Privacy Policy

We are committed to protecting your personal information and being clear about how we use it.

Who We Are And Scope

This Privacy Policy describes how Notiro (“Notiro,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information in connection with its products, services, website, applications, APIs, integrations, and related offerings (collectively, the “Services”).

Notiro is a United States-based healthcare technology company providing software solutions for clinical documentation, transcription, and related healthcare workflow support to healthcare professionals and healthcare organizations.

This Privacy Policy applies to individuals who interact with the Services in any capacity, including:

  • Website visitors
  • Prospective customers and business contacts
  • Individuals engaging with our marketing or sales activities
  • Authorized users of the Services
  • Healthcare professionals using the Services
  • Individuals whose information is processed through the Services in connection with healthcare services

This Privacy Policy does not supersede or modify any Business Associate Agreement (BAA), Data Processing Agreement (DPA), or other contractual terms governing the processing of Protected Health Information (PHI), which shall control in the event of any conflict.

Key Definitions

  • For the purposes of this Privacy Policy, the following terms have the meanings set forth below:
  • Personal Information Information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to an identified or identifiable individual.
  • Protected Health Information (PHI) Individually identifiable health information that is transmitted or maintained by a covered entity or business associate, and is subject to regulation under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including information relating to an individual’s health status, provision of healthcare, or payment for healthcare services.
  • Customer A healthcare organization or other entity that has entered into an agreement with Notiro to use the Services.
  • User An individual authorized by a customer to access and use the Services.
  • Clinical Data Information generated, received, stored, or processed through the Services in connection with the provision of healthcare services, including clinical notes, transcriptions, encounter documentation, and related structured outputs.
  • Marketing Data Business contact and engagement information collected in connection with sales, marketing, and business development activities, including interactions through online and offline channels.

Roles And Data Responsibility

The role of Notiro with respect to Personal Information depends on the context in which such information is processed.

Business Associate (HIPAA)

To the extent Notiro processes Protected Health Information (“PHI”) on behalf of a healthcare organization, Notiro acts as a Business Associate under HIPAA. In such cases, PHI is processed solely in accordance with applicable Business Associate Agreements (“BAAs”) and the documented instructions of the Customer.

Service Provider

With respect to account administration, billing, customer support, system maintenance, security operations, and other operational functions, Notiro acts as a service provider processing Personal Information on behalf of its Customers for business purposes.

Independent Controller

For activities related to website operation, analytics, marketing, and business development, Notiro acts as an independent controller and determines the purposes and means of processing Personal Information in accordance with applicable data protection laws.

Customer Responsibilities

Customers are solely responsible for:

  • Ensuring that their use of the Services complies with applicable laws and regulations
  • Obtaining all necessary patient consents, authorizations, or notices required for the use of the Services
  • Ensuring that all data submitted to the Services, including PHI, has been collected, used, and disclosed in compliance with applicable law
  • Maintaining compliance with all applicable healthcare, privacy, and data protection obligations

Information We Collect

We collect information across four primary categories:

Information You Provide

  • Name
  • Email address
  • Phone number
  • Job title and professional role
  • Organization name
  • Billing and payment details
  • Support communications
  • Demo requests, forms, surveys, and inquiries

Marketing, Sales, and Business Development Data

We collect business contact data through online and offline channels, including:

  • Conferences, trade shows, and industry events
  • Webinars and virtual sessions
  • Marketing campaigns and advertising platforms
  • CRM systems and sales outreach
  • Email communications and newsletters
  • Brochures, business cards, and printed materials
  • Website forms and demo requests

We may also enhance business contact information using third-party enrichment providers to improve outreach accuracy. We may process this data to:

  • Conduct sales and business development activities
  • Personalize outreach and engagement
  • Manage CRM pipelines
  • Send marketing communications
  • Organize events and webinars
  • Analyze campaign performance

All marketing communications include opt-out mechanisms.

Automatically Collected Data

We automatically collect system and usage data, including:

  • IP address and device identifiers
  • Browser type and operating system
  • Access logs and activity logs
  • Session duration and feature usage
  • Clickstream data and navigation patterns
  • Cookies and tracking technologies
  • Referral and attribution data

We also maintain audit logs for security, compliance, and operational integrity, including system access and administrative actions.

Clinical Data and PHI

When used by healthcare Professionals, the Services may process PHI and clinical data, including:

  • Patient identifiers
  • Clinical encounter recordings (audio and text)
  • Transcriptions of patient-provider interactions
  • Clinical notes and summaries
  • Diagnoses, treatment plans, and medical histories
  • Orders, prescriptions, and coding-related outputs

Notiro processes PHI solely on behalf of healthcare professionals under HIPAA and applicable contractual agreements. We do not sell PHI or use PHI for advertising or unrelated commercial purposes.

Audio Recording, Transcription, And Data Lifecycle

The Services may support the capture, processing, and transcription of audio recordings in connection with clinical encounters, where enabled and configured by the Customer.

Audio Processing

Where enabled by the Customer configuration:

  • Audio recordings may be captured during clinical encounters
  • Audio may be processed in real time or near real time
  • Audio may be transcribed and converted into structured clinical documentation

Audio processing is performed solely for the purpose of supporting clinical documentation workflows and related Services provided to healthcare organizations.

