Privacy Policy
Last updated: July 2026
Dr. Note ("we", "us", "our") is an AI-powered dental chart note assistant. We are committed to protecting the privacy of dental practitioners and their patients. This policy explains what data we collect, how it is processed, and how we support your obligations under Canadian privacy law.
1. Data we collect
| Data type | Stored? | Purpose |
|---|---|---|
| Account email | Yes | Authentication, subscription management |
| Templates & rules | Yes | Saved to your account so the AI can apply them |
| Clinic settings | Yes | Multi-clinic scheduling and date verification |
| Brief descriptions (your input when writing a note) | No | Sent to AI for note generation, then discarded |
| Generated notes | No | Displayed in your browser only; not stored on our servers |
| Patient names / identifiers | Never | Users are instructed not to enter identifiable patient information |
2. How note generation works
When you click "Generate Note", your brief description is combined with your selected template, rules, and clinic context and sent to the AI language model (Anthropic Claude API) via an encrypted HTTPS connection.
The AI returns a completed chart note, which is displayed in your browser. Neither the input nor the output is stored on our servers or by the AI provider. Under Anthropic's data-use policy, API inputs and outputs are not used to train models and are not retained beyond the duration of the API call.
Once you close the browser tab or start a new note, the generated content is gone unless you have copied it to your own system (e.g., your EHR/EMR).
3. PHIPA & PIPEDA compliance
Canadian dental practices must comply with federal privacy legislation (PIPEDA) and, in Ontario, the Personal Health Information Protection Act (PHIPA). Other provinces may have equivalent laws (e.g., Alberta's HIA, British Columbia's PIPA).
How Dr. Note supports your compliance:
4. Data storage & hosting
Dr. Note is hosted on Cloudflare Pages and Cloudflare Workers, which use a global edge network with servers in multiple countries, including Canada. Account data (email, templates, rules, clinic settings) is stored using Cloudflare's infrastructure. No patient-identifiable health information is stored.
5. Payment information
Subscription payments are processed by Stripe, Inc. We do not store, access, or process your credit card details directly. All payment data is handled entirely by Stripe in compliance with PCI DSS Level 1.
6. Your rights
Under PIPEDA, PHIPA, and equivalent provincial legislation, you have the right to:
7. Cookies & analytics
Dr. Note uses only essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking pixels. If we implement analytics in the future, we will use a privacy-respecting solution and update this policy accordingly.
8. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via the app or by email. The "Last updated" date at the top of this page reflects the most recent revision.
9. Contact
If you have questions about this privacy policy or your data, contact us at: