Privacy Policy
Last updated: June 11, 2026
Privacy Policy Summary
Here's what you need to know about how WillyAI handles your information:
- •What we collect: Your account details and settings, your dictation transcripts, and the reports we generate for you (kept in your history)
- •Voice recordings: Processed in real time to produce your transcript, then discarded - we never store audio
- •Patient privacy: WillyAI is designed to work without patient information - do not include patient information in your dictations
- •No tracking cookies:We don't use advertising, cross-site tracking, or analytics cookies - that's why you don't see a cookie banner
- •Your rights: You can access, correct, export, or delete your information at any time
- •Contact: Questions? Email us at [email protected]
1. Who We Are
Willy Intelligence Inc. ("WillyAI", "we", "us") is a company registered in Delaware, United States, with a principal place of business at 254 Chapman Rd, Ste 208 #22349, Newark, Delaware 19702, US. We provide AI-powered dictation and reporting software for radiologists and other healthcare professionals (the "Solution").
This Privacy Policy explains what personal data we collect, why, who we share it with, and the rights you have. For users in the European Economic Area (EEA), the United Kingdom, and Switzerland, we process personal data in accordance with the GDPR and equivalent laws. You are not required to provide personal data, but without basic account details (such as an email address) we cannot provide the Solution.
Our representative in the European Union pursuant to Art. 27 GDPR is Nelson Sempaio, established in Portugal, reachable at [email protected]. For any privacy question or to exercise your rights, contact us at [email protected].
2. Our Role: When We Are Controller and When Processor
If you use the Solution under an agreement between WillyAI and your hospital, clinic, or other organization, your organization is the controller of the dictation transcripts, reports, templates, and related content created under its account ("Content"), and we process that Content on its behalf under a data processing agreement. In that case, your organization's privacy notices govern the Content, and requests concerning it may need to be directed to your organization. Our data processing agreement is available to organizations on request.
For your account and profile data, billing, security, product analytics, and our website - and for all data of users who sign up individually - WillyAI is the controller, and this Privacy Policy applies as described below.
3. Patient Data
The Solution is designed to work without any patient-identifying information. We do not ask for it, we do not need it, and you must not include patient names, identification numbers, or other patient-identifying details in your dictations. Medical imaging itself is never uploaded to or processed by the Solution - only your spoken findings and the resulting text. If you believe patient-identifying information was included in a dictation by mistake, contact us at [email protected] and we will help you delete it.
4. What We Collect, Why, and on What Legal Basis
4.1 Account and Profile Data
When you register we collect your name, email address, and, if you sign in with Google or Microsoft, the profile details those providers share with us (such as your name, email, and profile photo). You may add professional details and preferences such as your specialty, custom instructions, dictation terms, templates, and other settings, which we store as part of your account.
Purpose: creating and operating your account. Legal basis: performance of our contract with you (Art. 6(1)(b) GDPR).
4.2 Voice Recordings
When you dictate, your audio is streamed to our speech-to-text provider and converted to text in real time. Audio is processed transiently: we do not store your recordings, and any temporary upload made to complete a transcription is deleted immediately after the transcript is produced. What remains is the text.
Purpose: producing your transcript. Legal basis: performance of our contract with you (Art. 6(1)(b) GDPR).
4.3 Transcripts and Generated Reports
The transcripts of your dictations and the reports the Solution generates from them are stored in your account so that you can review, edit, copy, and reuse them, and so that we can provide your generation history. AI providers process this text solely to generate your output; we use API offerings whose terms do not permit our data to be used to train their models.
Purpose: providing the core Solution. Legal basis: performance of our contract with you (Art. 6(1)(b) GDPR); where your organization is the controller, we process under its instructions.
4.4 Billing Data
Paid subscriptions are processed by Stripe. We store your subscription status and a Stripe customer reference; your full payment card details are held by Stripe, not by us.
Purpose: billing and account management. Legal basis: performance of our contract (Art. 6(1)(b) GDPR) and compliance with legal obligations such as tax and accounting law (Art. 6(1)(c) GDPR).
4.5 Usage and Product Analytics
We collect information about how the Solution is used - for example which features are activated, when dictation starts and stops, and device type - and associate it with your account profile. If you arrive at our website from a campaign link, we also note the campaign parameters and referring site for the duration of your visit (in memory only - nothing is stored on your device) and, if you sign up, record how you found us. Analytics never include the text of your dictations or reports and do not store identifiers on your device.
Purpose: product improvement and usage statistics. Legal basis: our legitimate interest in understanding and improving our product (Art. 6(1)(f) GDPR). See Section 9 for your right to object.
4.6 Security, Logs, and Diagnostics
Our systems record technical information needed to keep the Solution secure and reliable: IP address, browser/device type, sign-in events, and an audit trail of security-relevant actions. If an error occurs, our error-monitoring service receives a technical report configured to exclude personal details.
