SmartNotes AI Logo

Privacy Policy for SmartNotes AI

Effective Date: January, 2025

At SmartNotesAI, a service provided by Gen MediTech, we value your privacy and are committed to protecting the information you share with us. This Privacy Policy outlines how we collect, use, store, and protect personal information and protected health information (PHI) when you use our platform.

By accessing or using SmartNotesAI (www.smartnotesai.com), you agree to the terms and conditions outlined in this Privacy Policy.

1. Information We Collect

Personal Information

When you register for an account, we collect the following information:

  • Name
  • Email address
  • Medical specialty
  • Account usage information

Protected Health Information (PHI)

When clinicians upload, dictate, or generate clinical notes, SmartNotesAI may process:

  • Audio recordings
  • Patient demographics included in notes
  • Clinical transcripts and documentation
  • ICD-10, CPT, and procedure details

SmartNotesAI operates under HIPAA guidelines and treats all PHI as confidential.

Usage Data

We collect non-personal platform usage analytics including:

  • Pages and features used
  • Browser type, device type, timestamps
  • Session metadata

Cookies & Tracking

Cookies are used for:

  • Authentication
  • Session management
  • Preference storage
  • Performance analytics

2. How We Use Your Information

We use personal information and PHI solely for:

  • Delivering and improving AI-powered clinical documentation
  • Supporting features such as transcription, summarization, and coding suggestions
  • Communication about your account or services
  • Ensuring compliance with HIPAA and other regulatory requirements
  • Maintaining security, debugging, and fraud prevention

SmartNotesAI does not use user data (including PHI) for AI model training.

3. How We Share Your Information

Service Providers

We may share information with HIPAA-compliant business associates (cloud hosting, storage, STT/LLM infrastructure). All vendors are covered by sub-BAAs.

Legal Compliance

Information may be disclosed as required by law or regulatory authorities.

Business Transfers

In case of a merger or acquisition, data may be transferred securely.

SmartNotesAI does not sell personal or patient data to third parties.

4. Data Security

We employ industry-standard controls including:

  • Encryption In Transit: TLS 1.2+
  • Encryption At Rest: AES-256
  • Key Management: Secure cloud-based KMS
  • MFA/SSO Support: Optional for enterprise users
  • RBAC: Role-based user access
  • Audit Logging: Immutable logs for all note edits, access events, and EHR syncs

A SOC2 Type II report, penetration test, and security artifacts are available upon request for enterprise customers.

5. Data Retention & Deletion

  • We retain data only as long as required for service delivery or contractual obligations.
  • Audio, transcripts, and PHI can be deleted upon client request via API or account dashboard.
  • Backups are securely encrypted and geographically stored in U.S.-based data centers.
  • Upon account termination, all PHI is securely destroyed following NIST standards.

6. User Rights

  • Access and update personal information
  • Request deletion of account and associated data
  • Request a copy of security documentation (BAA, SOC2 summary, encryption overview)
  • Opt out of marketing emails

7. Third-Party Links

External links are not governed by this policy.

8. Children's Privacy

SmartNotesAI is not intended for anyone under 13.

9. Changes to This Policy

We may update this policy, and changes will be reflected with an updated Effective Date.

10. Contact Us

For privacy or HIPAA-related questions, contact us at:

GenMediTech LLC

Email: legal@genmeditech.com

Phone: +1 914-930-6264