Privacy policy

Last Updated: September 11, 2024

Clinical Notes AI, Inc Privacy Policy


Clinical Notes AI, Inc., (“Clinical Notes AI”, “we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data, including protected health information (PHI) as required by the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy will inform you how we handle and look after your personal information, including PHI, when you use our AI-based system and will tell you about your privacy rights and how the law protects you.


This Privacy Policy sets out how we collect, use, process, store, and disclose your personal information on https://www.clinicalnotes.ai/ and any associated subdomains (the “Website”) and the transcription and documentation software including our mobile applications or audio capture program integrations ( collectively, the “Services”).


By accessing and using our Services you freely and expressly consent to the collection, use, processing, storage, and disclosure of your personal information as set out in this Privacy Policy and our Terms of Service.

  1. Personal and Protected Information We Collect

  1. How We Use Personal and Protected Health Information

  1. How We Disclose Personal and Protected Information

  1. Use and Disclosure of De-Identified Information

  1. Your Privacy Choices

  1. Use of Cookies and Tracking Technologies

  1. U.S. State-Specific Disclosure

  1. UK/EEA Residents’ Notice

  1. Security

  1. Retention

  1. Third-Party Links On Our Website

  1. Changes To This Privacy Policy

  2. Contact Information


1. Personal and Protected Health Information We Collect

Information you provide directly to us:
  • Account Creation. When you register to use our Services (“Customer(s)”), we collect contact details such as your name, email address, phone number, and professional information such as company and title.

  • Inquiries and Correspondence. We may collect information from your inquiries into our services, or how you otherwise indicate you may be interested in our services, which may include signing up for email communications or providing us with your name, work email, phone number, company name, position title, website, social media links, and time zone.

  • Payment Information. We may collect data necessary to process your subscription, such as your credit card number, or other financial instrument used to make a payment.

Information we automatically collect through our website:
  • Metadata and Analytics. We may collect Metadata and analytics of your use of our Services, including IP address, device information, date/time of visits, new or returning visits, products viewed, page response times, URL clickstreams, how long you stay on our pages, what you do on those pages.

Information from third parties:
  • Demographic or Other Third Party information. We may collect information from third party data brokers, including firmographic and demographic information about our current or prospective customers. This may include attempts to identify business visitors to our websites.

  • Social Media Activity. When you interact with our accounts on a social media platform such as LinkedIn, we may collect certain information that you or the platform makes available to us such as your social media account profile, social media ‘likes’, click-throughs to our Website, or custom interactions.


Information processed through our Services, including PHI
  • Data that you submit or authorize us to collect on your behalf from Electronic Health Record systems pertaining to your patients or customers, including contact or other information deemed to be ‘PHI’.

  • Transcriptions of conversations.

  • Generated notes from customer or patient sessions, such as ‘Subjective, Objective, Assessment, and Plan’ (“SOAP”) notes, summarizations of conversations and any associated documentation.

  • Referral letters from doctors or other medical professionals, clinical assessments, patient historical reports, or related information associated with electronic health records.

  • Information on how our users use our product and services to improve it, including all metadata associated with the software.

  • Upon request, we may ask you to uniquely record a session to test our transcription technology. If so, we will individually contact you to request permission. We will request that you seek approval from your customer or patient for this purpose.


Our Website and Services are designed for business professionals. We do not intentionally collect any personal information directly from minors under the age of 16. If you believe we have obtained personal information associated with children registering accounts with us, please contact us at privacy@clinicalnotes.aiI and we will delete it. For any patient-specific information, please contact the provider using our Services.

2. How We Use Your Personal and Protected Health Information

We use the personal information we collect to administer our Services for the following purposes:

  • To process your subscription payments securely and efficiently.

  • To administer our Services, including facilitating account creation and managing user accounts as well as providing our software or services.

  • To operate our Services, including;

  • to provide you with AI-assisted documentation and note services, including note types such as SOAP.

  • to assist with referral letters to other medical professionals.

  • to store any records or documents needed to operate your account.

  • To improve the functionality and accuracy of our systems.

  • To identify usage trends and otherwise measure all activities on the Services.

  • For customer support, including via email.

  • To communicate with you, including via our newsletter or to request feedback such as through surveys.

  • To protect our Services and keep our Services safe and securing, including fraud monitoring and prevention.

  • For other business and legal purposes, such as to collect amounts owing to us, and to maintain business records.

  • With your consent, and/or express written consent under HIPAA for use of PHI.


