Attending
v1.0

Attending Privacy Policy

Version 1.0 — Effective 4/1/2026

Attending is an invite-only platform for physicians operated by Opit Works LLC ("Attending," "we," "us"). This Privacy Policy describes what personal information we collect, how we use it, who we share it with, and your rights regarding that information.

This Privacy Policy applies to the Attending platform during the pre-release beta period. When Attending becomes generally available, this policy may be updated, and you will be notified of material changes.

1. What We Collect

We collect the following categories of information:

Information you provide

  • Account information: your name, email address, medical specialty, training level (resident, fellow, attending, other), and institution. We use this information to operate an invite-only physician community and may use it to support account review or verification.
  • Profile information: any additional details you add to your physician profile, such as clinical interests, bio, or training history.
  • Content you post: clinical cases you share on Attending, including images, text descriptions, tags, and discussion comments.
  • Communications with us: emails, support requests, feedback, screenshots you attach to feedback, and other messages you send.

Information collected automatically

  • Usage data: pages you view, cases you open, features you interact with, and other actions you take on Attending.
  • Device and connection information: IP address, browser type, operating system, device identifiers, and approximate location inferred from IP address.
  • Log data: timestamps, error reports, and other diagnostic information generated by the platform.

Information generated by the platform

  • De-identification review data: when you upload text, images, videos, documents, or other case content, Attending's automated tools may analyze the content to flag potentially identifying information before you post or send it. This analysis is processed through third-party AI services (see Section 3).
  • AI-assisted content drafts: when Attending drafts a headline, description, or tags for a case you're posting, that draft is generated through third-party AI services.
  • Dictation data: when you use dictation, your audio and transcript are processed to generate text for your case or comment.

What we do not collect

  • We do not collect Social Security numbers, payment card information (during the beta period, there are no paid features), or government-issued ID numbers.
  • We do not intentionally collect patient health information. Attending is designed for physicians to submit de-identified content, and you are responsible for ensuring content is de-identified before you submit it. If you accidentally submit patient identifiers, we may process that content only to operate the service, provide de-identification assistance, address support or safety issues, and comply with law. See the Beta Terms of Use, Section 3.

2. How We Use Your Information

We use the information we collect to:

  • Operate the Attending platform — authenticating you, displaying cases to other Attending users, delivering emails you've opted into, and providing support.
  • Support invite-only community trust, account review, and verification where appropriate.
  • Improve Attending — understanding how features are used, identifying bugs, and developing new functionality.
  • Assist with de-identification — running automated analysis on content you upload to flag potential PHI before you post or send it.
  • Communicate with you about the platform — including service updates, security notices, and (if you've opted in) product announcements.
  • Protect Attending and our users — detecting fraud, abuse, and violations of our Beta Terms of Use.
  • Comply with legal obligations.

3. Third-Party Service Providers

Attending uses the following third-party service providers to operate the platform. These providers process data on our behalf under contractual confidentiality and security obligations. We do not sell your data to any of them.

  • Supabase — database, authentication, and file storage infrastructure.
  • Vercel — application hosting.
  • Cloudflare — DNS and network infrastructure.
  • Anthropic — AI analysis for de-identification review of text and for drafting case write-ups. Content you upload is sent to Anthropic's API for processing. Under Anthropic's commercial terms, content processed through the API is not used to train Anthropic's models.
  • OpenAI — audio transcription for dictation. Audio and related context are sent to OpenAI's API for processing.
  • Google Cloud (Vision API) — AI analysis for de-identification review of images, including detection of faces, visible text, and patterns suggestive of PHI. Image content is sent to Google Cloud for processing. Google Cloud does not use API content to train its models under its commercial terms.
  • PostHog — product analytics such as page views and feature usage. Autocapture is disabled so we do not intentionally capture case text through analytics.
  • Sentry — error monitoring and diagnostics.
  • Email delivery providers — for transactional emails such as magic link sign-in, account notifications, and support replies.

We may add or change service providers during the beta period. Material changes will be reflected in updates to this policy.

4. What We Do Not Do With Your Information

During the beta period and beyond, we commit to the following:

  • We do not sell your personal information to any third party.
  • We do not share your personal information with advertisers, pharmaceutical companies, medical device companies, or data brokers.
  • We do not use your content to target advertisements. Attending does not display advertising.
  • We do not use your clinical content to train external commercial AI models for resale or for non-Attending purposes.
  • We do not share your information with your employer, institution, or licensing board except as required by law or in response to a valid legal process.

5. Sharing with Other Physicians on Attending

When you post a clinical case, your name, specialty, institution (if you have provided it), and the content of your post are visible to other users of Attending. That is the point of the platform.

You control which fields appear on your profile. Comments you make on other physicians' cases are attributed to you in the same way. You can delete your content or your account at any time.

6. Data Retention

  • Account data is retained for as long as your account is active. If you delete your account, we delete your account data within 30 days, except where we are required by law to retain it.
  • Content you post (cases, comments) is retained until you delete it or delete your account. Cached or backup copies may persist for a reasonable period before being purged.
  • Usage and log data is retained for up to 24 months for security, diagnostic, and product improvement purposes, then deleted or aggregated.
  • Communications with us are retained as long as necessary to provide support and resolve issues.

7. Security

We use reasonable administrative, technical, and physical safeguards to protect your information, including encryption in transit, access controls on production systems, and infrastructure provided by security-reviewed service providers. No security measure is perfect. If we become aware of a security incident affecting your information, we will notify you as required by applicable law.

You are responsible for keeping your account credentials secure and for the content you post. See the Beta Terms of Use for your obligations regarding patient information.

8. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we have about you.
  • Correction — ask us to correct information that is inaccurate.
  • Deletion — ask us to delete your personal information, subject to legal retention requirements.
  • Portability — request your data in a portable format.
  • Objection or restriction — object to certain uses of your information or ask us to restrict processing.
  • Withdraw consent — where we rely on your consent to process information, you can withdraw that consent.

To exercise any of these rights, email privacy@onattending.com. We will respond within the timeframe required by applicable law.

Residents of Washington State have specific rights under the Washington My Health My Data Act. Residents of California have specific rights under the California Consumer Privacy Act. We will honor these rights as required by applicable law regardless of where you live.

9. Children

Attending is intended for licensed physicians, residents, and fellows, all of whom are at least 18 years old. We do not knowingly collect information from anyone under 18. If we learn we have collected information from someone under 18, we will delete it.

10. International Users

Attending is operated from the United States. During the beta period, Attending is intended for users practicing medicine in the United States. If you access Attending from outside the US, you understand that your information will be processed in the US and may be subject to US law.

11. Changes to This Policy

We may update this Privacy Policy during the beta period. If we make material changes, we will notify you by email and may require you to acknowledge the updated policy on your next login. Non-material changes will be reflected in an updated version number and effective date.

When Attending exits beta and becomes generally available, this policy will be replaced with a full Privacy Policy. We will notify you in advance.

12. Contact

Questions about this Privacy Policy or about how we handle your information:

By checking the Privacy Policy acknowledgment on the signup page, you confirm that you have read and understood how Attending collects, uses, and shares your personal information.