How iNoteAid collects, uses, maintains, protects, and discloses Personal Data through the Services.
Last updated: May 21, 2026
This Privacy Policy (our “Privacy Policy”) supplements iNoteAid LLC’s and/or its subsidiaries’ (“Company,” “we,” “us,” and “our”) Terms of Service and describes how Company collects, uses, maintains, protects, and discloses Personal Data through the use of the Services. By “Personal Data,” we mean information that is personally identifiable to either Individuals, Business Contacts, or the subjects of any materials uploaded to the Digital Properties (as defined herein).
Please read this Privacy Policy carefully to understand our policies and practices regarding Personal Data and how we will treat it. If you do not agree with this Privacy Policy, your choice is to not use the Services. By accessing or using the Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time. Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.
This Privacy Policy applies to information we collect about individual consumers, such as general website visitors (“Individuals”) as well as information we collect about the personnel of our business partners, including vendors and business customers, in business-to-business interactions (“Business Contacts”). However, this Privacy Policy does not apply to information about our current/former employees, applicants, and other individuals who interact with us for employment-related purposes. This Privacy Policy also does not apply to data that we handle on behalf of and under the instructions of our business customers (as a processor).
Whenever you interact with us on behalf of another individual or entity, such as if you refer a friend to us, you must obtain their consent (or have the legal authority without consent) to share their Personal Data with us.
If Personal Data is protected health information, we treat the protected health information in accordance with the Health Insurance Portability and Accountability Act of 1996 and related laws and regulations (“HIPAA”). To the extent this Privacy Policy conflicts with our HIPAA obligations, we comply with HIPAA obligations. If you are a patient whose healthcare provider uses our services, please refer to your provider’s Notice of Privacy Practices for information on how they handle your protected health information. We may act as a “Business Associate” to healthcare providers who use our services, subject to a separately executed Business Associate Agreement.
iNoteAid provides AI-assisted clinical documentation tools designed to support authorized users with transcription, document extraction, clinical note generation, summarization, and patient-specific AI assistance.
Information Processed Through AI Features
When an authorized user chooses to use an AI-powered feature, iNoteAid may collect, receive, transmit, process, and store the information that the user chooses to submit through that feature. Depending on the feature used, this information may include:
• Encounter audio recordings;
• Transcripts generated from encounter audio;
• Clinical context entered or uploaded by the user, including diagnoses, medications, laboratory results, imaging findings, prior notes, care plans, referral information, and other patient-related clinical information;
• Documents, images, screenshots, scanned records, and other files uploaded by the user;
• Typed prompts, dictated updates, questions, and other user-entered clinical information;
• AI-generated transcripts, extracted content, summaries, note drafts, clinical documentation, and responses; and
• Technical information reasonably necessary to provide, secure, troubleshoot, and improve the requested AI-powered feature.
How Information Is Collected
iNoteAid collects this information directly from authorized users when they choose to use an AI-powered feature. This may occur when a user records an encounter, uploads a document, image, screenshot, or other file, enters clinical context, types or dictates information, requests transcription, generates a note or summary, uses document extraction, or submits a question through an AI-assisted feature.
iNoteAid does not require users to submit clinical information through AI-powered features. However, certain features may not be available or may have limited functionality if the user does not authorize the processing described in this section.
Third-Party AI Processing
To provide requested AI-powered features, iNoteAid may securely transmit the information submitted by an authorized user to Microsoft Azure services, including [INSERT THE EXACT MICROSOFT AZURE SERVICES USED, SUCH AS MICROSOFT AZURE OPENAI SERVICE, AZURE AI SPEECH, OR AZURE DOCUMENT INTELLIGENCE], for processing.
These services may process submitted information solely to support the functionality requested by the user, including transcription, document extraction, clinical documentation, note generation, summarization, and patient-specific AI assistance within iNoteAid.
iNoteAid may also use authorized cloud hosting, storage, security, and infrastructure providers as necessary to operate, secure, maintain, and support the platform. We require service providers to process information only as permitted by applicable agreements, applicable law, and the services they are providing to iNoteAid.
How AI-Processed Information Is Used
iNoteAid uses AI-processed information to provide the specific feature requested by the authorized user, such as generating a transcript, extracting information from an uploaded document, preparing a draft clinical note, summarizing clinical content, or responding to an encounter-specific question.
iNoteAid does not sell encounter content, Protected Health Information, or clinical documentation data. iNoteAid does not use encounter content, Protected Health Information, or clinical documentation data for advertising, targeted advertising, or marketing to patients.
User Authorization
Before iNoteAid transmits encounter content or other information to a third-party AI service for processing, iNoteAid requests the user’s explicit authorization through an in-app AI Processing Authorization notice.
Users may decline authorization. If authorization is declined, iNoteAid will not transmit the applicable information to a third-party AI service for AI-powered processing, and features that require such processing may be unavailable.
