Effective Date: Jun 18, 2025
Dnote (“Dnote”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website located at https://dnote-it.webflow.io, our web-based services, and any applications or platforms provided by us (collectively, the “Services”). Please read this policy carefully to understand our views and practices regarding your information and how we will treat it.
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.
This Privacy Policy applies to information collected through the Services, including information submitted by users during access to the Services, participation in any pilot or subscription programs, or when otherwise interacting with Dnote.
If you are an organization or professional subject to data protection regulations, including HIPAA, GDPR, or CCPA, you are responsible for ensuring your use of our Services complies with applicable legal requirements. This Policy forms part of and is subject to our Terms of Use.
We may collect and process personal data that you provide voluntarily, including your name, email address, telephone number, organization name, job title, practice area, clinical role, and credentials. This also includes correspondence sent to us through support channels or contact forms, and any anonymized or de-identified clinical notes submitted through the Services.
In addition, we may automatically collect certain information when you use the Services. This may include your IP address, browser type and version, device information, referral URLs, and information regarding your interaction with the site, such as time spent, pages visited, and behavioral patterns. These data are typically collected using standard tools such as cookies and analytics services, which can be controlled through your browser settings.
We use the information we collect for the purpose of operating, maintaining, and improving the Services. This includes analyzing and auditing clinical documentation to generate compliance insights, communicating with users, addressing inquiries and support requests, and fulfilling legal and regulatory obligations. Where appropriate, we may also use your data to send updates, promotional materials, or newsletters, provided we have obtained your consent to do so. Processing activities are based on lawful grounds such as consent, contractual necessity, legitimate interests, or legal obligations, as applicable.
We do not sell or rent your personal data. We may disclose your information to trusted third-party service providers who assist in operating the Services, such as hosting providers, analytics platforms, and communication tools, all of whom are bound by strict confidentiality and data protection obligations.
We may also disclose information if required to do so by law, regulation, court order, or legal process, or in response to a valid governmental request. In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same commitments set forth in this Policy. Additionally, we may share your data with third parties if you have expressly authorized such sharing, including but not limited to integrations with third-party platforms such as EHR systems.
For users subject to HIPAA, we are prepared to enter into a Business Associate Agreement (BAA) where appropriate. We follow HIPAA-compliant practices in handling clinical data, including data minimization, encryption in transit and at rest, access controls, audit logging, and, where applicable, the use of de-identified data for the purposes of research and product improvement. We do not use Protected Health Information (PHI) for advertising, unrelated training, or resale purposes.
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal and regulatory requirements. The specific retention period will depend on the nature of the data and the context in which it was collected. Anonymized or aggregated clinical data may be retained for analytics and research purposes, provided such data no longer identifies any individual.
We implement appropriate technical and organizational security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. These include, but are not limited to, encryption technologies, secure data storage, access restrictions, and regular internal audits. While we strive to protect your data using industry best practices, no method of transmission over the internet or method of electronic storage can be guaranteed to be entirely secure.
Depending on your jurisdiction, you may have certain rights with respect to your personal information. These rights may include the right to access your data, request corrections, request deletion, object to processing, or request data portability. If you wish to exercise any of these rights, you may do so by contacting us using the contact information provided below. We will respond in accordance with applicable data protection laws.
If you access the Services from outside the United States, please note that your data may be transferred to, stored, and processed in the United States or other jurisdictions with different data protection standards. We implement appropriate safeguards, such as Standard Contractual Clauses, where required by law, to protect the integrity and security of transferred data.
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These include the right to know what personal information we collect and how we use it, the right to request deletion, the right to opt out of the sale or sharing of personal information (not applicable as we do not sell data), and the right to non-discrimination for exercising your privacy rights. Requests may be submitted using the contact information listed below.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will notify users through prominent notices on our site or by other means as required by applicable law. Your continued use of the Services after such updates constitutes acceptance of the revised Privacy Policy.
If you have any questions about this Privacy Policy or wish to exercise your data rights, you may contact us at info@dnote.it
