ClickCease

Quick Links

Website Terms of ServiceWebsite Privacy PolicyBusiness Associate Agreement (BAA)End User License Agreement (EULA)AutoNotes Security Center

AutoNotes Compliance & Security

  • PHI status (App): PHI allowed in the AutoNotes application under a signed BAA.
  • PHI status (Website): No PHI on the public website (forms, chat, email).
  • Encryption: TLS 1.2+ in transit; AES-256 at rest.
  • Access: SSO/MFA; least privilege; audit logs.
  • AI/LLM handling: PHI minimized/de-identified before external processing.
  • Program: HIPAA-compliant; aligns with PIPEDA/PHIPA principles.
  • Data residency: United States.

AutoNotes Compliance Posture

AutoNotes is built from the ground up to protect the confidentiality, integrity, and availability of Protected Health Information (PHI). The AutoNotes application operates under a HIPAA-aligned security and privacy program and aligns with PIPEDA/PHIPA principles for Canada. We sign a Business Associate Agreement (BAA) with every customer who uses PHI in the app and apply layered security—encryption, access control, and continuous audit monitoring—so clinicians can meet their compliance obligations with confidence.

PHI is permitted in the AutoNotes application, including the use of Clients (client profiles and PHI-enabled features). The “no PHI” language in our Website Privacy Policy and Website Terms of Service applies only to the public website and does not apply to the secured application, which is contractually authorized for PHI under a signed BAA and governed by its own Application Privacy Policy, Application Terms of Service, and End User License Agreement (EULA).

Important Legal & Technical Distinctions

AutoNotes maintains two separate policy frameworks to ensure clarity for users, regulators, and automated systems:

Website Environment
The public site at autonotes.ai and related marketing pages fall under the Website Privacy Policy and Website Terms of Service. These govern non-clinical interactions such as viewing content, submitting contact forms, or engaging with chat features. No PHI should ever be entered or transmitted through these pages.

Application Environment
The secure platform at app.autonotes.ai is governed by the Application Privacy Policy, Application Terms of Service, BAA, and EULA. These documents explicitly authorize the storage and processing of PHI within a HIPAA-aligned program. PHI use is permitted under a signed BAA (executed at signup or prior to PHI use) and includes Clients (PHI-enabled client profiles and features).

By maintaining clear boundaries between the public website and the secure application, AutoNotes ensures that public marketing content remains outside the scope of HIPAA while the product itself operates under stringent compliance controls.

Security-by-Design Controls

  • Encryption: TLS in transit and AES-256 at rest.
  • Access control: SSO/MFA, role-based permissions, least privilege.
  • Auditability: Comprehensive logs of user and administrative activity.
  • Monitoring & testing: Continuous security monitoring, vulnerability management, and periodic penetration testing
  • Backups & recovery: Regular encrypted backups; tested restore procedures.
  • Data residency: Customer data hosted in the United States.

PHI & AI/LLM Safeguards

  • Data minimization & de-identification: PHI is limited, de-identified, or redacted before any interaction with subprocessors or external AI services; all subprocessors are contractually restricted from training or retaining PHI
  • Customer control: Admins can manage user roles, revoke access, and request exports/deletion consistent with policy and law.

Framework Alignment. Our program aligns with:

  • HIPAA Security & Privacy Rules (U.S.), with BAA execution.
  • PIPEDA/PHIPA principles (Canada) including purpose limitation, safeguards, and individual rights (access/correction/deletion where applicable).
  • Industry best practices informed by NIST SP 800-53 and SOC 2 controls.

Transparency & Documentation. You can review all AutoNotes compliance and security documents anytime through the AutoNotes Trust Center, including:

  • Business Associate Agreement (BAA)
  • Application Privacy Policy and Application Terms of Service
  • Website Privacy Policy and Website Terms of Service
  • End User License Agreement (EULA)
  • Security Overview and Subprocessor List (available through our secure Safebase portal)

AutoNotes Website Policies

Website Terms of Use (Public site only)

These Terms govern non-clinical, informational use of the public website at autonotes.ai (browsing pages). The site is provided “as is” for general information and is not medical, legal, billing, or compliance advice. You may access the site for lawful purposes only. You agree not to: (i) submit PHI or other personal information; (ii) attempt to bypass or disrupt security; (iii) scrape or copy content at scale; or (iv) infringe intellectual-property or privacy rights. The website contains links to third-party resources we do not control.