Processing and Use of AI Generated Information. Our platform uses different types of Artificial Intelligence. Some of it is proprietary, and others are third-party. The AI is trained to understand therapeutic concepts and leverages the information from the application to generate notes and other kinds of documentation. With this information being generated by AI, we do not take responsibility for the outputs provided. You as a professional are required to review the information generated and choose to include it within your case notes once you've reviewed and edited what the AI has generated. We assume no responsibility for incorrect outputs or misworded outputs.


3. How We Disclose Your Personal Information

We may disclose your information with our corporate affiliates, as well as vendors or service providers who:


  • Help us communicate with you, including our use of email service providers.

  • Manage and optimize our Website and Services (see ‘Cookies and other Tracking Technologies’ below).

  • Provide cloud hosting.

  • Help us provide customer support.

  • With your consent, and/or express written consent under HIPAA for use of PHI.


In addition to the above, we may disclose your information for the following purposes:

  • Legal and Compliance Purposes. We may share information with external parties when complying with legal process (eg; subpoenas), to protect our intellectual property and other legal rights, to prevent fraud or imminent harm, and secure the use of our Services. We reserve the right to disclose information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a law enforcement order, such as a search warrant, judicial proceeding, or court order. We may also retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms of Service.

  • Business Transactions. In the event that Clinical Notes AI goes through a business transaction, such as a merger, acquisition by another company, or sale of all or a portion of its assets, bankruptcy, or other corporate change, including, without limitation, during the course of any due diligence process, Customer information, including Personal Information and Protected Health Information, will likely be among the assets shared and transferred. We will endeavor to notify any Customers via email and/or a prominent notice on the Services of any completed change in ownership or materially different uses of personal information. This Privacy Policy will become binding upon the new owner of the information until amended.


4. ​​​​​​​Use and Disclosure of De-Identified Information

'De-identified' information is defined as information that has undergone a process of removing all personal identifiers that can reasonably identify specific individuals so that there is no reasonable likelihood of re-identification occurring. In the context of PHI, the de-identification process removes the 18 federally defined ‘HIPAA identifiers’ from healthcare data, making it impossible or highly unlikely to link the data back to a specific individual.

We may de-identify any collected personal or protected health information and use it for the following purposes;

  • To conduct analysis on how our website, Platform and other services are being used to help us improve our services and provide benefits back to our users.

  • To train our AI models to improve the efficiency and effectiveness of our software and services.

We may disclose de-identified personal or protected health information with select business partners for the following purposes;

  • To develop or improve AI models, under strict confidentiality agreements for use of such de-identified information.

  • For market research purposes when the de-identified information is used in the aggregate.


​​​​​​​5. Your Privacy Choices

Clinical Notes AI provides you with the ability to exercise the following choices with our use of your personal information:

  • Access the personal information we maintain about you.

  • Delete the personal information we maintain about you.

  • Correct inaccurate personal information we maintain about you

  • Opt out of certain uses of your personal information, notably, you can unsubscribe to our email list by clicking the unsubscribe link at the bottom of marketing emails.


You can exercise these rights by contacting us at privacy@clinicalnotes.ai

You may review or change the information in your account or terminate your account at any time through the settings in your online account profile. Alternatively, you can contact us using the contact information provided. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

If you are a current or former customer, patient or employee of one of our Customers, and you would like to fulfill your rights to the personal information we maintain about you on behalf of our Customer, including any information collected through our software or services, please contact a representative of that Customer rather than email us with your request. We cannot provide personal information about a specific individual on behalf of a Customer without their express written instructions.

6. Use of Cookies and Tracking Technologies

We may use cookies and similar tracking technologies like web beacons and pixels (“cookies”) to access or store information for functional and analytics purposes. We do not knowingly use cookies or web beacons to collect or use Customer PHI for cross-contextual behavioral or targeted advertising purposes.


Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that because this opt-out is specific to the device or browser on which it is exercised, you will need to opt out on every browser and device that you use. To control the cookies Clinical Notes AI sets on your browser, utilize the following choices;

  • Cookie Preferences. You can opt out of our cookies on the cookie banner from our website.

  • Advertising Industry Opt-Out Tools. You can also use these opt-out options to limit use of your information for interest-based advertising online or in apps by visiting http://optout.aboutads.info

  • With Each of Our Vendors Individually. The following advertising or marketing services partners offer opt-out features that let you opt-out of use of your information for interest-based advertising or profiling:

Third Party Advertising Services
Google Google Advertising Opt Out
Meta (Facebook) Facebook Advertising Preferences
StackAdapt StackAdapt Opt Out
Microsoft Xandr (f/k/a Appnexus) Xandr Opt Out
LinkedIn LinkedIn Privacy

7. U.S. State-Specific Disclosure

Some U.S. states have enacted comprehensive privacy laws related to the ‘sale’ or ‘sharing’ of personal information for cross-contextual behavioral or targeted advertising purposes. Clinical Notes AI discloses these third party advertising services above which may be deemed a ‘sale’ or ‘sharing’ of personal information with privacy choices enabled for you to opt-out.

