eleanote ← Back to site

Eleanote Privacy Policy

Version 1.0 · Effective date: June 2, 2026

SECTION 1 — INTRODUCTION AND SCOPE

Eleanote LLC ("Eleanote," "we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect when you use the Eleanote desktop application and visit our website at eleanote.ai (together, the "Service"), how we use that information, who we share it with, and the choices and rights you have. We have intentionally designed Eleanote to collect as little information about you as possible, and this Policy reflects that approach.

This Privacy Policy applies to information we handle in our role as the provider of the Service. It does not apply to information that lives only on your own device, such as your Preferences, Recipes, and Feedback files, which you control. It also does not govern how we handle Protected Health Information (PHI) in connection with your use of the Service; that is addressed separately in our Business Associate Agreement (BAA). Where a question involves PHI, the BAA controls. This Policy works alongside our Terms of Service and BAA, which together govern your relationship with us. Capitalized terms used but not defined in this Privacy Policy have the meaning given to them in our Terms of Service.

This Privacy Policy is effective as of the date posted at the top of this page. By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with how we handle information as described here, please do not use the Service.

SECTION 2 — INFORMATION WE COLLECT

We collect only the information we need to provide the Service to you. This section describes the categories of information we collect, how we collect them, and — just as importantly — the categories of information we do not collect.

Information you provide to us. When you create an account, we collect your name, email address, clinical specialty, and medical role (for example, physician, resident, nurse practitioner, physician assistant, or student). If you were referred by another user, we also collect the email address of the person who referred you, so that we can apply any referral credit. We collect any updates you make to this information, and any information you provide when you contact us for support.

Information collected automatically when you use the Service. When you use the Service, our systems automatically record certain technical information needed to operate, secure, and troubleshoot the Service. This includes login timestamps and the IP address you connect from, records of when your account is used and from what device, and metadata about the requests your application sends to our cloud infrastructure. If the application encounters an error, we collect diagnostic and crash information through our error-monitoring provider to help us identify and fix problems. This information is technical in nature and is used for operating and securing the Service, not for tracking your activity for any other purpose.

Information held by third parties on our behalf. Some information related to your use of the Service is collected and held by third-party providers rather than by us directly. When paid subscriptions begin, our payment processor will collect and store your billing information, including your billing address and payment card details. We do not see or store your full payment card number; that information is handled entirely by our payment processor under its own security standards. Similarly, our email delivery and error-monitoring providers may hold limited information needed to deliver our emails to you and to record application errors. Where any of these providers handle PHI, they do so under a Business Associate Agreement with us.

Information we do not collect. We have designed the Service to minimize the information we hold. We do not collect or store the audio of your patient encounters, the transcripts generated from that audio, or the completed clinical notes and other Output — these pass through our infrastructure only transiently and are delivered to you, not retained by us. We do not store your Preferences, Recipes, or Feedback files, which remain on your own device. We do not use website analytics or advertising trackers, and we do not send marketing emails or maintain marketing profiles about you. We do not knowingly collect Protected Health Information for our own purposes, and any PHI that passes through the Service is handled solely under the BAA.

SECTION 3 — HOW WE USE INFORMATION

We use the information described above only for the following purposes:

SECTION 4 — HOW WE SHARE INFORMATION

We do not sell your information, and we share it only as described in this section.

Service providers. We rely on a small number of trusted third-party providers to operate the Service, and we share information with them only to the extent needed for them to perform their function. These include our cloud infrastructure and authentication provider, our payment processor, our transcription provider, our artificial intelligence providers, our error-monitoring provider, and our email delivery provider. Where any of these providers handle PHI on our behalf, they do so under a Business Associate Agreement that requires them to protect that information in accordance with HIPAA. These providers are authorized to use the information we share only to provide services to us, not for their own purposes.

Legal and protective disclosures. We may disclose information when we believe in good faith that doing so is necessary: to comply with a law, regulation, subpoena, court order, or other lawful request from a government authority; to enforce our Terms of Service or other agreements; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of Eleanote, our users, or the public. If we are involved in a merger, acquisition, financing, sale of assets, or other corporate transaction, information may be transferred as part of that transaction, subject to the commitments in this Privacy Policy.

What we do not share. We do not sell your information, and we do not share it with third parties for advertising, marketing, behavioral profiling, or data brokerage. We do not share your information with anyone training artificial intelligence models, including our own. We do not share your Preferences, Recipes, or Feedback with other users, and we do not combine your information with information from other users to build profiles or analytics about you.

