Privacy Policy

Last updated March 29, 2026

What Eval Fill Does

Eval Fill is a Chrome extension that helps physical therapists generate clinical documentation (SOAP notes) using AI. It accepts session input from the therapist and produces structured clinical notes.

Data We Collect

Account Information

• Email address and name (for authentication)
• Clinic name (optional)

Session Data

• The voice transcript captured during your session (processed via Chrome's built-in Web Speech API; audio is not stored)
• Clinical session input you enter (patient identifiers, symptoms, treatments, assessments)
• Generated SOAP notes
• Note edit history

EMR Form Data (only when you click Auto-Fill)

• The labels, types, and currently-filled values of the visible form fields on your active EMR tab. We send this to our AI service so it can map your clinical narrative to the correct fields. We do not store this form data after the request completes — it is used solely for that single mapping operation.

Usage Data

• Number of notes generated
• Timestamps of activity

Data We Do Not Collect

• Full patient names (we recommend using clinic-internal identifiers)
• Social Security numbers or insurance IDs
• Browsing history, page contents, or activity from any tab other than the EMR tab you explicitly choose to fill
• Data from any web page when you are not actively recording or filling — the extension is inert until you click Start Session or Auto-Fill

How Data Is Processed

Session input is sent to the Anthropic Claude API to generate SOAP notes. Anthropic does not use API data to train their models (per their commercial API terms). Generated notes are stored securely in our database.

Data Storage

Data is stored using Supabase (hosted on AWS infrastructure) with:

• Encryption at rest and in transit
• Row-level security ensuring users can only access their own data
• SOC 2 Type II certified infrastructure

Microphone Access

Eval Fill requests microphone access only when you use the optional voice input feature. Audio is processed in real-time by your browser's built-in speech recognition. Audio is not stored by Eval Fill.

Data Sharing

We do not sell, rent, or share your data with third parties except:

• Anthropic (AI processing) receives session input to generate notes
• Supabase (database and auth) stores your account and note data
• Railway (hosting) hosts our API server

Your Rights

• You can view all your stored notes in the History tab
• You can delete individual notes or request full account deletion
• You can copy any note to your clipboard

Security

• API keys and secrets are stored server-side only, never in the extension
• All communication uses HTTPS
• Authentication uses industry-standard JWT tokens
• Database access is controlled by row-level security policies

HIPAA Notice

Eval Fill is designed with healthcare data privacy in mind. For the pilot and testing phase, we recommend using de-identified patient data. Before processing real Protected Health Information (PHI), we will execute Business Associate Agreements with our infrastructure providers.

Changes to This Policy

We may update this policy as Eval Fill develops. Significant changes will be communicated through the extension.

Contact

For privacy questions or data deletion requests: info@virdar.co