Privacy Policy

Last updated: March 21, 2026

1. Introduction

PatNote ("we," "our," or "us") is a medical collaboration platform designed for healthcare professionals. We are committed to protecting the privacy and security of all personal information, including Protected Health Information (PHI), that you provide to us through our mobile application, web application, and related services (collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By accessing or using PatNote, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name — Your full name as provided during registration
  • Email address — Used for account identification and communication
  • Phone number — Used for OTP-based authentication
  • Profile photo — Optional, used for identification within the platform
  • Professional credentials — Medical license information, specialty, and institutional affiliation
  • Google account data — If you sign in via Google OAuth, we receive your name, email, and profile picture from Google

2.2 Patient Information

When you use PatNote to manage patient records, you may enter:

  • Patient names and demographic information
  • Medical notes, observations, and clinical discussions
  • Treatment plans and follow-up schedules
  • Worklist items and task assignments related to patient care

Important: You, as the healthcare provider, are responsible for ensuring that your use of PatNote to store and transmit patient information complies with all applicable healthcare privacy laws and regulations, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA), the Information Technology Act, 2000 (India), and any other jurisdiction-specific regulations.

2.3 Communication Data

We collect the content and metadata of communications you send and receive through the Service, including:

  • Group chat messages and attachments
  • Direct messages between users
  • Patient chat messages and clinical notes
  • Voice-to-text transcriptions
  • AI-generated worklist items extracted from your messages

2.4 Device and Technical Information

We automatically collect certain technical information, including:

  • Device type, operating system, and version
  • Unique device identifiers
  • Push notification tokens for message delivery
  • IP address and approximate geographic location
  • App version and usage timestamps
  • Browser type and version (for web application users)

2.5 Usage Analytics

We use privacy-focused analytics tools to collect anonymized usage data, including:

  • Feature usage patterns and frequency
  • Navigation paths within the application
  • Error logs and crash reports
  • Performance metrics

Analytics data is collected in aggregate and does not include patient information or message content.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Authenticating your identity and managing your account
  • Enabling real-time messaging and collaboration with your medical team
  • Storing and retrieving patient records and clinical notes
  • Processing voice-to-text transcription requests
  • Delivering push notifications for new messages and updates
  • Generating AI-powered worklist items from your conversations

3.2 AI Processing

When you use our AI-powered worklist feature, your message content is processed by third-party AI service providers to extract actionable items such as patient names, tasks, due dates, and reminders. This processing occurs:

  • Only when explicitly triggered by you (manual button press or long-press action)
  • On a per-message basis — not on your entire conversation history
  • Through secure API calls to the AI provider

We do not use your data to train AI models. The AI providers process your data solely to generate a response and do not retain your data beyond the processing window defined in their respective privacy policies.

3.3 Service Improvement

  • Analyzing usage patterns to improve features and user experience
  • Identifying and fixing bugs, errors, and performance issues
  • Developing new features based on aggregated usage trends

3.4 Communication

  • Sending service-related notifications (maintenance, updates, security alerts)
  • Responding to your support requests and feedback

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

4.1 With Other Users

Your name, profile photo, and messages are visible to other PatNote users within the groups and conversations you participate in. Patient records are shared only with doctors explicitly assigned to that patient.

4.2 Service Providers

We use trusted third-party service providers who process data on our behalf, including but not limited to:

  • Google Cloud Services — Cloud infrastructure, hosting, push notifications, and related services
  • AI Service Providers — For AI-powered features such as worklist extraction (message content is processed only when explicitly triggered by you)
  • Analytics Providers — Privacy-focused product analytics to improve our Service

Each service provider is contractually obligated to protect your data and use it solely for the services they provide to us.

4.3 Legal Requirements

We may disclose your information if required to do so by law, or in the good faith belief that such action is necessary to:

  • Comply with a legal obligation, court order, or governmental request
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public

4.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice within the application of any change in ownership or uses of your personal information.

