Privacy Policy

Scope and products

CortexaNote builds AI-assisted clinical documentation software and the CortexaNote Recorder hardware that supports it. This policy describes how the CortexaNote website, Recorder, AI scribe workspace, support channels, and connected workflow surfaces handle information about clinicians, administrators, practices, and patients.

Information we handle

We collect account, profile, workspace, device, billing, support, and website information when you evaluate or use CortexaNote. When clinical capture is used, we also process audio, transcripts, note drafts, template selections, clinical context, and workspace metadata so the platform can generate, review, retain, delete, and transfer documentation according to the configured workflow.

How we collect data

We collect information directly when you create an account, configure a workspace, contact support, request a security review, or interact with the website. We may also receive information from your organization administrator, integration partners, or third-party services that you connect to CortexaNote on your team's behalf.

How we use data

We use information to provide and secure the service, operate Recorder sync, generate documentation drafts, support and improve the clinical workflow, measure reliability, prevent abuse, communicate service or security updates, and meet our legal obligations. We do not sell personal information, and we do not use identifiable patient information for advertising or to train general-purpose AI models.

Protected health and EU data

Protected health information and EU personal data processed inside the platform are governed by the applicable Business Associate Agreement (HIPAA), Data Processing Agreement (GDPR), and order form between CortexaNote and the covered entity, practice, or clinical organization. Workspace administrators should review the executed agreement before production rollout.

Retention and deletion

Retention, deletion, and export controls depend on the workspace plan, organization settings, regional configuration, and applicable contract. Teams should define how long recordings, transcripts, drafts, and final notes remain available, and should test deletion workflows before broad deployment.

Subprocessors and vendors

CortexaNote uses vetted subprocessors for hosting, communication, payment, analytics, and AI inference. Subprocessors are reviewed under our vendor management program, contractually bound to confidentiality and security obligations, and listed in the trust center so procurement teams can evaluate them before sensitive workflows are enabled.

Storage and transfers

Audio, transcripts, and notes are encrypted at rest and in transit. Personal data may be stored in the United States by default; EU and other regional hosting is available for organizations whose lawful basis or contract requires it. Cross-border transfers rely on Standard Contractual Clauses or other valid transfer mechanisms where applicable.

Your rights

Depending on jurisdiction and contract, clinicians, patients, administrators, and EU data subjects may have rights to access, correct, export, delete, restrict, or object to certain processing. Requests should be routed through the practice administrator first; CortexaNote responds to verified requests within the timelines required by applicable law.

Cookies and analytics

CortexaNote uses cookies and similar technologies to operate the website, remember preferences, measure traffic, and prevent abuse. We do not place advertising cookies in the authenticated product, and we do not share Protected Health Information with website analytics providers.

Changes to this policy

We may update this policy as CortexaNote adds Recorder capabilities, integrations, workspace controls, or regional requirements. Material changes will be highlighted in the product or by email to workspace administrators. Continued use of the service after an update means acceptance of the revised policy.

Contact and complaints

Questions, complaints, and data subject requests can be sent to support@cortexanote.com. Organizations with a Data Protection Officer or privacy program should also surface the request to their CortexaNote account team so the response is logged alongside the executed agreement.