Last updated: September 15, 2025 Operated by: VisitNotes
This Consumer Health Data Privacy Policy describes how VisitNotes collects, uses, and shares “consumer health data,” and the rights you have over that data. It supplements our Privacy Policy and is provided specifically to address consumer health data laws, including Washington’s My Health My Data Act (MHMDA), Nevada Senate Bill 370, and the Connecticut Data Privacy Act.
If anything here conflicts with our general Privacy Policy regarding consumer health data, this policy controls.
What we mean by “consumer health data”
Consumer health data is personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status. In the context of VisitNotes, this includes:
- The text transcripts generated from your medical visits
- Notes you type about a visit
- The plain-language summaries VisitNotes generates
- Medications, dosages, and schedules you enter
- Health-related details in the profiles you create for yourself or people in your care circle
- Appointment information you sync from your calendar (provider names, visit types, dates)
The most important thing to know
Your audio recording never leaves your device. Transcription happens entirely on your iPhone using Apple’s on-device speech technology. The audio file is never uploaded — not to us, not to our AI provider, not to anyone. Only the resulting text transcript is transmitted, and only to generate your summary.
What consumer health data we collect, and why
We collect the categories above for one purpose: to provide the VisitNotes service to you — generating, storing, and displaying your visit summaries, maintaining your care circle, and enabling the features you choose to use. We do not collect consumer health data for advertising, profiling, or resale.
Who we share consumer health data with
We share consumer health data only with the service providers (processors) needed to operate the app, each under a contract that limits them to providing services to us:
| Processor | What it receives | Purpose |
|---|---|---|
| Anthropic | Visit transcript text only | Generating your summary (under a signed Data Processing Addendum that prohibits model training, resale, or any other use) |
| Supabase | Transcripts, notes, summaries, medications, profiles, appointments, profile photos | Secure database and file storage |
App analytics (PostHog) and subscription management (RevenueCat) do not receive consumer health data — analytics carries no health content, and RevenueCat receives only your account ID.
What we never do
- We do not sell your consumer health data. Not to data brokers, not to advertisers, not to anyone.
- We do not share your consumer health data for targeted advertising.
- We do not use your consumer health data to train AI models — and neither do our providers, under our signed agreements with them.
- We do not create de-identified copies of your health data for commercial licensing.
- We do not use geofencing around any healthcare facility.
Your rights
Regardless of where you live, with respect to your consumer health data you may:
- Access the consumer health data we hold about you, and a list of who it has been shared with
- Withdraw consent for our collection and sharing of your consumer health data
- Delete your consumer health data
You can exercise the access and deletion rights directly in the app — view your data at any time, delete individual visits, or delete your account entirely (Settings → Account → Delete Account), which permanently removes all of your personal data, including consumer health data, within 30 days. Audio recordings stored on your device are deleted immediately when you confirm account deletion.
You may also submit any of these requests by emailing privacy@visitnotes.app. We will verify your request and respond within the timeframe required by applicable law. You may use an authorized agent to submit a request on your behalf.
How to appeal a decision
If we decline your request, we will tell you why. You may appeal by replying to our response or emailing privacy@visitnotes.app with the subject line “Consumer Health Data Appeal.” If your appeal is denied, you may contact the attorney general in your state.
Washington residents: You may file a complaint with the Washington State Attorney General at atg.wa.gov/file-complaint.
State-specific notices
Washington — My Health My Data Act. The collection, use, and sharing of your consumer health data described above is carried out to provide the VisitNotes service, with your consent. We do not sell consumer health data, and any sharing is limited to the processors listed above for the purposes stated.
Nevada — SB 370. We do not sell covered health data, and we honor verified consumer requests to access and delete that data as described above.
Connecticut. Connecticut residents may exercise the access, deletion, consent-withdrawal, and appeal rights described in this policy.
Changes to this policy
If we make material changes to how we handle consumer health data, we will notify you through the app before those changes take effect. The “last updated” date above reflects the most recent revision.
Contact us
VisitNotes privacy@visitnotes.app