Privacy Policy

1. Scope

This policy covers information processed through the NoteV website, web application, mobile applications, and related services (collectively, the “Services”). It does not replace Business Associate Agreements (BAAs) executed with covered entities or providers under HIPAA; those agreements control when conflicts arise.

2. Information We Collect

• Account information: name, email address, practice details, payment history, and authentication credentials.
• Usage data: device identifiers, IP address, browser type, operating system, pages viewed, product interactions, session logs, and diagnostic events.
• Support correspondence: messages, call recordings, and attachments shared with our customer success or technical support teams.
• Protected Health Information (PHI): when customers ingest audio or text through the Services, we process it in accordance with HIPAA, applicable BAAs, and the customer’s instructions.

3. How We Use Information

• Provide, secure, and maintain the Services.
• Respond to inquiries, support requests, and feedback.
• Analyze feature adoption and performance to improve workflows and model accuracy.
• Send administrative notices, product updates, and billing communications.
• Meet legal, regulatory, and contractual obligations, including HIPAA and SOC 2 controls.

4. Legal Basis for Processing (EEA/UK)

Where GDPR or UK GDPR applies, we process personal data under one or more of the following bases: (a) fulfillment of a contract; (b) legitimate interest in delivering and improving the Services; (c) compliance with legal obligations; and (d) consent where required for specific marketing activities.

5. Sharing and Disclosure

We do not sell personal information. We share data only with:

• Authorized service providers who support hosting, analytics, payment processing, and customer success, each bound by confidentiality and security obligations.
• Integration partners (EHRs and medical software) specifically connected by the customer.
• Legal authorities when required by law, court order, or to prevent harm.
• Successors in interest in the event of a merger, acquisition, or sale of assets, subject to continuity of privacy safeguards.

6. Data Retention

Account data is retained for the lifetime of the subscription and as required by law. Customers control retention of PHI and encounter content via in-product settings; deleted items are removed from active systems within 30 days and from backups within 90 days.

7. Security

We employ administrative, technical, and physical safeguards including end-to-end encryption, role-based access, audit logging, least privilege principles, and continuous monitoring. NoteV maintains SOC 2 Type II certification and signs BAAs where required. No method of transmission or storage is 100% secure; customers should ensure their own security controls complement ours.

8. International Transfers

NoteV primarily stores data in the United States. When we transfer personal information outside your jurisdiction, we do so using approved mechanisms such as Standard Contractual Clauses or other lawful safeguards.

9. Your Rights

Depending on your location, you may request access, correction, deletion, or portability of personal data, object to or restrict processing, and withdraw consent. For PHI, these rights are exercised through the covered entity (usually your healthcare provider or employer).

10. Children’s Privacy

The Services are intended for professional use by adults. We do not knowingly collect personal information from children under 16 without appropriate consent or legal basis.

11. Changes to This Policy

We may update this Privacy Policy to reflect new features, legal requirements, or industry practices. Material changes will be communicated via email or in-product notice, and the “Last updated” date will change accordingly.

12. Contact Us

For privacy inquiries, data subject requests, or security disclosures, contact: