ClinNote Privacy Policy

We collect information you provide directly to us, such as your name, email address, and account details. We also collect information generated through your use of the Service, such as session metadata, timestamps, and usage analytics.

Depending on how you use ClinNote, you may upload or record audio and generate transcripts and SOAP notes. You are responsible for ensuring you have appropriate authorization and consent to include any patient information.

We use information to:

• Provide, maintain, and improve ClinNote functionality
• Generate documentation outputs you request (e.g., transcripts and SOAP notes)
• Authenticate users and secure accounts
• Provide customer support and respond to inquiries
• Communicate product updates and important service notices

ClinNote is designed with healthcare workflows in mind and includes security and privacy practices intended to support HIPAA-conscious usage. ClinNote is not a substitute for your organization’s compliance program.

You are responsible for determining whether your use of ClinNote involves Protected Health Information (PHI) and for ensuring appropriate safeguards, policies, and agreements are in place where required.

For covered entities and business associates who require a Business Associate Agreement (BAA), please contact us at support@clinnote.com. ClinNote is committed to supporting HIPAA compliance requirements for eligible customers.

ClinNote uses the following third-party services to operate:

• Supabase for secure data storage
• OpenAI for AI transcription and documentation generation
• Vercel for hosting and deployment
• Stripe for payment processing

Each of these providers maintains their own security and privacy practices.

We implement administrative, technical, and physical safeguards designed to protect information. This may include encryption in transit and at rest, access controls, and monitoring.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security posture.

We retain information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You may delete sessions or your account, which will remove associated content subject to system and backup retention practices.

Depending on your location, you may have rights to access, correct, delete, or export certain information, and to object to or restrict certain processing. To make a request, contact us using the information below.

Questions about this Privacy Policy? Contact us at support@clinnote.com.