Privacy Policy
Last updated: 2026-07-04
Overview
Vizanote (“we,” “us,” or “our”) operates the Vizanote clinical documentation platform. This Privacy Policy describes how we collect, use, and protect information when you use our services. Because Vizanote serves ABA clinical practices that handle Protected Health Information (PHI), our data practices are aligned with HIPAA requirements and we offer Business Associate Agreements (BAAs) to covered entities and business associates.
Data we collect
We collect the following categories of information:
- Account information: Name, email address, role, and clinic/organization name provided at signup.
- Usage data: Log data including page views, feature usage, IP addresses, and timestamps for security and product improvement purposes.
- Clinical data (PHI): Session notes, behavioral data, learner records, consent documents, and billing information entered by authorized clinical users. This data is handled under a signed BAA and subject to HIPAA safeguards.
- Communications: Messages sent to us via contact forms, support channels, or email.
How we use your information
- To provide, maintain, and improve the Vizanote platform
- To communicate with you about your account, the beta program, and product updates
- To detect and prevent security incidents and fraud
- To comply with legal obligations including HIPAA
- To generate aggregate, de-identified analytics about platform usage (never individual PHI)
We do not sell your personal information. We do not share PHI with third parties except as required to deliver the service under a signed BAA, or as required by law.
PHI handling
Vizanote is designed to handle Protected Health Information in compliance with HIPAA. Key safeguards include:
- Encryption of PHI in transit (TLS 1.2+) and at rest (AES-256 or equivalent)
- Role-based access controls that limit PHI access to authorized individuals
- Immutable audit logs recording all access to PHI
- Automatic session timeouts for inactive users
- BAA execution prior to any PHI entering the system
To request a BAA or to discuss our HIPAA compliance posture, please contact us via the beta signup form and note “BAA Request” in your message.
AI & PHI policy
Vizanote uses AI models to generate clinical documentation suggestions. Our AI policy:
- PHI is never used to train third-party AI models without explicit written consent
- AI processing of PHI occurs under data processing agreements with our AI providers
- AI suggestions are clearly labeled as AI-generated and require clinician review before use
- No AI action modifies a clinical record without explicit human approval
Third-party services
Vizanote uses third-party services to operate the platform. These may include cloud hosting providers, authentication services, and analytics tools. All third-party services that handle PHI operate under signed BAAs or equivalent data protection agreements. We do not use ad tracking or behavioral advertising networks on any page that handles PHI.
Data retention
We retain account and usage data for as long as your account is active, plus a reasonable period thereafter for security and legal purposes. Clinical data (PHI) retention is governed by your BAA and applicable state and federal regulations. You may request deletion of non-PHI personal data by contacting us directly.
Your rights
Depending on your jurisdiction, you may have rights including access to, correction of, and deletion of your personal data. PHI access rights are governed by HIPAA and handled through your covered entity (typically your clinic). To exercise non-PHI privacy rights, contact us at the address below.
Contact
For privacy questions, data requests, or to report a concern, contact us via the contact form. Please note “Privacy” in your message. We aim to respond within 5 business days.
Note: This Privacy Policy is a pre-launch draft for a product in active development. It will be reviewed by legal counsel and updated before Vizanote enters full production with covered entities handling live PHI. It does not constitute legal advice.