Privacy Policy

In vigore dal 22 febbraio 2026

Introduction

This Privacy Policy explains how NotuDocs ("we," "us," or "our") collects, uses, stores, and protects your information when you use our website at https://notudocs.com and related services (collectively, the "Service"). NotuDocs is an AI-powered documentation tool designed for professionals such as therapists, doctors, lawyers, social workers, and educators. The Service allows you to create templates, capture session notes through text, voice, and file uploads, and generate structured documents using artificial intelligence.

By accessing or using the Service, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

Information We Collect

Account Information

When you create an account, we collect the following information through our authentication provider:

  • Email address
  • Full name
  • Profile picture (if provided)
  • Authentication credentials (managed securely by our authentication provider)

Content Data

When you use the Service, we collect and store the content you create and upload, including:

  • Templates and their placeholder configurations
  • Session notes (text entries, voice recordings, and uploaded files)
  • Generated documents and exports
  • Images and other files you upload to the Service

Usage Data

We automatically collect certain information about how you interact with the Service, including:

  • Pages visited and features used
  • Timestamps of activity (account creation, logins, document generation)
  • Frequency and duration of sessions
  • Interactions with the user interface

Device and Browser Information

We may collect technical information about your device and browser, including:

  • Browser type and version
  • Operating system
  • Device type
  • IP address
  • Referring URLs and page navigation paths

How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service: To operate, maintain, and deliver the features of NotuDocs, including AI-powered document generation, voice transcription, and template management.
  • Account management: To create and manage your account, authenticate your identity, and provide customer support.
  • AI processing: To send your notes and template data to AI services for generating structured documents. This data is processed in real time and is not stored by the AI providers.
  • Voice transcription: To convert your voice recordings into text using transcription services.
  • Payment processing: To process subscription payments and manage your billing information through our payment provider.
  • Service improvement: To analyze usage patterns and improve the functionality, performance, and reliability of the Service.
  • Communication: To send you service-related notifications, updates, and support responses.
  • Security: To detect, prevent, and address fraud, abuse, or technical issues.

Third-Party Services

We rely on trusted third-party services to operate NotuDocs. Each provider has access only to the information necessary to perform its designated function.

Clerk (Authentication)

We use Clerk to manage user authentication and account security. Clerk processes and stores your email address, name, profile picture, and authentication credentials. Clerk's privacy policy is available at https://clerk.com/legal/privacy.

Convex (Backend and Data Storage)

We use Convex as our backend platform to store and manage your user data, sessions, templates, notes, and generated documents. Convex's privacy policy is available at https://www.convex.dev/legal/privacy.

Google (AI Document Generation and Voice Transcription)

We use the Google Gemini API to process your notes, generate structured documents, and transcribe voice recordings into text. Your content is sent to Google for real-time processing only. When using the Gemini API with the paid tier, Google does not use your data to train its models. Google's privacy policy is available at https://policies.google.com/privacy.

Stripe (Payment Processing)

We use Stripe to process payments and manage subscriptions. Stripe collects and processes your payment information, including credit card details, directly. NotuDocs never receives, processes, or stores your full credit card numbers. Stripe's privacy policy is available at https://stripe.com/privacy.

Vercel (Hosting and Analytics)

Our Service is hosted on Vercel's infrastructure. Vercel may collect analytics data such as page views, performance metrics, and general usage patterns. Vercel's privacy policy is available at https://vercel.com/legal/privacy-policy.

Cloudflare (Image Storage)

We use Cloudflare R2 to store images and files you upload to the Service. Cloudflare's privacy policy is available at https://www.cloudflare.com/privacypolicy/.

Data Storage and Security

Your data is stored in the United States through our infrastructure providers. We implement commercially reasonable technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encrypted data transmission using TLS/SSL
  • Secure authentication through Clerk with support for multi-factor authentication
  • Access controls limiting data access to authorized personnel and systems
  • Regular security reviews of our third-party providers

While we take reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.

Data Retention

We retain your account information and content data for as long as your account remains active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required by law to retain certain data for a longer period.

Usage and analytics data may be retained in aggregated and anonymized form for service improvement purposes.

Your Rights

You have the following rights regarding your personal information:

  • Access: You may request a copy of the personal information we hold about you.
  • Correction: You may request that we correct any inaccurate or incomplete personal information.
  • Deletion: You may request that we delete your personal information and account. Upon receiving a valid deletion request, we will remove your data within 30 days.
  • Data export: You may request an export of your data in a portable format.
  • Objection: You may object to certain types of data processing where applicable.

To exercise any of these rights, please contact us using the information provided in the Contact section below. We will respond to your request within 30 days.

Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us immediately.

HIPAA Notice

NotuDocs does not currently offer Business Associate Agreements (BAAs) and does not represent itself as a HIPAA-compliant service. While our Service employs industry-standard security practices — including encrypted data transmission, secure authentication, and access controls — we have not undertaken a formal HIPAA compliance program.

If your use of the Service involves Protected Health Information (PHI) subject to the Health Insurance Portability and Accountability Act (HIPAA), it is your responsibility to evaluate whether NotuDocs meets your compliance requirements. Users who require a BAA or formal HIPAA technical safeguards should seek a service that provides them.

International Data Transfers

Our Service is hosted and operated in the United States. If you access the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence.

By using the Service, you consent to the transfer of your information to the United States and the processing of your data as described in this Privacy Policy.

Cookies and Tracking

We use cookies and similar tracking technologies to operate and improve the Service. Specifically:

  • Essential cookies: Required for authentication, session management, and core Service functionality. These cookies are necessary for the Service to work and cannot be disabled.
  • Analytics cookies: Used to collect anonymized usage data to help us understand how the Service is used and improve its performance.
  • Preference cookies: Used to remember your settings and preferences, such as your preferred language.

Most browsers allow you to control cookies through their settings. However, disabling essential cookies may prevent you from using the Service.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make changes, we will update the effective date at the top of this page. If we make material changes, we will notify you by email or through a prominent notice within the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: support@notudocs.com

Website: https://notudocs.com