Clinical Notes AI is deemed to be a ‘processor’ or ‘service provider’ when processing protected health information on behalf of our Customers. As a result, we do not provide data privacy rights related to personal information that may be deemed ‘sensitive’ under state privacy laws. In order to exercise your rights related to Clinical Notes AI’s use of PHI, please contact our Customer directly.

8. UK/EEA Residents Notice

Residents of the United Kingdom (“UK”) and European Economic Area (“EEA”) are provided certain privacy rights under the UK and EU General Data Protection Regulations (“GDPR”).

Legal Basis:

Under the GDPR, we process ‘Personal Data’ (as defined in the GDPR) under the following legal basis.

​​​​​​​
Processing Activity Legal Basis under GDPR
Providing our Services Contract Fulfillment
Improving our Website and Services Legitimate Interest
Product, Marketing or Service-Related Communications Legitimate Interest
Customer support Contract fulfillment
Cookies and Other Tracking Technologies Consent
Controller Designation:

Under the GDPR, we are designated as a ‘Controller’ for all information collected through this website.

As related to information provided to our Customers through our Services, we may be deemed a ‘processor’ for any such designations of potentially associated personal information.

Cross-Border Data Transfers:

All data is stored in the United States. As such, if you are a resident of the EEA, UK, Canada, or Switzerland, we may transfer to, and store the data we collect about you, to countries other than the country in which the data was originally collected, including the United States. Those countries may not have equivalent data protection laws as the country in which you provided the data. When we transfer your data to other countries, we will protect the data as described in this Privacy Policy and comply with applicable legal requirements providing adequate protection for the transfer of data to countries outside the EEA, UK, and Switzerland. We rely on Standard Contractual Clauses (“SCCs”) for the transfer of personal data to countries that have not received an applicable adequacy decision, as well as the UK’s ‘International Data Transfer Addendum’ to the SCCs.

For more information on cross-border transfers of your Personal Data or the appropriate safeguards in place, please contact us at privacy@clinicalnotes.ai.

Additional Rights for UK or European Economic Area Residents:

In addition to the rights granted above, if you are a UK or EEA resident, the GDPR grants you the right to lodge a complaint against us with your local data protection authority. You can find your data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

9. Security

We have implemented appropriate security measures to prevent your personal data, including PHI, from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal data and PHI only to our internal staff, employees, and other third parties who have a business need to know. They will only process your personal data and PHI on our instructions, and they are subject to a duty of confidentiality.

We employ commercially reasonable methods to ensure the security of the information you provide to us, including PHI, and the information we collect automatically. This includes using standard security protocols and working only with reputable third-party vendors. Email is not recognized as a secure medium of communication. For this reason, we request that you do not send private information, including PHI, to us by email. However, doing so is allowed, but at your own risk.

For site security purposes and to ensure that this service remains available to all users, "Clinical Notes AI" uses software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. However, due to the inherent open nature of the internet, we cannot ensure or warrant the security of any information provided online.

10. Retention

We enable our Customers to set specific retention schedules for any uploaded information using our software, which will modify the length of time Clinical Notes AI stores personal and/or protected health information. If you choose the ‘Retain When Saved” feature, it will remove documentation including PHI from our systems within fourteen (14) days. However, we will retain your Customer information for as long as your account or inquiry is active or as needed to provide you with the website or any requested services, and for a reasonable time thereafter in accordance with our standard procedures or as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Even if we delete some or all of your personal information, we may continue to retain and use de-identified, aggregate or anonymous data previously collected and/or anonymize or aggregate your Personal Information. Please note that we will not be liable for disclosures of your data due to errors or unauthorized acts of third parties.

11. Third-Party Links

Our Services may contain links to other websites or services. We do not exercise control over the information you provide, or is collected by these third party websites. We encourage you to read the privacy policies or statements of the other websites you visit.

12. Changes To This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will communicate directly with you via email and/or post the updated Privacy Policy on this page with a “Last Updated” effective date of the revisions. We encourage you to look for updates and changes to this Privacy Policy by checking this page when you access our Services.

13. Contact Information

If you have any privacy-related questions, you can contact us at privacy@clinicalnotes.ai