Data Lifecycle

Audio recordings, transcriptions, and related clinical outputs may be subject to the following lifecycle stages:

  • Collection (during clinical encounter, where applicable)
  • Processing (including transcription and structuring)
  • Generation (clinical documentation and related outputs)
  • Storage (for a period defined by Customer configuration and applicable agreements)
  • Deletion or de-identification in accordance with contractual obligations or Customer instructions

Customer and Clinical Responsibility

Healthcare Professionals are solely responsible for:

  • Ensuring compliance with applicable laws governing audio recording and monitoring
  • Providing any required patient notice, consent, or authorization
  • Determining whether and under what conditions audio recording is permitted in clinical settings
  • Configuring and managing retention, deletion, and access policies within the services

How We Use Information

We use information for:

  • Operating and delivering the Services
  • Generating clinical documentation and structured outputs
  • Supporting healthcare workflows and integrations
  • Authenticating users and managing accounts
  • Processing billing and subscriptions
  • Providing customer support
  • Improving product performance and reliability
  • Monitoring system usage and analytics
  • Maintaining security, audit logs, and fraud prevention systems
  • Conducting sales, marketing, and business development
  • Sending service communications and updates
  • Complying with legal and regulatory obligations

Artificial Intelligence And Automation

Notiro uses artificial intelligence systems to assist healthcare providers in generating clinical documentation. AI-generated outputs may include:

  • Clinical notes and summaries
  • Structured documentation
  • Coding suggestions
  • Workflow assistance and recommendations

AI outputs are assistive tools only and are not a substitute for clinical judgment. Healthcare professionals remain solely responsible for:

  • Reviewing all outputs
  • Ensuring clinical and coding accuracy
  • Approving final documentation

Notiro does not use Protected Health Information (“PHI”) to train general-purpose or publicly available machine learning or artificial intelligence models.

HIPAA Compliance And Security Controls

When processing PHI, Notiro acts as a Business Associate under HIPAA. A Business Associate Agreement (BAA) is required prior to PHI processing. We implement administrative, technical, and physical safeguards, including:

  • Encryption in transit (TLS 1.2 or higher)
  • Encryption at rest using industry-standard methods
  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Continuous security monitoring
  • Audit logging and access tracking
  • Least-privilege access enforcement
  • Secure software development practices
  • Incident detection and response procedures
  • Regular vulnerability assessments

Data Sharing And Disclosure

We do not sell personal information or PHI. We may share information with:

Service Providers and Subprocessors

  • Cloud infrastructure and hosting
  • Data storage and processing
  • AI and transcription services
  • Payment processing
  • Analytics and monitoring tools
  • Customer support systems
  • Security and fraud prevention tools

All subprocessors are contractually required to maintain confidentiality and implement appropriate security measures.

Healthcare Integrations

We may exchange data with EHR systems and healthcare platforms authorized by customers.

Legal and Regulatory Requirements

We may disclose information where required by law, regulation, subpoena, or to protect rights, safety, or security.

Corporate Transactions

Information may be transferred in connection with mergers, acquisitions, financing, or restructuring.

Marketing, CRM, And Business Development

We process marketing and business development data to:

  • Manage CRM systems and sales pipelines
  • Conduct targeted outreach and engagement
  • Send marketing communications and newsletters
  • Analyze campaign effectiveness
  • Conduct event and webinar follow-ups

We may combine data from online and offline sources to improve outreach relevance. Users may opt out of marketing communications at any time.

Cookies And Tracking Technologies

We use cookies and similar technologies to:

  • Authenticate users
  • Maintain sessions
  • Improve platform functionality
  • Analyze usage and performance
  • Support marketing attribution and analytics

Users may manage cookie preferences via browser settings.

Data Retention And Deletion

We retain data only as long as necessary for:

  • Providing the Services
  • Meeting legal and regulatory obligations
  • Supporting contractual requirements
  • Ensuring security and fraud prevention

Retention of PHI, audio, and transcription data is governed by customer configuration, BAAs, and applicable law. Where appropriate, data may be deleted or de-identified after processing or upon request.

Security And Audit Controls

We maintain comprehensive security and audit controls, including:

  • Encryption at rest and in transit
  • Access control systems and authentication safeguards
  • Audit logging of system and user activity
  • Security monitoring and anomaly detection
  • Vulnerability management and testing
  • Incident response and escalation procedures

Audit logs may include access to PHI, system usage, and administrative actions for compliance purposes.

Your Privacy Rights

Depending on applicable law, you may have rights to:

  • Access personal information
  • Request correction or deletion
  • Object to or restrict processing
  • Data portability
  • Opt out of marketing communications

Requests may be submitted to [email protected]. We may verify identity before fulfilling requests.

U.S. State Privacy Rights

Residents of certain U.S. states may have additional rights under applicable privacy laws. Notiro does not sell personal information.

International Data Transfers

Where applicable, we implement appropriate safeguards for international data transfers in accordance with legal requirements.

Children’s Privacy

The Services are intended for healthcare professionals and organizations. We do not knowingly collect data from individuals under 18.

Third-Party Services

We are not responsible for the privacy practices of third-party websites or services.

Changes To This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised “Last Updated” date.

Contact Us

Notiro
Email: [email protected]
Website: https://notiro.ai