Privacy Policy

Last updated: June 17, 2026

Doctor Notes ("we", "us") is a clinical documentation tool for licensed physicians. This policy explains what we collect, how we handle protected health information (PHI), and the choices you have. We wrote it to be readable, not to bury you.

The short version: Patient audio is deleted right after your note is generated. Nothing you record is ever used to train AI models. PHI is encrypted in transit and at rest, and we sign a Business Associate Agreement (BAA) before you record real patients.

1. Who this covers

This policy covers physicians who use Doctor Notes and the PHI of the patients they document. Patients do not have accounts with us; their information reaches us only through the clinician using the product.

2. What we collect

Account data: your name, email, specialty, and authentication details.
Visit audio: the recording of an encounter, used solely to generate your note, then deleted (see Retention).
Generated notes: the SOAP note created from the audio, which you can edit, store, and delete.
Your style profile: patterns learned from your edits (structure, phrasing, defaults) so notes read like yours.
Usage data: basic logs and diagnostics needed to run the service securely.

3. Protected Health Information (PHI) and our BAA

When you use Doctor Notes to document a real patient, we act as your Business Associate under HIPAA. We sign a Business Associate Agreement (BAA) with you before any real-patient recording is enabled — recording is gated until the BAA is in place. The BAA governs how we may use and disclose PHI and our safeguard obligations.

4. How we use your information

To transcribe the visit and generate your SOAP note.
To learn your personal note style and improve the notes you receive.
To provide visit history, account access, and support.
To secure the service, prevent abuse, and meet legal obligations.

5. We never train AI on your data

Your patient audio and your notes are never used to train, fine-tune, or improve any AI model — ours or any third party's. Your style profile is private to your account and is never pooled with other clinicians or used as training data for anyone else.

6. Encryption and security

All data is encrypted in transit (TLS) and at rest. Access is restricted to the minimum necessary, audit logging is in place, and recordings are processed only to produce your note. No system is perfectly secure, but we hold PHI to HIPAA safeguard standards.

7. Subprocessors

We use a small set of vetted infrastructure and AI processing vendors to run the service. Each is bound by a BAA or equivalent data-protection terms, and each is contractually prohibited from using PHI to train models. We can provide a current subprocessor list on request.

8. Retention and deletion

Audio: deleted automatically as soon as your note is generated.
Notes and visit history: kept in your account until you delete them or close your account.
Account data: retained while your account is active and removed after closure, subject to legal retention requirements.

9. Your rights and choices

You can view, edit, export, and delete your notes from within the app, and you can request deletion of your account and associated data. Because we act as a Business Associate, patient-level rights requests (access, amendment) are handled through you, the covered entity. Contact us and we'll help.

10. Sharing

We do not sell your data or PHI. We disclose information only to the subprocessors needed to run the service, when you direct us to, or where required by law.

11. Changes to this policy

If we make material changes, we'll update the date above and notify you in-app or by email. Continued use after a change means you accept the updated policy.

12. Contact

Privacy questions, BAA requests, or data requests: privacy@docnotes.withmagic.ai.