SECTION 5 — DATA SECURITY

We take the protection of your information seriously and have implemented administrative, technical, and physical safeguards designed to protect it. These include encryption of information in transit and, where applicable, at rest; authentication and access controls managed through our cloud identity provider; the use of cloud infrastructure services configured for HIPAA-eligible workloads; written agreements with our service providers, including Business Associate Agreements where PHI is involved; an annual independent HIPAA security assessment by a qualified third party; and a documented security incident response plan.

No system is completely secure, and we cannot guarantee that information will never be accessed or disclosed in a manner inconsistent with this Policy. The security of information also depends in part on actions you take. As described in our Terms of Service, you are responsible for the security of the device on which you install and use the Service, including encryption, operating system updates, and physical and login security for that device. If you believe your account or any information has been compromised, please contact us at support@eleanote.ai.

SECTION 6 — DATA RETENTION

We keep the information described in Section 2 only for as long as we need it for the purposes described in this Policy. Specifically: we keep your account information (name, email, specialty, role, and referrer information) for as long as your account is active. After your account closes, we keep account information and associated audit and security records for a reasonable period afterward, generally several years, so that we can respond to legal, regulatory, and security inquiries and meet our HIPAA audit-log retention obligations. Some information held by our service providers — such as billing information held by our payment processor, email delivery metadata, and error reports — is retained according to those providers' own retention policies.

We do not retain audio recordings, transcripts of patient encounters, completed clinical notes, or other Output. These pass through our infrastructure only transiently and are not stored on our servers. Your Preferences, Recipes, and Feedback files are stored only on your own device, not on our servers, and we do not have copies of them. When your account closes, your Preferences, Recipes, and Feedback files remain on your device and continue to belong to you.

SECTION 7 — YOUR RIGHTS

Your choices and rights. You have choices about the information we hold about you, and depending on where you live, you may have specific legal rights.

Rights we offer to all users. Regardless of where you live, you may: ask us for a copy of the information we hold about you; ask us to correct information that is inaccurate; ask us to delete your account and the information associated with it; and close your account at any time. We will honor these requests subject to our need to retain certain information for legal, regulatory, security, and audit purposes, as described in Section 6.

State privacy rights. Some states, including California, Virginia, Colorado, Connecticut, and others, give their residents additional rights regarding personal information. Depending on your state, these may include the right to know what personal information we have collected and how we use it, the right to access or receive a copy of that information, the right to correct or delete it, and the right to opt out of the "sale" or "sharing" of personal information or its use for targeted advertising. We do not sell or share personal information for targeted advertising, and we do not use it for profiling, so there is nothing for you to opt out of in those respects. We do not discriminate against you for exercising any of these rights.

How to exercise your rights. To make any of these requests, email us at support@eleanote.ai. To protect your privacy, we will take reasonable steps to verify your identity before acting on your request, which generally means confirming that the request comes from the email address associated with your account. We will respond within the timeframe required by applicable law, generally within 45 days, and will let you know if we need more time. You may make a request yourself or, where the law allows, through an authorized agent acting on your behalf. There is no charge to make a request, although we may decline or charge a reasonable fee for requests that are excessive or repetitive, as permitted by law.

SECTION 8 — CHILDREN'S INFORMATION

The Service is intended for use by adults working in a medical or clinical capacity, and you must be at least 18 years old to use it. The Service is not directed to children, and we do not knowingly collect information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it. If you believe a minor has provided us with information, please contact us at support@eleanote.ai.

SECTION 9 — COOKIES AND TRACKING

The Eleanote desktop application does not use cookies. Our website at eleanote.ai may use a small number of strictly necessary cookies that are required for basic functions such as the sign-up and login process. We do not use cookies or similar technologies for analytics, advertising, or tracking your activity across websites, and we do not allow third parties to do so through our Service. Because we do not track you across websites, we do not respond to browser "Do Not Track" signals; there is nothing for such a signal to limit.

SECTION 10 — INTERNATIONAL USERS

The Service is intended for use in the United States, and we store and process information in the United States, including in the United States regions of our cloud infrastructure provider. If you access the Service from outside the United States, you do so on your own initiative and you consent to your information being transferred to and processed in the United States, where data protection laws may differ from those in your location. If you are located in a jurisdiction with specific data protection requirements, such as the European Union or United Kingdom, and you have questions or requests about your information, contact us at support@eleanote.ai and we will respond as required by applicable law.

SECTION 11 — CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in the Service, our practices, or applicable law. The current version is always posted on our website with its effective date shown at the top. If we make material changes, we will notify you by email to the address on file at least 30 days before they take effect. Your continued use of the Service after the effective date of any change means you acknowledge the updated Privacy Policy. If you do not agree with the changes, you may close your account as described in our Terms of Service.

SECTION 12 — CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your information, please contact us:

Eleanote LLC

15 Faucher Road

Londonderry, NH 03053

United States

Email: support@eleanote.ai