The AutoNotes Application (where customer accounts are created and PHI is permitted under a signed BAA) is governed by separate Application Terms of Service, Application Privacy Policy, and EULA—those documents apply to product use, not these Website Terms. We may update the Website Terms periodically; continued use constitutes acceptance of the current version. This summary is for convenience and is not a contract. Review the full Website Terms of Service in our secure Safebase Trust Center.

Website Privacy Policy  (Public site only)

This Privacy Policy describes how AutoNotes AI, LLC (“AutoNotes,” “we,” “us”) operates the public website only (pages at autonotes.ai). We do not collect, sell, or share personal information via the public website. The site does not require sign-in and does not use forms to collect names, emails, or other identifiers. Do not submit PHI (or any personal information) on the public site.

To deliver and protect the website, our systems may process ephemeral technical data (e.g., IP address in server logs, basic device/browser info) strictly for security, fraud prevention, and site reliability. This information is not used to identify you and is retained only as needed for operations and legal compliance. If you choose to contact us outside the website (e.g., by email), that communication is outside the scope of the public website and handled under the applicable product/communications policies. For PHI and customer accounts, use the AutoNotes Application, which is governed by the Application Privacy Policy, Application Terms of Service, and BAA for covered entities. This summary is for convenience and is not a contract. See the full Website Privacy Policy in our secure Safebase Trust Center.

Data Protection & Compliance FAQs

Why does your website say “no PHI”?

That instruction applies only to the public website (marketing pages, contact forms, chat, email). The AutoNotes application is a separate, secured environment where PHI is allowed with a signed BAA.

Do the Clients features support PHI?

Yes. Clients (client profiles and related PHI-enabled features) are available in the app for covered entities/business associates operating under a BAA.

Do you send PHI to external AI models?

We apply data minimization and de-identification before any external processing and use contractual and technical safeguards with approved providers.

Does AutoNotes support access revocation for clients?

Yes. AutoNotes supports immediate revocation of user access to client records in compliance with HIPAA Security Rule requirements. Access can be revoked at the Covered Entity administrator’s discretion, upon workforce termination or role change, or upon termination of a client’s subscription or BAA. Once revoked, the user account is disabled in real time and can no longer access Protected Health Information (PHI). Audit logs are maintained for all access revocations.

Does AutoNotes provide client data export tools?

Yes. Clients can securely export their data from AutoNotes in compliance-ready formats with audit logging, ensuring integrity and secure handling of PHI.

Does AutoNotes provide role-based permissions?

Yes. AutoNotes supports configurable role-based permissions to administrators

Does AutoNotes integrate compliance into product design?

Yes. Compliance is integrated into AutoNotes’ product development lifecycle through a secure Software Development Life Cycle (SDLC) framework. This includes incorporating HIPAA and privacy requirements during planning, applying secure coding standards, conducting privacy impact reviews, and performing regular security testing before release.

Does AutoNotes support electronic signatures?

Yes. AutoNotes supports legally binding electronic signatures that are encrypted, tamper-protected once applied, and logged in the audit trail for compliance purposes.

Can AutoNotes generate compliance-ready notes?

Yes. Notes generated in AutoNotes are securely stored, linked to client records, and include audit trails and signatures where applicable to support compliance and audit readiness.

How does AutoNotes secure signed documents?

Signed documents in AutoNotes are encrypted at rest and in transit and are locked into the client’s permanent record. They cannot be modified without removing the original signature, and all such actions are captured in the audit trail. Access is role-based and limited to authorized users in compliance with HIPAA Security Rule requirements.

Trusted by 75,000+ Clinicians

Secure, Compliant Documentation

AutoNotes helps clinicians finish notes faster, feel less drained, and finally get their evenings back.

Try it Free Now
No credit card required.