WellNotes

Privacy Policy

Last updated: February 28, 2026

1. Information We Collect

WellNotes AI ("we", "us", "our") collects the following information when you use our service:

  • Account information: Email address and password (hashed) when you create an account.
  • Clinical notes: Session notes and generated documentation you create within the platform. These are stored locally on your device using encrypted browser storage and synced to our secure cloud database.
  • Payment information: Billing details processed securely through Stripe. We do not store credit card numbers.
  • Usage data: Anonymous analytics on marketing pages only. We do not track activity on clinical/protected pages (dashboard, notes, account).

2. How We Use Your Information

  • To provide and maintain our clinical documentation service
  • To process your subscription payments
  • To generate AI-assisted clinical notes based on your input
  • To improve our service through anonymous, aggregated usage patterns
  • To send essential account communications (password resets, billing alerts)

3. Data Security & Privacy

WellNotes AI is designed with data security and privacy as core priorities:

  • Clinical note content is automatically sanitized to remove personally identifiable information (PII) before AI processing.
  • We do not log, track, or analyze the content of your clinical notes.
  • No analytics or tracking scripts run on protected pages (notes, account, dashboard).
  • All data is encrypted in transit (TLS) and at rest.
  • Notes are stored locally on your device with optional encrypted cloud sync.

4. Data Sharing

We do not sell, rent, or share your personal information or clinical data with third parties, except:

  • Stripe: For payment processing only.
  • OpenAI: Sanitized clinical content is sent for AI note generation. Content is not used to train OpenAI models per our data processing agreement.
  • Supabase: Our cloud infrastructure provider for secure data storage and authentication.
  • Legal requirements: If required by law, subpoena, or court order.

5. Data Retention

Your clinical notes are retained as long as your account is active. Upon account cancellation, you have a 30-day grace period to export your data. After that period, all clinical data is permanently deleted from our servers. Local browser data remains on your device until you clear it.

6. Your Rights

You have the right to:

  • Access and export your clinical notes at any time
  • Request deletion of your account and all associated data
  • Update or correct your account information
  • Opt out of non-essential communications

7. Security

We implement industry-standard security measures including encryption at rest and in transit, secure authentication, rate limiting, input validation, and regular security reviews. Despite these measures, no system is 100% secure. If you discover a security vulnerability, please contact us at support@wellnotesai.com.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. Continued use of WellNotes after changes constitutes acceptance of the updated policy.

9. Contact Us

For questions about this Privacy Policy or your data, contact us at support@wellnotesai.com.