← DocReport

Privacy Policy

Effective date: May 18, 2026

1. Introduction

Be Smart Global, LLC ("DocReport", "we", "our", or "us") operates the DocReport platform accessible at https://docreport.us and associated mobile applications (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service.

By accessing or using the Service you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Who We Are

Be Smart Global, LLC is a Delaware Limited Liability Company (Delaware File No. 10620833) operating the DocReport platform. Our registered agent for service of process is Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, United States.

Contact us at: info@be-smart-business.de

3. Information We Collect

3.1 Information You Provide

  • Account information: name, email address, professional credentials, practice name, NPI number, billing information.
  • Clinical content: voice recordings, transcribed text, patient notes, uploaded documents (charts, denial letters, lab reports), and any text you enter into the Service.
  • Payment information: processed by our third-party payment processor; we do not store full card numbers.
  • Communications: messages you send to our support team.

3.2 Information Collected Automatically

  • Log data (IP address, browser type, pages visited, timestamps).
  • Device identifiers and operating system information.
  • Cookies and similar tracking technologies (see Section 10).
  • Usage analytics (features used, session duration, error events).

3.3 Protected Health Information (PHI)

When you enter patient information into the Service, that information may constitute Protected Health Information ("PHI") under HIPAA. We handle PHI in accordance with our HIPAA Notice of Privacy Practices (available at docreport.us/us/legal/hipaa-notice) and the Business Associate Agreement ("BAA") we enter into with covered entities and their business associates.

4. How We Use Your Information

  • To provide, operate, maintain, and improve the Service.
  • To generate AI-assisted medical documentation, coding suggestions, prior-authorization packets, and denial appeals on your behalf.
  • To authenticate your account and prevent fraud or unauthorized access.
  • To send transactional emails (account confirmations, billing receipts).
  • To send service announcements and, where permitted, marketing communications (you may opt out at any time).
  • To comply with legal obligations, enforce our Terms of Service, and protect the rights and safety of DocReport and its users.
  • To generate aggregate, de-identified analytics that help us improve the Service.

We do not sell your personal information or PHI to third parties. We do not use PHI to train public AI models.

5. Legal Basis for Processing (US State Law)

Depending on your state of residence, applicable law may require us to identify a legal basis for processing your personal information. We process your data:

  • To perform our contract with you — providing the Service you subscribed to.
  • For our legitimate interests — improving the Service, preventing fraud, and communicating with you about your account.
  • To comply with legal obligations — such as HIPAA, tax, and accounting requirements.
  • With your consent — for optional marketing communications.

6. Sharing of Information

We share your information only in the following circumstances:

  • Service providers: We use third-party vendors (e.g., cloud infrastructure, payment processors, analytics) who process data on our behalf under data processing agreements.
  • AI infrastructure: Clinical content is processed on US-hosted Google Cloud infrastructure. We do not send PHI to third-party AI providers outside of our signed BAA arrangements.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred, subject to standard confidentiality protections.
  • Legal requirements: We may disclose information when required by law, court order, or government request, or to protect the rights, property, or safety of DocReport, our users, or others.
  • With your consent: For any other purpose with your explicit consent.

7. Data Retention

We retain your account data and clinical content for as long as your account is active or as needed to provide the Service. Upon account termination you may request deletion of your data by contacting us at info@be-smart-business.de. We will delete or anonymize your information within 30 days of a verified request, except where retention is required by law (e.g., tax records, audit logs).

PHI retention is governed by applicable HIPAA requirements and, where applicable, state medical record retention laws.

8. Data Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access controls, multi-factor authentication, and audit logging. Our infrastructure is hosted on US Google Cloud regions certified to ISO 27001, SOC 2 Type II, and FedRAMP Moderate.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at info@be-smart-business.de.

9. Your Privacy Rights

Depending on your state of residence, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention obligations.
  • Portability: Receive your personal information in a structured, machine-readable format.
  • Opt-out of sale or sharing: We do not sell personal information; this right is therefore satisfied by default.
  • Non-discrimination: We will not discriminate against you for exercising any privacy rights.

To exercise any of these rights, email us at info@be-smart-business.de with the subject line "Privacy Rights Request." We will respond within 45 days (or as required by applicable law).

California residents: Additional rights under CCPA/CPRA apply. See our full California Consumer Privacy Notice available upon request.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to authenticate sessions, remember preferences, and gather analytics. For details, see our Cookie Policy.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of certain features.

11. Children's Privacy

The Service is intended for licensed healthcare professionals aged 18 and older. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected information from a minor, we will delete it promptly.

12. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

13. International Users

The Service is operated from the United States. If you are located outside the United States, please be aware that information you provide will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice in the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact:

Be Smart Global, LLC (dba DocReport)
Privacy Officer
Email: info@be-smart-business.de
Registered Agent: Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, USA

© 2026 Be Smart Global, LLC. All rights reserved.

Terms of ServiceHIPAA NoticeCookie PolicyBack to DocReport