An authorized user may withdraw or modify authorization by discontinuing use of the applicable AI-powered feature or by contacting iNoteAid using the contact information provided in this Privacy Policy. Withdrawal of authorization does not affect processing that occurred before the authorization was withdrawn.
Security and Data Handling
iNoteAid uses administrative, technical, and physical safeguards designed to protect information during transmission and storage. Information transmitted to authorized service providers is sent using safeguards designed to protect the confidentiality and integrity of the information.
Where applicable, iNoteAid works with service providers under contractual and privacy protections appropriate to the services being provided, including Business Associate Agreements where required by applicable law.
Users are responsible for ensuring that they have the necessary authority, permissions, notices, and consents required to submit patient-related or other personal information through iNoteAid and to use AI-powered features in connection with that information.
We may collect the following types of Personal Data. Except as otherwise specified, we may collect this Personal Data from both Individuals and Business Contacts.
● Identifiers, such as names, email addresses, physical addresses, telephone numbers, business contact information, and device identifiers (e.g., cookie IDs and IP address).
● Records, such as signatures; the content, timing and method of communications with us, such as online chats, calls, and emails; and information shared with or uploaded to our platform, application, or website (the “Digital Properties”), such as reviews and comments.
● Demographic information, that users voluntarily provide, such as age or gender.
● Commercial information, such as information related to services purchased, obtained, or considered; subscription information; or other purchasing or consuming histories or tendencies.
● Internet or other electronic network activity information, such as browsing history, search history, preference information (including marketing and purchasing preferences), account settings (including any default preferences), and other information regarding interactions with and use of the Digital Properties. For more information about cookies and other device data, please see Personal Data Collected Through and Use of Automatic Data Collection Technologies and Cookies in Section 6.
● Audio, electronic, visual, or other sensory information, such as photographs and audio/video recordings.
● Professional or employment-related information (for Business Contacts), such as job title; organization; professional licenses, credentials, or affiliations; and other professional information.
● Inferences drawn from any of the information we collect about preferences or behavior, including to assess the level of interest in our services based on frequency of visits and contact and to determine preferred frequency for receiving offers.
● Sensitive Personal Data, including the following:
o Account log-in information.
o Content of mail, email, and text messages where we are not the intended recipient (such as messages that we host as a Controller but are not sent to us).
o Medical or health insurance information that may be processed in accordance with applicable law and any executed Business Associate Agreement.
We collect Personal Data from the following sources:
● Directly from users. We may collect Personal Data provided to us directly, such as when we are contacted through our Digital Properties. This also includes when someone signs up for our offers or newsletters; communicates with us; or signs up for an account or other services.
● Data collected automatically and through tracking technologies. We may automatically collect information or inference; such as through cookies and other tracking technologies, when interacting with our Digital Properties. This may include information about how our Digital Properties are used and interacted with, information about devices, and internet usage information. For more information about cookies and other tracking technologies, please see Personal Data Collected Through and Use of Automatic Data Collection Technologies and Cookies in Section 6.
● From third parties. We may collect Personal Data from third parties, such as service and content providers, our affiliated companies and subsidiaries, business partners, social media companies or other parties who interact with us.
We may combine information that we receive from the various sources described in this Privacy Notice, including third party sources, and use or disclose the combined information for the purposes identified below.
We may disclose Personal Data to third parties, including the categories of recipients described below:
● Affiliates and subsidiaries, including parent entities, corporate affiliates, subsidiaries, business units, and other companies that share common ownership.
● Service providers that work on our behalf to provide the products and services requested or to support our relationship with you, such as IT providers, internet service providers, web hosting providers, data analytics providers, and companies that provide business support services, financial administration, or event organization.
● Professional consultants, such as accountants, lawyers, financial advisors, and audit firms.
● Vendors necessary to complete requested transactions, such as payment processing companies.
● Law enforcement, government agencies, and other recipients, when required by law, or for legal, security, or safety purposes, such as when we share information to comply with law or legal requirements, to enforce or apply our Terms of Service and other agreements or policies; and to protect ours, our customers’, or third parties’ safety, property, or rights.
Other entities in connection with a corporate transaction, such as if we acquire, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.
● Entities to which you have consented to the disclosure.
We may use Personal Data for the following purposes:
● To provide services to you, making our Digital Properties and services available to you; such as registering, verifying, and maintaining your account with us; providing and delivering you the services you request; providing customer service; processing or fulfilling orders and transactions (including processing payments); verifying customer information and eligibility for certain programs or benefits; communicating with you (including soliciting feedback or responding to requests, complaints, and inquiries); hosting informational webinars; and providing similar services or otherwise facilitating your relationship with us.
