Privacy Policy

Last updated: January 5, 2026

Introduction

Note Doctor Inc. ("Note Doctor," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension, website (note.doctor), and related services (collectively, the "Service").

By using Note Doctor, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the Service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Authentication credentials (managed securely by Clerk)

Audio Recordings

When you use the Note Doctor extension to record patient encounters:

  • Audio is captured locally in your browser
  • Audio is transmitted securely to Azure Speech Services for transcription
  • Audio is processed transiently and is NOT permanently stored
  • Only the resulting text transcript is retained temporarily (up to 7 days) in your local browser storage

Transcripts and Generated Notes

  • Text transcripts are stored locally in your browser's extension storage
  • Transcripts are automatically deleted after 7 days
  • Generated SOAP notes are not stored on our servers after being delivered to your browser

EHR Page Data

To enable auto-fill functionality, our extension scans the current page for:

  • Form field labels and identifiers
  • Input field types and structure

We do NOT collect, transmit, or store any patient data, medical records, or protected health information (PHI) from your EHR system. Field labels are only used locally to map generated content to the appropriate fields.

Usage Data

We may collect anonymous usage data including:

  • Number of recordings made
  • Feature usage statistics
  • Error logs for debugging purposes

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process audio recordings into text transcripts
  • Generate AI-powered clinical notes
  • Authenticate users and manage accounts
  • Process payments and manage subscriptions
  • Send important service updates and notifications
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues

Data Security

We implement robust security measures to protect your data:

  • Encryption in Transit: All data transmitted between your browser, our servers, and third-party services uses TLS/SSL encryption
  • Encryption at Rest: Any stored data is encrypted using AES-256 encryption
  • No Permanent Audio Storage: Audio recordings are processed transiently and never permanently stored
  • Local-First Storage: Transcripts are stored locally in your browser, not on external servers
  • Secure Authentication: User authentication is managed by Clerk, a SOC 2 Type II certified authentication provider

HIPAA Compliance

Note Doctor is designed with healthcare privacy requirements in mind:

  • We do not store Protected Health Information (PHI) on our servers
  • Audio processing is transient with no permanent retention
  • All data transmission uses end-to-end encryption
  • We maintain Business Associate Agreements (BAAs) with our subprocessors as required
  • Access controls and audit logging are implemented throughout our infrastructure

Healthcare providers using Note Doctor remain the custodians of their patient data. The generated notes are delivered directly to your browser and EHR system without being stored on our infrastructure.

Third-Party Services

We use the following third-party services to provide our functionality:

Microsoft Azure

  • Azure Speech Services: For speech-to-text transcription
  • Azure OpenAI: For AI-powered SOAP note generation
  • Microsoft maintains SOC 2 Type II, HIPAA, and other compliance certifications

Clerk

  • User authentication and account management
  • SOC 2 Type II certified

Stripe

  • Payment processing for subscriptions
  • PCI DSS Level 1 certified
  • We do not store credit card information directly

Convex

  • Backend infrastructure for API functions
  • Data is processed but not permanently stored for audio/transcription

Chrome Extension Permissions

Our Chrome extension requests the following permissions:

activeTab

Scan form fields on your current EHR page and auto-fill generated notes

storage

Store transcripts locally, user preferences, and authentication tokens

cookies

Read authentication cookies to verify user sign-in status

scripting

Inject content scripts to detect and fill form fields

Data Retention

  • Audio Recordings: Not retained; processed transiently and immediately discarded
  • Transcripts: Stored locally for up to 7 days, then automatically deleted
  • Account Data: Retained while your account is active
  • Payment Records: Retained as required for legal and accounting purposes

Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a portable format
  • Opt-out: Unsubscribe from marketing communications at any time

To exercise any of these rights, please contact us at privacy@note.doctor.

Children's Privacy

Note Doctor is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice via email or through the Service.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: