DN Dr. Note

Privacy Policy

Last updated: July 2026

Dr. Note ("we", "us", "our") is an AI-powered dental chart note assistant. We are committed to protecting the privacy of dental practitioners and their patients. This policy explains what data we collect, how it is processed, and how we support your obligations under Canadian privacy law.

1. Data we collect

Data type Stored? Purpose
Account email Yes Authentication, subscription management
Templates & rules Yes Saved to your account so the AI can apply them
Clinic settings Yes Multi-clinic scheduling and date verification
Brief descriptions
(your input when writing a note)
No Sent to AI for note generation, then discarded
Generated notes No Displayed in your browser only; not stored on our servers
Patient names / identifiers Never Users are instructed not to enter identifiable patient information

2. How note generation works

When you click "Generate Note", your brief description is combined with your selected template, rules, and clinic context and sent to the AI language model (Anthropic Claude API) via an encrypted HTTPS connection.

The AI returns a completed chart note, which is displayed in your browser. Neither the input nor the output is stored on our servers or by the AI provider. Under Anthropic's data-use policy, API inputs and outputs are not used to train models and are not retained beyond the duration of the API call.

Once you close the browser tab or start a new note, the generated content is gone unless you have copied it to your own system (e.g., your EHR/EMR).

3. PHIPA & PIPEDA compliance

Canadian dental practices must comply with federal privacy legislation (PIPEDA) and, in Ontario, the Personal Health Information Protection Act (PHIPA). Other provinces may have equivalent laws (e.g., Alberta's HIA, British Columbia's PIPA).

How Dr. Note supports your compliance:

No patient data stored. Brief descriptions and generated notes exist only in your browser session. We do not store, log, or retain any clinical content.
No identifiers requested. The app explicitly warns users not to include patient names, health card numbers, or other personal identifiers in their input.
Encrypted transmission. All data in transit is protected by TLS 1.2+ encryption via Cloudflare's global edge network.
AI provider does not retain data. Anthropic's API usage policy states that API inputs and outputs are not used for model training and are not retained after the request completes.
User-controlled data. Templates, rules, and clinic settings are stored in your account and can be exported or permanently deleted at any time from the Account panel.
Important: While Dr. Note is designed to support your privacy compliance obligations, it is your responsibility as the health information custodian to ensure that your use of any tool meets the specific requirements of your provincial regulatory body. We recommend consulting your privacy officer or legal counsel if you have questions about compliance.

4. Data storage & hosting

Dr. Note is hosted on Cloudflare Pages and Cloudflare Workers, which use a global edge network with servers in multiple countries, including Canada. Account data (email, templates, rules, clinic settings) is stored using Cloudflare's infrastructure. No patient-identifiable health information is stored.

5. Payment information

Subscription payments are processed by Stripe, Inc. We do not store, access, or process your credit card details directly. All payment data is handled entirely by Stripe in compliance with PCI DSS Level 1.

6. Your rights

Under PIPEDA, PHIPA, and equivalent provincial legislation, you have the right to:

Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your account and all associated data
Export your data (available in the Account panel)
Withdraw consent and close your account at any time

7. Cookies & analytics

Dr. Note uses only essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking pixels. If we implement analytics in the future, we will use a privacy-respecting solution and update this policy accordingly.

8. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the app or by email. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

If you have questions about this privacy policy or your data, contact us at:

Dr. Note Privacy
Email: privacy@drnote.ai
General: support@drnote.ai