● For our internal business purposes, such as operating our Digital Properties and customizing the content; maintaining internal business records, such as accounting, document management and similar activities; enforcing our policies and rules; management reporting; auditing; and IT security and administration.
● For our internal research and service improvement purposes, such as verifying or maintaining the quality or safety of our services; improving our services; designing new services; evaluating the effectiveness of our advertising or marketing efforts; and debugging and repairing errors with our systems, networks, and equipment.
● For legal, safety or security reasons, such as complying with legal, reporting, and similar requirements; investigating and responding to claims against us, our personnel, and our customers; for the establishment, exercise or defense of legal claims; protecting our, your, our customers’, and other third parties’ safety, property or rights; detecting, preventing, and responding to security incidents and health and safety issues (including managing spread of communicable diseases); and protecting against malicious, deceptive, fraudulent, or illegal activity.
● In connection with a corporate transaction, such as if we acquire, or sell or transfer all or a portion of our business or assets including through a sale in connection with bankruptcy and other forms of corporate change.
● For marketing and communications purposes, such as marketing our services, sending newsletters, product updates, educational content, promotions, or information about events or webinars. We may analyze general interactions with our Digital Properties to improve our outreach and user experience. We do not use Protected Health Information for targeted advertising. You can unsubscribe from marketing emails at any time via the link in the email or by contacting us using the information in the Contact Information section below.
● We may use anonymized, de-identified, or aggregated information for any purpose permitted by law.
● We do not sell Personal Data for monetary consideration and do not use Protected Health Information for advertising or marketing purposes
We offer choices on how you can opt out of our use of tracking technology, disclosure of your Personal Data for our advertising to you, and other targeted advertising.
We strive to provide you with choices regarding the Personal Data provided to us. We have the following mechanisms to provide control over Personal Data:
● Tracking Technologies and Advertising. You can set your browser or operating system to refuse all or some cookies or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Services may then be inaccessible or not function properly.
● Promotional Offers from Company. If you do not wish to have your email address used by Company to promote our own services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from us or by contacting us. This opt out does not apply to information provided to Company as a result of a Service purchase or your use of our Services.
● Targeted Advertising. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.
We do not control the collection and use of information collected by third parties as described in our Terms. These third parties may aggregate the information they collect with information from their other customers for their own purposes.
You can review and change your Personal Data by logging into the Services and changing your Account information. You may also contact us at info@inoteaid.com regarding any of your rights under applicable state laws; any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible; or to delete your Account. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
See state-specific sections below on your rights under specific state laws.
Information transmitted over the Internet is not completely secure, but we do our best to protect Personal Data. The safety and security of information also depends on you. Where you have chosen a password for the use of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We have implemented measures designed to secure Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. We use encryption technology for information sent and received by us.
Although we do our best to protect Personal Data, we cannot guarantee the security of Personal Data transmitted to the Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services or in your operating system.
For individuals in Washington and Nevada, please refer to our Consumer Health Data Privacy Policy for additional information about the processing of Personal Data that is “consumer health data” as defined under those laws.
For individuals in California, you have rights under the California Consumer Privacy Act of 2018. Please see additional information below that is intended to satisfy our obligations under the CCPA to disclose certain information to you.
Personal Information We Collect. In the preceding 12 months, we may have collected the following categories and specific types of consumer personal information:
Categories of Personal Information Specific Types of Personal Information Collected
Identifiers (e.g., a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers) See Personal Data We Collect
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, their name, signature, physical characteristics or description, address, telephone number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. See Personal Data We Collect
Characteristics of protected classifications under California or federal law See Personal Data We Collect
Commercial information (e.g., records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies) None
Biometric information See Personal Data We Collect
Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Website, application, or advertisement) See Personal Data We Collect
Audio, electronic, visual, thermal, olfactory, or similar information See Personal Data We Collect
Professional or employment-related information See Personal Data We Collect
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA) None
Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes See Personal Data We Collect
Sensitive Personal Information See Personal Data We Collect
How Personal Information is Collected. We may collect most of this personal information directly from you or our users—by telephone, text or email and/or via our website and apps. See How We Collect Personal Data and Personal Data Collected Through and Use of Automatic Data Collection Technologies and Cookies.
Why We Use Personal Information. We may collect and/or share consumer personal information for the business purposes described in How We Use or Disclose Personal Data.
Who We Share Personal Information With. In the preceding 12 months, we have not sold or shared consumers’ personal information as described in How We Use or Disclose Personal Data.
Categories of Personal Information We Sold or Shared. In the preceding 12 months, we have not sold or shared personal information as described in How We Use or Disclose Personal Data. While we do not intentionally sell personal information for monetary consideration, it is possible that some of our data sharing practices could be deemed a sale under the CCPA.
Categories of Personal Information We Disclosed for a Business Purpose. In the preceding 12 months, we have not disclosed personal information for a business purpose as described in How We Use or Disclose Personal Data.
How Long Personal Information Will Be Kept. We will keep your personal information while you have an account with us or while we are providing Services to you or on your behalf. Thereafter, we will keep personal information for as long as is necessary:
• To respond to any questions, complaints or claims made by you or on your behalf;
• To show that we treated you fairly; or
• To keep records required by law.
We will not retain personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.
When it is no longer necessary to retain your personal information, we will delete or anonymize it.
Your Rights Under the CCPA. You have the right under the California Consumer Privacy Act of 2018 (CCPA), and certain other privacy and data protection laws, as applicable, to exercise free of charge:
Disclosure of Personal Information We Collect About You You have the right to know, and request disclosure of:
• The categories of personal information we have collected about you, including sensitive personal information;
• The categories of sources from which the personal information is collected;
• Our business or commercial purpose for collecting, selling, or sharing personal information;
• The categories of third parties to whom we disclose personal information, if any; and
• The specific pieces of personal information we have collected about you.
Please note that we are not required to:
• Retain any personal information about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained;
• Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information; or
• Provide the personal information to you more than twice in a 12-month period.
Disclosure of Personal Information Sold, Shared, or Disclosed for a Business Purpose In connection with any personal information we may sell, share, or disclose to a third party for a business purpose, you have the right to know:
• The categories of personal information about you that we sold or shared and the categories of third parties to whom the personal information was sold or shared; and
• The categories of personal information that we disclosed about you for a business purpose and the categories of persons to whom the personal information was disclosed for a business purpose.
You have the right to opt-out of the sale of your personal information or sharing of your personal information for targeted behavioral advertising. If you exercise your right to opt-out of the sale or sharing of your personal information, we will refrain from selling or sharing your personal information, unless you subsequently provide express authorization for the sale or sharing of your personal information.
To opt-out of the sale or sharing of your personal information, contact us at info@inoteaid.com.
Right to Limit Use of Sensitive Personal Information You have the right to limit the use and disclosure of your sensitive personal information to the use which is necessary to:
Perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services;
To perform the following services: (1) Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes; (2) Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business, if the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business; (3) Performing services on behalf of the business, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; and (4) Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business; and
● As authorized by further regulations.
You have a right to know if your sensitive personal information may be used, or disclosed to a service provider or contractor, for additional, specified purposes.
Right to Deletion Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
• Delete your personal information from our records; and
• Direct any service providers or contractors to delete your personal information from their records.
• Direct third parties to whom the business has sold or shared your personal information to delete your personal information unless this proves impossible or involves disproportionate effort.
Please note that we may not delete your personal information if it is reasonably necessary to:
• Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;
• Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes;
• Debug to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act;
• Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;
• Comply with an existing legal obligation; or
• Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.
Right of Correction If we maintain inaccurate personal information about you, you have the right to request us to correct that inaccurate personal information. Upon receipt of a verifiable request from you, we will use commercially reasonable efforts to correct the inaccurate personal information.
Protection Against Retaliation You have the right to not be retaliated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:
• Deny goods or services to you;
• Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
• Provide a different level or quality of goods or services to you; or
• Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
Please note that we may charge a different price or rate or provide a different level or quality of Services to you, if that difference is reasonably related to the value provided to our business by your personal information. We may also offer loyalty, rewards, premium features, or discounts consistent with these rights or payments as compensation, for the collection of personal information, the sale of personal information, or the retention of personal information.
How to Exercise Your Rights. If you would like to exercise any of your rights as described in this Privacy Policy, you can do so by contacting us at info@inoteaid.com.
Please note that you may only make a CCPA-related data access or data portability disclosure request twice within a 12-month period.
To exercise your rights, you will need to provide us with:
● Enough information to identify you (e.g., your full name, address, and account information);
● Proof of your identity and address (e.g., a copy of your driving license or passport and a recent utility or credit card bill); and
● A description of what right you want to exercise and the information to which your request relates.
We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information or is someone authorized to act on such person’s behalf.
Any personal information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.
You may have rights under other state consumer privacy laws, including Colorado, Connecticut, Oregon, Texas, Utah, and Virginia. Please contact us at info@inoteaid.com if you have questions or would like to exercise a right under these laws.
The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Any information provided to us through use of the Services may be stored and processed, transferred between and accessed from the United States and other countries that may not guarantee the same level of protection of personal data as the one in which you reside. However, we will handle your Personal Data in accordance with this Privacy Policy regardless of where your Personal Data is stored/accessed.
We may change this Privacy Policy at any time. If we make material changes to how we treat our Users’ Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Services’ home page and invite you to review (and accept, if necessary) the changes. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting the Services and reviewing this Privacy Policy to check for any changes.
If you have any questions, concerns, complaints, or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at the contact information below:
info@inoteaid.com