Privacy Policy

Who we are

GMTek AI is a sole proprietorship operated by Joshua Moody from Whidbey Island, Washington, USA. We build small, focused software products. There is one person making decisions about your data — and you can email him at josh@gmtek.ai.

This policy covers our marketing site (gmtek.ai) and our paid products, including Chartwright (clinical documentation for licensed physicians) and VetWright (veterinary documentation for licensed veterinarians). Both products run on the customer's own machine.

What our products actually do

Chartwright and VetWright are local-first desktop applications. They install on the clinician's laptop and serve a browser interface at localhost:7432. The customer pastes (or dictates) chart text and the software returns an AI-generated documentation draft.

The software talks to a chat model in one of two ways:

• Local provider mode (Ollama): the model runs on the customer's own machine. Chart text never touches the public internet.
• Cloud provider mode (Anthropic, OpenAI): chart text is sent from the customer's browser directly to the chosen provider. It does not pass through any GMTek server. The customer supplies their own API key and operates under their own Business Associate Agreement (BAA) with that provider.

What we collect from customers

From paying customers, our license server records a small, specific set of operational data:

• License key (issued by us) and the email address you used to purchase
• Anonymous install ID — a random identifier generated on first launch; not tied to your name or machine fingerprint beyond what's needed to enforce per-seat limits
• Monthly chart counts — a single integer per month, used to enforce your subscription tier's quota
• Subscription state — active, cancelled, paused, expired

From visitors to gmtek.ai, we collect standard Cloudflare Pages access logs (IP address, referrer, user-agent, requested path, timestamp). These logs are aggregated for analytics and anti-abuse only. We do not run third-party analytics scripts on the marketing site.

What we explicitly do NOT collect

This list is the point of the whole product. We are deliberate about it.

• No patient health information (PHI). Chart text is never transmitted to any GMTek server, ever, in any mode. In local-provider mode it stays on the customer's machine. In cloud-provider mode it goes directly from the customer's browser to Anthropic or OpenAI — we are not a relay and not in the path.
• No chart text. No output text. No audio dictation. Voice input is transcribed locally with Whisper and never leaves the laptop.
• No encryption passphrases. If you turn on encrypted local chart history, the passphrase derives a key with Argon2id and AES-GCM on your machine. We never see the passphrase or the key. If you lose it, we cannot recover your archive.
• No browser cookies on the marketing site for tracking purposes. No Facebook pixel, no Google Analytics, no advertising trackers.
• No diagnostic telemetry from the desktop product beyond the license check and chart-count counter described above. There is no "phone home with stack traces" telemetry. Crash data stays on your machine.

HIPAA stance (Chartwright, in particular)

GMTek AI is not a HIPAA covered entity and is not your business associate. We do not handle PHI. We do not sign Business Associate Agreements (BAAs). The product architecture is the reason: PHI never enters our systems.

If you are a covered entity using Chartwright with a cloud provider (Anthropic Claude or OpenAI GPT) for charts containing real PHI, the BAA you need is the one between you and that provider. Both Anthropic and OpenAI offer BAAs to qualifying customers. Chartwright's job is to make the request architecture clean enough that the BAA you sign with them is the only BAA you need.

If you use Chartwright with a local Ollama model, no BAA is needed — there is no third party involved. The chart never leaves your hardware.

The de-identifier preprocessor (Safe Harbor stripper for the 18 HIPAA identifiers) that runs before any cloud request is defense-in-depth, not a substitute for a BAA. We say this clearly inside the product, too.

How long we keep what we keep

License and install records are retained while your subscription is active. After cancellation, we retain billing-adjacent records for seven (7) years to comply with US tax and accounting recordkeeping rules, then delete them.

Cloudflare access logs roll off on Cloudflare's standard retention (typically days to weeks).

If you ask us to delete your records earlier, we will do so to the extent we are not legally required to retain them — see the next section.

Third parties we use

The full list of services that touch any of your data — short on purpose:

• Cloudflare — hosts the marketing site (Cloudflare Pages) and runs the license-check Worker. Sees standard request metadata; never sees chart text.
• Lemon Squeezy — our Merchant of Record for payments. Lemon Squeezy collects the card data, billing address, and tax information; we receive the order email, license key, and a payout. We never see your card details. Their own privacy policy applies to that transaction.
• Your chosen AI provider — if you select Anthropic or OpenAI inside the product, you are sending data directly to them under your own contract with them. They are not our subprocessor; they are yours. If you select Ollama, no third party is involved.

That is the entire third-party list. We do not sell, share, or otherwise hand customer data to data brokers, advertising networks, or "AI training" pipelines.

Your rights

You can ask us, at any time, to:

• Access the license and install records we have associated with your email
• Correct any inaccurate record (e.g., a wrong billing email)
• Delete your records, subject to legal retention obligations described above
• Export your records in a readable format

Email josh@gmtek.ai with the request. We respond within 30 days, usually faster. There is no automated portal — it is one person reading the email — which we think is appropriate at our scale.

Children's data

Chartwright and VetWright are professional tools licensed to credentialed clinicians and veterinarians. They are not designed for, marketed to, or licensed for use by minors directly. We do not knowingly collect data from anyone under 18.

Pediatric chart text processed by a licensed clinician on behalf of a pediatric patient is the customer's responsibility under their own privacy framework (HIPAA, state law, parental consent rules, etc.). Our products do not treat pediatric data differently from any other chart text — because, again, we never see any chart text in the first place.

Changes to this policy

We will post material changes to this page and update the date at the top. If a change meaningfully reduces your privacy protections, we will email active customers at the address on file before the change takes effect.

This is a living document, but the core promise — we don't see your charts — is not on the table.