Last updated: September 15, 2025 Operated by: VisitNotes
VisitNotes is built on a simple premise: your doctor visits are some of the most private conversations you have. This policy explains exactly what information we handle, where it goes, and what we never do with it. We’ve written it to be specific — not because the law requires it, but because you deserve to know.
The short version
- Your audio recording never leaves your device. Transcription happens entirely on your iPhone using Apple’s built-in speech technology. No audio is ever uploaded — to our servers or anyone else’s.
- Only the text transcript travels off your device, to generate your summary.
- We do not sell your data. We do not advertise to you. We do not de-identify and license your health information to researchers or pharmaceutical companies.
- We do not use your health information to train AI models. Neither do our AI providers — this is prohibited under our signed Data Processing Addendum (DPA) with them.
- You can delete your account and all your data at any time.
What we collect
Information you provide
- Account information: Your name and email address (or Apple ID) when you create an account.
- Visit transcripts and notes: The text transcript generated from your visit recording, any notes you type during or after a visit, and any photos or documents you add to a visit.
- People and care circle profiles: Names, relationships, and other details you enter for the people whose visits you’re tracking.
- Medications: Medication names, dosages, and schedules you enter within the app.
- Calendar appointments: If you grant VisitNotes access to your device calendar, we sync appointment titles, provider names, locations, and dates to your account to help you prepare for visits. You can revoke this permission at any time in your iPhone Settings → Privacy & Security → Calendars.
- Profile photos: Photos you choose to upload for people in your care circle.
Information collected automatically
- App usage analytics: We collect limited lifecycle events — which screens you visit, which features you use, session counts — to understand how the app is used and how to improve it. This is handled by PostHog, a third-party analytics provider. We do not send health content, visit text, or notes through analytics. No keystroke logging, no session recording, no identification by name or email.
- Subscription status: When you purchase a subscription, RevenueCat (our subscription management provider) receives your account ID to verify your entitlement.
- Crash and device information: If the app crashes, we receive your device type, iOS version, and a crash report. This does not include health content.
What leaves your device
We believe you should know exactly where your data goes. Here is every off-device data transfer:
| What | Where | Why |
|---|---|---|
| Visit transcript (text only) | Anthropic, via our summarization service | Generating your visit summary |
| App lifecycle events (no health content) | PostHog (US servers) | Product analytics |
| Account ID | RevenueCat | Verifying your subscription |
| Transcripts, notes, summaries, medications, people, appointments, profile photos | Supabase (our database and storage provider) | Storing your account data |
That is the complete list.
What never leaves your device
Audio recordings are processed entirely on your iPhone. VisitNotes uses Apple’s on-device speech recognition framework to produce your visit transcript. The audio file is never transmitted — not to VisitNotes servers, not to Anthropic, not to any other party.
If you choose to keep a recording for personal playback, it is stored only on your device, protected by iOS file encryption, and deleted when you delete the visit or your account.
AI summarization and Anthropic
Your visit transcript is sent to our summarization service, which uses Anthropic’s Claude API to generate your plain-language summary. Anthropic is our AI sub-processor for this feature.
Our data processing agreement with Anthropic. We have a signed Data Processing Addendum (DPA) with Anthropic. A DPA is a formal legal contract between a company and any third party it shares personal data with. It defines exactly what the third party is allowed to do with that data, how they must protect it, and what they are prohibited from doing. It is legally binding on both sides.
Under our DPA with Anthropic, your transcript data may only be used to generate your summary — nothing else. Specifically, Anthropic is prohibited from:
- Using your data to train their AI models
- Sharing your data with any other party
- Retaining or using your data for any purpose outside of providing the summarization service to VisitNotes
It is also important to understand that Anthropic’s consumer privacy policy — which does reference optional model training for Claude.ai users — does not apply to data processed through the API. Anthropic explicitly states that their consumer policy does not cover content processed on behalf of business API customers. Your data is governed entirely by our DPA, not by the consumer policy.
