ReasonNotes LogoReasonNotes

Privacy Policy

Your privacy and data security are our top priorities. Learn how we protect your information and ensure HIPAA compliance.

Last updated: July 10, 2025

Introduction

ReasonWorks AI Inc. ("we," "us," "our," or "ReasonNotes") is committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI medical scribe service.

As a healthcare technology service, we are subject to the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy laws. We take our responsibilities seriously and have implemented comprehensive security measures to protect your data.

Information We Collect

Personal Information

  • Account information (name, email address, phone number)
  • Professional credentials and provider information
  • Billing and payment information
  • Usage data and preferences

Protected Health Information (PHI)

  • Audio recordings of patient-provider conversations
  • Transcribed medical conversations
  • Generated clinical notes and documentation
  • Patient identifiers and demographics (when provided)
  • Medical history and clinical data

Technical Information

  • Device information and browser type
  • IP addresses and location data
  • Usage patterns and system performance data
  • Cookies and similar tracking technologies

How We Use Your Information

Service Delivery

  • Process audio recordings and generate clinical notes
  • Provide transcription and documentation services
  • Maintain and improve our AI models and algorithms
  • Deliver customer support and technical assistance

Account Management

  • Create and manage user accounts
  • Process billing and payments
  • Send service notifications and updates
  • Authenticate users and prevent unauthorized access

Legal and Compliance

  • Comply with HIPAA and other healthcare regulations
  • Respond to legal requests and court orders
  • Investigate and prevent fraud or abuse
  • Maintain audit trails and compliance records

Data Security and Protection

Security Measures

  • End-to-end encryption for all data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication for user accounts
  • Regular security audits and penetration testing
  • SOC 2 Type II certification
  • HIPAA-compliant infrastructure and processes

Access Controls

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Regular access reviews and audits
  • Secure employee background checks
  • Comprehensive staff training on data protection

Data Retention

We retain your data only as long as necessary to provide our services and comply with legal obligations. Audio recordings are typically deleted within 30 days of processing, while clinical notes may be retained longer based on your preferences and legal requirements.

HIPAA Compliance

ReasonNotes is fully HIPAA-compliant and serves as a Business Associate to covered entities. We have implemented all required administrative, physical, and technical safeguards to protect PHI.

Our HIPAA Commitments

  • Execute Business Associate Agreements (BAAs) with all customers
  • Implement minimum necessary standards for PHI access
  • Maintain detailed audit logs of all PHI access
  • Provide breach notification procedures
  • Ensure all subcontractors are HIPAA-compliant
  • Conduct regular risk assessments and compliance reviews

Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information or PHI to third parties except in the following limited circumstances:

Permitted Disclosures

  • To authorized healthcare providers and staff members
  • To HIPAA-compliant service providers and subcontractors
  • When required by law or legal process
  • To prevent or investigate suspected fraud or abuse
  • With your explicit written consent
  • For public health and safety purposes as permitted by law

Marketing and Communications

We may use your contact information to send you service-related communications, security alerts, and product updates. We will never use your PHI for marketing purposes without your explicit consent.

Your Rights and Choices

Under HIPAA and other applicable privacy laws, you have the following rights regarding your information:

Access and Control

  • Right to access your PHI and request copies
  • Right to request amendments to your PHI
  • Right to request restrictions on use and disclosure
  • Right to request alternative communication methods
  • Right to file complaints about privacy practices

Data Portability and Deletion

  • Right to export your data in standard formats
  • Right to request deletion of your account and data
  • Right to withdraw consent for data processing
  • Right to opt-out of non-essential communications

Exercise Your Rights

To exercise any of these rights, please contact us at privacy@reasonnotes.com or use the contact information provided below. We will respond to your request within 30 days.

Policy Updates and Contact Information

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and, where required, by sending you a direct notification.

Contact Information

Privacy Officer: ReasonWorks AI Inc.

Email: privacy@reasonnotes.com

Phone: 708-540-3586

Address: 1449 S Michigan Ave STE 13207, Chicago, IL 60605

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us using the contact information above. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.