Last Updated: 3/16/2023

Clinical Notes AI, Inc Privacy Policy

1. Introduction - Clinical Notes AI, Inc ("we," "our," or "us") respects your privacy and is committed to protecting your personal data, including protected health information (PHI) as required by the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy will inform you how we handle and look after your personal data, including PHI, when you use our AI-based system and will tell you about your privacy rights and how the law protects you.

2. Use of Cookies - We use cookies on our website to enhance your experience and to analyze our site's performance and traffic. Cookies are small data files placed on your device when you visit a website. We use both necessary cookies, essential for the website's functionality, and tracking cookies through services like Google Analytics, Facebook Pixel, and Hotjar to understand how our website is used.

By using our website and navigating to any pages other than the homepage, privacy policy, or terms of service page, you consent to the use of these cookies for these purposes. You can manage your cookie preferences through your browser settings, but please note that disabling cookies may affect the website's functionality.

3. Data We Collect - In the course of providing our services, we may collect and process the following data, including PHI, please see our data retention policy below (30 days):
- Transcriptions of conversations.
- Generated notes, such as SOAP notes, summarizations of conversations and documents.
- Referral letters and related data.
- Data that you submit pertaining to your customers, including PHI.
- Your data used to sign up for an account, such as name, phone number, and email address.
- Information on how our users use our product and services to improve it.
- Upon request, we may ask you to uniquely record a session to test our transcription technology. If so, we will individually contact you to request permission. We will request that you seek approval from your client for this purpose.

4. How we use your data - We use the data, including PHI, for the following purposes:
- To provide you with AI-assisted documentation and note services.
- To generate specific note types such as SOAP.
- To assist with referral letters to other medical professionals.
- To improve the functionality and accuracy of our systems.
- To ask our customers to participate in brief surveys.
- To notify our users of updates, innovations, and ways to use our product.
- To complete transactions within our application by user preference.

5. What we will not use your data for - We respect your privacy, including the privacy of your PHI. Any and all of your personally identifiable information and PHI collected by Clinical Notes AI will be kept confidential and will not be: sold, rented, loaned, or otherwise disclosed, except as stated above or as otherwise required by law.

6. Data Retention - We retain transcriptions, generated notes, and referral letters internally for a period of 30 days. After this period, all such data is permanently deleted from our servers. You may opt-in to save this data for longer periods of time. We collect and retain data on our users, including account information, until you delete your account.

7. De-identification of Data - To protect your privacy, all data, including PHI, used to improve our systems is de-identified. This means that any personally identifiable information and PHI is stripped from the data, making it impossible to trace back to any individual user.

8. Data Security - We have implemented appropriate security measures to prevent your personal data, including PHI, from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal data and PHI only to our internal staff, employees, and other third parties who have a business need to know. They will only process your personal data and PHI on our instructions, and they are subject to a duty of confidentiality.

We employ commercially reasonable methods to ensure the security of the information you provide to us, including PHI, and the information we collect automatically. This includes using standard security protocols and working only with reputable third-party vendors. Email is not recognized as a secure medium of communication. For this reason, we request that you do not send private information, including PHI, to us by email. However, doing so is allowed, but at your own risk.

For site security purposes and to ensure that this service remains available to all users, "Clinical Notes AI" uses software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.

9. Your Rights - Under certain circumstances, you have rights under data protection laws in relation to your personal data and PHI. These include the right to:

- Request access to your personal data and PHI.
- Request correction of your personal data and PHI.
- Request erasure of your personal data and PHI.
- Object to processing of your personal data and PHI.
- Request restriction of processing your personal data and PHI.
- Request transfer of your personal data and PHI.

10. Customer Communication - We like to communicate with our customers to update them on product functionality, updates, and innovative ways to use our product. However, you may opt out of receiving email or other means of communication from Clinical Notes AI. Clinical Notes AI respects your privacy and realizes that not everyone likes to receive special offers or information. You have the ability to opt out from receiving email or other communications by using any of the contact information below to request that Clinical Notes AI remove you from its lists. Your opt-out will be effective unless or until you opt to receive email or other communications by contacting us. Again, please remember, once we have provided information to our suppliers or partners due to transactions initiated by you, we are not responsible for their use of the information, and you should consult their privacy and information use policies.

11. AI Generated Information - Our platform uses different types of Artificial Intelligence. Some of it is proprietary, and others are third-party. The AI is trained to understand therapeutic concepts and leverages the information from the application to generate notes and other kinds of documentation. With this information being generated by AI, we do not take responsibility for the outputs provided. You as a professional are required to review the information generated and choose to include it within your case notes once you've reviewed and edited what the AI has generated. We assume no responsibility for incorrect outputs or misworded outputs.

12. Visitor's GDPR Rights - If you are within the European Union, you are entitled to certain information and have certain rights under the General Data Protection Regulation (GDPR). Those rights include:

- We will retain any information, including PHI, you choose to provide to us until the earlier of: (a) you asking us to delete the information, (b) our decision to cease using our existing data providers, or (c) "Clinical Notes AI" decides that the value in retaining the data is outweighed by the costs of retaining it.
- You have the right to request access to your data, including PHI, that "Clinical Notes AI" stores and the rights to either rectify or erase your personal data and PHI.
- You have the right to seek restrictions on the processing of your data.
- You have the right to object to the processing of your data and the right to the portability of your data.
- To the extent that you provided consent to "Clinical Notes AI's" processing of your personal data and PHI, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based upon consent that occurred prior to your withdrawal of consent.
- You have the right to lodge a complaint with a supervisory authority that has jurisdiction over issues related to the General Data Protection Regulation.
- We require only the information, including PHI, that is reasonably required to enter into a contract with you. We will not require you to provide consent for any unnecessary processing as a condition of entering into a contract with us.

13. Changes to this Privacy Policy - We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website and, where appropriate, notifying you by email.

14. 10DLC and A2P Contact Policy: Please see our messaging and phone policy compliance by clicking this link: 10DLC and A2P Compliance Policy
15. Terms and Conditions: If you would like to review our Terms and Conditions that go beyond the privacy policy for product utilization, please visit this link: Terms of Service.

16. Contact Us - If you have any questions about this Privacy Policy, please contact us through our website or at