Our third-party service providers
We work with the following companies to operate VisitNotes. Each is contractually required to use your data only to provide their services to us:
| Provider | Role | Privacy Policy |
|---|---|---|
| Supabase | Database, authentication, and file storage | supabase.com/privacy |
| Anthropic | AI summarization (transcript → summary) | anthropic.com/legal/privacy |
| PostHog | Product analytics (no health content) | posthog.com/privacy |
| RevenueCat | Subscription management | revenuecat.com/privacy |
| Apple | Authentication via Sign in with Apple | apple.com/legal/privacy |
How we use your information
We use your information to provide VisitNotes and nothing else:
- To generate, store, and display your visit summaries
- To maintain your account and care circle
- To verify your subscription status
- To understand how the app is used in aggregate (without health content) so we can improve it
- To send you notifications you’ve enabled, such as appointment reminders
What we do not do
We want to be unambiguous about this:
- We DO NOT sell your personal information — not to data brokers, not to advertisers, not to anyone.
- We DO NOT show you ads or share your information with ad networks.
- We DO NOT build profiles of your health history for any purpose other than providing you with VisitNotes.
- We DO NOT de-identify and license your health information for research, pharmaceutical analytics, or any commercial purpose.
- We DO NOT upload your audio recordings anywhere.
- We DO NOT use your health information to train AI models — and neither do our AI providers, under our signed DPA with them.
Care circle access
When you invite someone to your care circle, they can view visits you’ve explicitly shared with them. You can revoke access at any time in the app. Revoking access removes their ability to view new content going forward.
If you have previously shared a summary outside the app (by text, email, or other means), VisitNotes has no ability to recover that copy.
Data retention
Your data is retained as long as your account is active.
- Individual visits can be deleted at any time from within the app.
- Account deletion removes all your personal data — transcripts, summaries, notes, medications, people, and profile photos — within 30 days. Audio recordings stored on your device are deleted immediately when you confirm account deletion.
When your account is deleted, we also request deletion of your data from our sub-processors in accordance with our agreements with them.
Children’s privacy
VisitNotes is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has created an account, contact us and we will delete it promptly.
Parents and caregivers may use VisitNotes to record and track visits for children and family members. When you create a profile for a family member, that information is handled under this policy and accessible only to you and the care circle members you invite.
Security
We protect your information through:
- On-device audio processing — audio never leaves your device
- iOS file protection — sensitive files stored on your device use iOS Data Protection (encryption tied to your device passcode)
- Encryption in transit — all data transmitted between the app and our services uses TLS
- Access controls — our database enforces row-level security so that users can only access their own data
- Keychain storage — your session tokens are stored in the iOS Keychain, not in unprotected storage
No security system is perfect. If you discover a vulnerability, please contact us at security@visitnotes.app.
Breach notification
If a security breach affects your identifiable health information, we will notify affected users promptly in accordance with the FTC Health Breach Notification Rule and applicable state law.
Your rights and controls
Regardless of where you live, you can:
- View your data within the app at any time
- Delete individual visits from within the app
- Delete your account and all associated data in Settings → Account → Delete Account
- Export a visit summary using the share button on any summary
- Revoke care circle access for any member at any time
- Revoke calendar access at any time in iPhone Settings → Privacy & Security → Calendars
- Request a copy of your data or ask questions by contacting us at privacy@visitnotes.app
California residents
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to know what personal information we collect, to request its deletion, and to opt out of the sale of personal information. We do not sell personal information.
To exercise your rights or submit a data request, contact us at privacy@visitnotes.app.
Washington residents
We comply with Washington’s My Health My Data Act (RCW 19.373). The consumer health data we collect — visit transcripts, notes, summaries, and related health information — is used only to provide the VisitNotes service. We do not sell this data, share it for advertising purposes, or use it for any purpose beyond those described in this policy.
To exercise your rights under the Act, including the right to access, withdraw consent, or request deletion, contact us at privacy@visitnotes.app. If your request is denied and your appeal is unsuccessful, you may file a complaint with the Washington Attorney General at atg.wa.gov/file-complaint.
Changes to this policy
If we make material changes to this policy — including changes to what data we collect or how we share it — we will notify you through the app before those changes take effect. The “last updated” date at the top of this page reflects the most recent revision.
Your continued use of VisitNotes after changes take effect constitutes your acceptance of the updated policy.
Contact us
VisitNotes privacy@visitnotes.app