Privacy Policy

Notewell Privacy Policy

Effective Date: January 21, 2025

This Privacy Policy (“Policy”) explains how Notewell, Inc. (referred to herein as “Notewell,” “Company,” “we,” “our,” or “us”) collects, uses, maintains, discloses, and safeguards information when you visit our website www.notewell.ai (the “Website”) or use our other services (together with the Website, “Notewell’s Services”).

We are committed to your privacy and understand that both Personal Information and Protected Health Information (as defined below) are sensitive. We have established safeguards and processes to protect the confidentiality and integrity of all such information.

‍

Please read this Policy carefully to understand our practices regarding your information and how we handle it. By accessing or using Notewell’s Services, you consent to the terms of this Policy. If you do not agree, please discontinue use of Notewell’s Services. We may update this Policy from time to time. The date at the top indicates the most recent revision. Your continued use of Notewell’s Services after any changes indicates acceptance of the updated Policy.

‍

Terms of Service

This Policy is incorporated by reference and should be read in conjunction with any Terms of Service or other applicable agreements you have entered into with Notewell.

‍

Why We Collect Information About You

Notewell’s mission is to provide a HIPAA-compliant note-taking and documentation solution for social service providers. In order to fulfill our services, we collect certain information to:

• Assist social service providers in capturing and transcribing patient encounters.
• Improve the functionality and user experience of our platform.

‍

Information We Collect About You and How We Collect It

We collect several types of information from and about users of Notewell’s Services, including:

1. Personal Information (described below)
2. Protected Health Information (if and when provided by you or your social service organization)
3. Technical Information, such as usage details and device information

We collect information directly from you, when you provide it (e.g., through our Website, email, chat, or mobile application).

‍

Personal Information

As used in this Policy, “Personal Information” is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, user, household, or device.

‍

You may have the opportunity to provide Notewell with Personal Information, including but not limited to:

• Identifiers: First and last name, email address, mailing address, telephone number, Social Security number, age, sex, gender identification. Not disclosed.
• Protected classification characteristics: Age , race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Not disclosed.

None of the data is directly shared with any affiliates or service providers. Client data is only shared with the social service organization or individual that is using any Notewell Service.

‍

Protected Health Information

Notewell is HIPAA-compliant. We act as a “Business Associate” to the extent we receive Protected Health Information (“PHI”) on behalf of a Covered Entity (e.g., your social service organization). We implement physical, technical, and administrative safeguards to protect PHI and only use it as allowed by applicable Business Associate Agreements and law. We do not use PHI for advertising or marketing unrelated to your care or for any other unauthorized purposes.

‍

Health-Related Information

We may collect certain Personal Information regulated under applicable federal or state laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Please note that Notewell is not a “Covered Entity” as defined by HIPAA. Therefore, any Protected Health Information (PHI) that a Covered Entity shares with Notewell will be safeguarded and processed in accordance with an applicable Business Associate Agreement.

‍

When you use Notewell’s Services, we may collect and use your Personal Information—but only to the extent minimally necessary and consistent with this Policy. You acknowledge that we may obtain this information either directly from you or from your social service organization.

By submitting Personal Information to Notewell (about yourself, a patient, or a third party), you represent that you have obtained all required legal consents or authorizations to share that information, including any PHI, with Notewell. We cannot be held responsible if you do not have the proper legal authorization for disclosure. You also represent that any Personal Information you share with us is accurate and complete. Notewell will not be liable for any limitations or inaccuracies in the Services caused by incorrect or incomplete information you provide.

‍

Accessing and Correcting Your Personal Information or PHI

Subject to applicable laws, you can review and request changes to your Personal Information by contacting us at team@notewell.ai. Please note that we may decline certain change requests if we believe they would violate any law or legal requirement or make the information incorrect.

‍

Notewell will retain Personal Information, including PHI, only as long as reasonably necessary for our business purposes or as required by law. If a Business Associate Agreement applies, Notewell will observe any HIPAA retention requirements outlined therein.