5. Data Storage and Security

5.1 Data Storage

Your data is stored on secure cloud servers provided by Google Cloud Services. Our production database is encrypted at rest using AES-256 encryption. All data transmissions between the client applications and our servers are encrypted using TLS 1.2 or higher.

5.2 Security Measures

We implement a variety of security measures to protect your information:

  • Authentication — Secure token-based authentication with short-lived access tokens and refresh tokens
  • Encryption — TLS encryption for all data in transit; AES-256 encryption for data at rest
  • Access Controls — Role-based access controls ensuring users can only access data they are authorized to view
  • Token Security — Secure storage of authentication tokens using platform-native secure storage
  • Infrastructure Security — Enterprise-grade cloud security infrastructure, including network firewalls, intrusion detection, and DDoS protection

5.3 Data Retention

We retain your personal information and data for as long as your account is active or as needed to provide you with the Service. Specifically:

  • Account data — Retained until you delete your account
  • Messages and chat history — Retained until you or the group administrator deletes them
  • Patient records — Retained in accordance with applicable medical record retention requirements
  • Analytics data — Retained for up to 24 months in anonymized form
  • Push notification tokens — Updated on each login; old tokens are automatically invalidated

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

6.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. We will provide this data in a structured, commonly used, and machine-readable format upon request.

6.2 Correction

You can update your account information at any time through the app's profile settings. If you believe any information we hold is inaccurate, you may request a correction.

6.3 Deletion

You may request deletion of your account and associated personal data by contacting us at support@cydratech.com. Please note:

  • Messages you sent in group chats may remain visible to other group members
  • Patient records may need to be retained per applicable medical record retention laws
  • Anonymized analytics data is not subject to deletion requests

6.4 Notification Preferences

You can manage push notification preferences through your device settings or within the PatNote app. You may opt out of non-essential notifications at any time.

6.5 Analytics Opt-Out

You may opt out of analytics data collection by adjusting your preferences in the app settings.

7. Children's Privacy

PatNote is designed for use by licensed healthcare professionals and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at support@cydratech.com, and we will take steps to delete such information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. Our servers are hosted on secure cloud infrastructure, and our third-party service providers may operate in different jurisdictions.

We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, regardless of where it is processed. These safeguards include:

  • Using service providers that comply with recognized data protection frameworks
  • Implementing standard contractual clauses where applicable
  • Ensuring encryption of data both in transit and at rest

9. Third-Party Links and Services

PatNote may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to the practices of third parties. We encourage you to read the privacy policies of any third-party services you interact with through our platform.

10. Cookies and Similar Technologies

Our web application may use cookies and similar tracking technologies to:

  • Maintain your authentication session
  • Remember your preferences and settings
  • Collect anonymized analytics data

You can control cookie settings through your browser preferences. Note that disabling cookies may affect the functionality of the web application.

11. Healthcare-Specific Provisions

11.1 HIPAA Compliance (United States)

If you are a healthcare provider in the United States subject to HIPAA, you acknowledge that:

  • PatNote may be used to process Protected Health Information (PHI)
  • You are responsible for ensuring your use of PatNote complies with HIPAA requirements
  • A Business Associate Agreement (BAA) may be required and is available upon request
  • You should implement appropriate administrative, physical, and technical safeguards within your organization

11.2 Medical Data Responsibility

As a healthcare professional using PatNote, you acknowledge and agree that:

  • You are the data controller for any patient information you enter into the platform
  • You are responsible for obtaining any necessary patient consent before entering their information
  • You will not enter information beyond what is necessary for legitimate clinical collaboration
  • You will comply with all applicable healthcare data protection laws in your jurisdiction

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page with an updated "Last updated" date
  • Sending you a push notification or email about significant changes

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

PatNote Privacy Team

Email: support@cydratech.com

General Support: support@cydratech.com

We will respond to your request within 30 days.