Privacy Policy
Privacy and data handling
Last updated: 5 July 2026.
HeyOpTech is designed to retrieve information from operative technique documents without storing or using patient-identifiable information. This policy describes the current prototype and early-access service.
Patient information
Do not provide patient-identifiable information to HeyOpTech. If patient-identifiable information is detected in a transcript, the app is designed to remove it before sending a question for retrieval and answer generation.
Speech and transcripts
The app uses speech recognition to create text from spoken questions. Raw audio is not intended to be stored by HeyOpTech. The resulting text is cleaned before it is sent to the backend service.
Development logging can record technical information such as cleaned transcripts, detected manufacturer, retrieval results, confidence, document ID, and page number. Full transcript logging is intended for development only and should be disabled in production settings.
AI processing
OpenAI is called only from the server-side Supabase Edge Function. The OpenAI API key is not stored in the mobile app. The backend sends retrieved source passages and the cleaned question so the answer can be grounded in uploaded operative technique documents.
Document and display data
The document library contains operative technique PDF metadata and extracted text chunks. The optional theatre display uses a short-lived pairing session so a browser can show cited answers or source references from the linked phone.
Infrastructure providers
HeyOpTech currently uses Supabase for backend services, Vercel for the theatre display, and Cloudflare for DNS/domain services. These providers may process technical logs needed to run and secure the service.
Contact
For privacy enquiries, contact the HeyOpTech project owner through your existing project or support channel. A dedicated public privacy contact will be published before wider release.