Purpose: security, fraud prevention, debugging, and service reliability. Legal basis: our legitimate interest in securing and operating the Solution (Art. 6(1)(f) GDPR).
4.7 Communications
If you contact us, we keep the correspondence to respond and improve our support. We may send you administrative messages about your account (for example security or billing notices). We send marketing or newsletter emails only where permitted by law, and you can opt out at any time.
Purpose: support and communication. Legal basis: performance of our contract (Art. 6(1)(b) GDPR), our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR), and consent for marketing where required (Art. 6(1)(a) GDPR).
4.8 Aggregated Statistics
We may create de-identified, aggregated statistics (for example feature usage trends or overall dictation volumes) that do not identify any person, and use them to improve and describe our services.
5. Cookies and Similar Technologies
We use only the cookies and local storage that are necessary to provide the Solution. We do not use advertising cookies, cross-site tracking, or analytics cookies - our product analytics run without storing anything on your device. This is why we do not show you a cookie banner.
| Name | Purpose | Duration | Type |
|---|---|---|---|
better-auth.session_token | Keeps you signed in | Up to 30 days | Strictly necessary (cookie) |
auth_hint | Remembers that you are signed in so pages render correctly | Up to 30 days | Strictly necessary (cookie) |
theme | Stores your dark/light mode choice | Until you remove it | Preference you set (local storage) |
You can block or delete cookies in your browser settings, but the Solution will not work without the strictly necessary ones (you will not be able to stay signed in).
6. Who We Share Personal Data With
We never sell personal data, and we do not share it with advertisers or data brokers. We share personal data only with the categories of service providers needed to run WillyAI: speech-to-text and AI model providers (which receive the text you dictate solely to produce your transcripts and reports - never for their own purposes), cloud hosting, payment processing, product analytics, error monitoring, internal operations tooling, and sign-in providers (Google and Microsoft, acting as independent controllers). These providers process personal data on our behalf under data protection agreements. The text you dictate is never shared with analytics, error-monitoring, or marketing services.
We may also disclose personal data:
(a) if we are involved in a merger, acquisition, financing, or sale of assets, in which case we will notify you; (b) where required by law, regulation, or valid legal process; (c) to enforce our agreements or protect the rights, safety, and security of WillyAI, our users, or others; and (d) with your permission.
7. International Data Transfers
Our primary infrastructure is hosted on Amazon Web Services in Europe. Some of our service providers - in particular AI model providers - process data in the United States and other countries, and our team members may access data from other countries. Where personal data is transferred out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards: the EU-U.S. Data Privacy Framework for providers certified under it, the European Commission's Standard Contractual Clauses, or an applicable adequacy decision. You can request a copy of the relevant safeguards by contacting [email protected].
8. How Long We Keep Data
| Data | Retention |
|---|---|
| Voice recordings | Not retained - processed transiently and discarded |
| Account data, transcripts, reports, templates | While your account is active; deleted within 30 days of a verified deletion request or account closure |
| Security and technical logs | Up to 2 years |
| Billing records | As required by tax and accounting law |
| Support correspondence | Up to 2 years after the matter is resolved |
Where your organization is the controller of Content, its retention instructions take precedence for that Content. We may retain specific data longer where required to comply with legal obligations or to establish, exercise, or defend legal claims.
9. Your Rights
If you are in the EEA, the UK, or Switzerland, you have the right to:
(a) access the personal data we hold about you and receive a copy; (b) rectify inaccurate or incomplete data; (c) erase your data; (d) restrict processing in certain circumstances; (e) data portability - receive your data in a structured, commonly used, machine-readable format; (f) object to processing based on legitimate interests, including product analytics (we will stop unless we have compelling legitimate grounds); and (g) withdraw consent at any time where processing is based on consent, without affecting prior processing.
To exercise any of these rights, email [email protected]. We may need to verify your identity before acting on a request. We respond within one month, extendable where requests are complex. Exercising your rights is free of charge. You also have the right to lodge a complaint with your local data protection supervisory authority.
If your dictation Content is controlled by your organization (see Section 2), we may need to refer requests concerning that Content to your organization, and we will tell you if so.
10. Automated Decision-Making
The Solution uses AI to draft transcripts and reports, but it does not make decisions about you that produce legal or similarly significant effects. Generated reports are drafts for review by you, the professional user, who remains responsible for the final content.
11. Security
We protect personal data with industry-standard measures, including encryption of data in transit, isolation of databases in private networks, role-based access controls, and audit logging. We will notify you and the relevant authorities of any personal data breach where required by law.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you by email or by a prominent notice in the Solution. The "Last updated" date at the top shows the current version.
Contact Us
If you have questions or comments about this Privacy Policy or our privacy practices, contact us at:
Willy Intelligence Inc.
254 Chapman Rd, Ste 208 #22349
Newark, Delaware 19702, US