Privacy Policy

Last updated: February 28, 2026

1. Information We Collect

We collect the following types of information:

• Account Information: Name, email address, and professional credentials provided during registration.
• Clinical Data: SOAP notes, PSR group session notes, patient records, appointment data, session recordings, telehealth session metadata, diagnoses (ICD-10 codes), and documents that you upload or create through the Service.
• Patient Profile Data: Patient names, phone numbers, medical record numbers, addresses, session history, and AI-generated clinical insights (summaries, progress trajectories, diagnosis suggestions).
• Contact Information: Phone numbers provided for SMS notifications through EasySign.
• Financial Data: Income Tracker data including custom service names, rates, earnings entries, and monthly income goals. This data is stored securely in our cloud database and is not shared with third parties.
• Usage Data: Log data, session counts, and feature usage for analytics and service improvement.

2. How We Use Your Information

• To provide and maintain the Service, including AI-powered note generation, patient summaries, and diagnosis suggestions.
• To send transactional communications (document signing notifications via email and SMS through EasySign).
• To process payments and manage subscriptions.
• To store and display your Income Tracker data (earnings, services, goals) across your devices.
• To maintain permanent patient session history and clinical records.
• To improve and optimize the Service.
• To comply with legal obligations.

3. SMS Communications

When you use EasySign's SMS feature:

• Phone numbers are collected solely for sending document signing notifications.
• We do not sell, share, or use phone numbers for marketing purposes.
• Message frequency: Up to 50 messages per month per user account.
• Message and data rates may apply.
• Recipients can reply STOP to opt-out at any time.
• Reply HELP for assistance or contact admin@easytheranotes.com.

4. Data Security

We implement HIPAA-compliant security measures including:

• Encryption in transit (TLS/SSL) and at rest (AES-256).
• AWS infrastructure with SOC 2 and HIPAA compliance certifications.
• Secure authentication through AWS Cognito with multi-factor authentication.
• Role-based access controls and audit logging.
• Automatic data retention policies (30-day TTL for session data, 90-day TTL for logs).
• Audio recordings are processed securely and deleted immediately after transcription.

5. Data Sharing

We do not sell your personal information. We may share data with:

• AWS: Cloud infrastructure, email (SES), SMS (SNS), and telehealth video services (Amazon Chime SDK).
• OpenAI: For AI-powered SOAP note generation, PSR group note generation, audio transcription, patient summaries, and diagnosis suggestions (processed under zero-retention policy with BAA).
• Stripe: For secure payment processing.
• Legal authorities: When required by law.

6. Your Rights

You have the right to:

• Access and download your data.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Opt-out of SMS communications at any time.
• Export your income data via CSV at any time.

7. Data Retention

Clinical session data is retained for 30 days after creation. Archived patient histories are retained indefinitely while your account is active. Income Tracker data (services, entries, goals) is retained indefinitely while your account is active. Email and SMS logs are retained for 90 days. Upon account termination, all associated data is deleted.

8. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of any material changes via email or through the Service.

10. Contact Us

For questions about this Privacy Policy, contact us at:
admin@easytheranotes.com