Privacy Policy

Last updated: 22 August 2025

Introduction

NoteGen.ai ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. By using NoteGen.ai, you agree to the practices described in this policy.

1. Core Privacy Principles

1.1 Data Minimization

We collect only the personal information strictly necessary to maintain records of your interactions with your health professional.. This includes consultation notes, encounter summaries, and patient identifiers strictly necessary for clinical documentation..  Only the health professionals that patients interact with will have access to any collected health, diagnostic, or treatment data through our systems., Furthermore, access to this information is highly controlled and monitored to ensure privacy.. 

1.2 Purpose Limitation

Collected data may only be used for the following: 

  • AI is exclusively used for automated transcription and clinical note generation during patient interaction 
  • AI supports clinicians by converting spoken dialogue into structured medical notes for review and approval by licensed practitioners.
  • AI is NOT used to diagnose conditions, make treatment decisions, or process medical records.
  • The system verifies patient identities during appointment interactions 
  • Users can request human review of any AI-generated clinical notes by contacting the clinic directly.
  • Secondary data uses require explicit written authorization.

1.3 Prohibited Data Uses

  • Production data must never be used for development, testing, or training.
  • Only synthetic or de-identified data meeting HIPAA §164.514 standards may be used.

2. Your Information

2.1 Information We Collect

We may collect information that identifies you, including but not limited to:

  • Personal Information: Name, phone number, email address, date of birth, and other identifying details provided by you or your clinic.
  • Health Information: Appointment details, insurance information, and other health-related data for the purpose of facilitating medical services.
  • Technical Information: Device information, IP address, browser type, and other usage details to help improve our service.

2.2 How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: To provide, maintain, and enhance NoteGen.ai's features, including clinical note-taking, summarization, and scribing support..
  • Personalization and Communication: To customize your experience, send reminders, and respond to inquiries.
  • Legal Compliance: To comply with any applicable laws, regulations, and legal processes.

2.3 How We Share Your Information

We do not sell or rent your personal information to third parties. We may share your information in the following situations:

  • With Your Consent: We may share your information with third parties if you provide consent.
  • Service Providers: We may share information with vendors and service providers who perform functions on our behalf.
  • Legal Requirements: We may disclose your information to comply with legal obligations, such as responding to court orders or legal processes.

3. Consent Management

3.1 Explicit Consent Capture

Patients provide verbal consent at the start of each recorded consultation  after hearing a standardized disclosure about data usage. The system records timestamps and consent context for 7 years. Clinics must renew consent every 24 months or when changing data processing purposes.

3.2 Withdrawal Process

Patients may revoke consent by submitting a signed request to their clinic. Upon receiving such a request, NoteGen.ai will: 

  • Cease all processing within 72 hours of clinic notification 
  • Delete consultation recordings and generated notes  within 30 days 
  • Retain transaction logs for legal compliance purposes
  • Patients have the right to request access to their PHI, request amendments, and obtain a history of disclosures under HIPAA §164.524.
  • NoteGen.ai must provide this information within 30 days of request.

4. Third-Party Management

We may use vendors to provide our services, such as infrastructure and call handling vendors. These external service providers must demonstrate:

  • SOC 2 Type II or ISO 27001 certification 
  • Data processing agreements with breach liability clauses
  • Annual security audits conducted by qualified third parties
  • NoteGen.ai will only provide patient data to law enforcement agencies with a valid court order, except where legally required to disclose without notice (e.g., imminent harm situations). Where possible, patients will be notified of data requests.

5. Data Security

We employ a variety of security measures to protect your personal information. These include encryption, access control, and secure storage methods. While we strive to use commercially acceptable means to protect your data, no method of transmission over the internet is 100% secure.

All sensitive data receives dual-layer protection: 

  1. At Rest: AES-256 encryption for databases containing health identifiers 
  2. In Transit: TLS 1.3 with perfect forward secrecy for voice/data transmissions
    Key management follows NIST SP 800-57 guidelines with quarterly rotations. 
  3. All patient data is classified according to sensitivity levels, and data integrity is validated using SHA-384 hash verification.

6. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information, including the right to access, update, or delete your data. Please contact us at privacy@notegen.ai for any inquiries or requests regarding your data.

8. Cookies and Tracking Technologies

NoteGen.ai may use cookies and similar technologies to improve user experience, analyze trends, and manage the platform. You can control cookies through your browser settings.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this page. Continued use of the service signifies your acceptance of the revised policy.

10. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at privacy@notegen.ai.

© All rights reserved. NoteGen.ai
Terms of ServicePrivacy Policy