Privacy Policy

Last updated: March 2026

What we collect

• Email address — when you sign in or subscribe. Used for authentication and billing only.
• IP address and usage counts — to enforce the free trial limit. We do not log query content.
• Payment information — processed entirely by Stripe. We do not store card numbers.

What we do not collect

• We do not store the text of your clinical queries or responses.
• We do not sell or share your data with third parties for advertising.
• We do not use session recording or behavior tracking beyond basic analytics (PostHog, anonymized).

Important notice: do not input patient information

totallynot.ai is a clinical reference tool, not a patient management system. Queries are processed by an AI language model. Do not enter patient names, dates of birth, medical record numbers, or any other identifying information. Ask general clinical questions only (e.g., "metformin dosing in CKD" — not "my patient John Smith with MRN 12345...").

totallynot.ai is not a HIPAA covered entity and does not have a Business Associate Agreement (BAA) with AI providers. It is not intended for use with protected health information (PHI).

Third-party services

• Stripe — payment processing. Subject to Stripe's privacy policy.
• OpenAI / Anthropic — AI response generation. Queries are sent to their APIs. Subject to their data usage policies.
• PostHog — anonymized usage analytics (page views, feature usage). No personally identifiable data.
• Railway — infrastructure hosting. Data stored in the United States.

Your rights

You may request deletion of your account and associated data at any time by emailing hello@totallynot.ai.

Contact

Questions about this policy: hello@totallynot.ai