with your explicit consent.

Clear enough for first-time use, with extra emphasis on pairing and recording so you can focus on listening and the conversation itself.

9. Data Retention

  1. Data Retention

We retain information only for as long as necessary to provide the Services, comply with legal and regulatory obligations, and resolve disputes and enforce agreements.

Retention and deletion of Service Data, including audio recordings and transcripts, may be configurable by Customers in accordance with their own retention policies. Upon account termination, Customer data is deleted or returned in accordance with the applicable agreement.

10. Security

10. Security

We maintain reasonable and appropriate security measures aligned with industry standards, including controls consistent with HIPAA and SOC 2 Type I frameworks. Measures include encryption in transit and at rest, access controls, and activity monitoring.

No system can be guaranteed to be completely secure. In the event of a security incident affecting your data, we will notify you in accordance with applicable law.

11. International Data Transfers

  1. International Data Transfers

Data may be processed or stored outside your jurisdiction. Scriben applies appropriate safeguards for international transfers in accordance with applicable data protection laws.

12. Your Rights and Choices

12. Your Rights and Choices

Subject to applicable law, you may:

  • Access or correct your personal information through your account settings

  • Request deletion of your personal data by contacting us

  • Opt out of marketing communications via the unsubscribe link in any marketing email

  • Manage cookies through your browser settings (note: disabling certain cookies may affect functionality)

Requests related to personal data may be submitted through your account settings or by contacting us at emma@scriben.ai.

13. Children's Privacy

  1. Children's Privacy

The Services are not intended for use by individuals under the age of 13. Scriben does not knowingly collect personal data from children. If we become aware that a child under 13 has provided personal information, we will delete it promptly.

14. Changes to This Policy

  1. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice on the Website. The "Last Updated" date at the top of this Policy reflects the most recent revision. Continued use of the Services after such changes constitutes your acceptance of the updated Policy.

15. Contact Us

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

SleepMind, Inc.
Email: hello@scriben.ai
Website: scriben.ai

© 2026 SleepMind, Inc. All rights reserved.

© 2026 SleepMind, Inc. All rights reserved.

Questions? hello@scriben.ai

Questions? hello@scriben.ai

© 2026 SleepMind, Inc. All rights reserved.

Questions? hello@scriben.ai