‍

Cookies and Related Technology

We may use cookies (small text files stored on your browser) to improve our Website functionality, deliver certain features, or track aggregated data about Website usage. You may disable cookies in your browser settings, but this may limit some functionalities of Notewell’s Services.

‍

Aggregated and De-Identified Data

We may collect, use, and disclose aggregated or de-identified data (e.g., usage statistics) for our legitimate business interests, such as platform analytics, research, or quality improvement. This data does not and cannot identify you personally.

‍

Free-Text Boxes and Other Communications

If you contact Notewell through email, text, or any free-text submission on the Website, please do not include sensitive personal information unless it is required for our Services. We ask that you limit the data to what is strictly necessary to process your request or fulfill our services.

‍

Accessing and Correcting Your Information

You can review and request changes to your Personal Information by contacting us at team@notewell.ai. We may not be able to accommodate changes that would violate any law or legal requirement or render the information inaccurate.

‍

Notewell will retain Personal Information and Protected Health Information only as long as is reasonably necessary for our business purposes or as required by law. If we are acting under a Business Associate Agreement, we will comply with retention and disposal requirements outlined therein.

‍

How We May Use or Disclose Your Information

We use and disclose your information, including Personal Information and Protected Health Information (collectively, “Information”), only to the extent minimally necessary for:

‍

1. Providing and Improving Notewell’s Services
   • Facilitating transcription, note-taking, and workflow management for social service organizations
   • Developing new features and services

2. Communicating with You
   • Sending account or transactional messages
   • Responding to requests or questions

3. Legal and Regulatory Compliance
   • Complying with court orders or subpoenas
   • Meeting federal and state regulatory requirements

4. Other Legitimate Business Purposes
   • Enforcing our Terms of Service
   • Protecting against fraud or abuse• If we believe disclosure is necessary or appropriate to protect the rights, privacy, security, accessibility of Information and/or property of Notewell.
   • Transferring data in the event of a merger, sale, or restructuring• For any other purpose with your lawful consent.

We do not sell, lease, or rent your Personal Information to third parties.

‍

Merger or Acquisition

If ownership of Notewell changes, your Information may be transferred to the new owner so that Notewell’s Services can continue. In such an event, your Information would remain subject to the terms of the existing Privacy Policy or subsequent updates, as permitted by law.

‍

Data Security

‍

We have technical, physical, and administrative safeguards in place to protect your Personal Information and Protected Health Information. Our safeguards include:

• Encryption of data at rest and in transit
• Access controls limiting who can access data
• Monitoring and auditing of systems

Despite these measures, no data transmission or storage system can be guaranteed 100% secure. You use Notewell’s Services at your own risk.

‍

International Visitors

Notewell’s Services are hosted in the United States and are intended for users located in the United States. If you choose to use our Services from outside the U.S., please note that your data may be transferred to and processed in the U.S. The data privacy laws in the U.S. may be different from those in your country of residence.

‍

California Privacy Rights

• Shine the Light Law: We do not disclose your Personal Information to third parties for their direct marketing purposes without your consent.
• Do Not Sell or Share My Personal Information: Notewell does not sell or share Personal Information as defined under the California Consumer Privacy Act (as amended by the California Privacy Rights Act). If we ever intend to do so, we will update this Policy accordingly and provide a clear opt-out mechanism.

Your Choices and Privacy Preferences

• Opting Out of Marketing Communications: If we ever send you marketing emails, you can unsubscribe by clicking the “unsubscribe” link in the email.
• Restricting Cookies: You can set your browser to block cookies; however, this may affect some functionalities of Notewell’s Services.

‍

Changes to Our Privacy Policy

‍

We may update this Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by email (if we have your valid email address) or by posting a notice on our Website. The date of the most recent revision will be noted at the top of this document.

‍

Contact Information

For questions or comments about this Privacy Policy, or to request access or changes to your Personal Information, please contact us:

Email: team@notewell.ai

‍

‍

‍