Better safe. Never sorry.
Privacy is a human right. This is why our technology is built around protecting it.
Certified for your peace of mind
From privacy to performance, every certification reflects our commitment to doing things the right way - so you can focus on care, knowing the details are protected.
Great power comes with great privacy
What’s said in the room, stays in the room. Every detail is protected by uncompromising security.
Discover everyday privacy protections
Private by default
Every interaction is designed to protect your data, automatically.
Data stays local to you
Stored securely in trusted, compliant data centres, wherever you are.
You’re in control
Multi-factor authentication safeguards available.
No selling. No sharing
Your sessions belong to you and no one else.
Note Dr minds it's business. Not yours
Note Dr never uses your data to train AI models. Ever.
Note Dr is powered by rules, not your recordings. Every word it writes is shaped by templates you control - not by hidden training on your patient data. You decide the tone, the structure, and the style, so your notes always sound like you. Safe. Consistent. Completely yours.
Patient consent made simple
Your patients’ permission matters. You decide how to ask, and we give you the tools to capture and honour it, every time.
- Patient-friendly resources
- Built-in reminders
- Dedicated clinician support
Compliance, without the complexity
Artificial intelligence has the potential to benefit nearly every aspect of our lives - so it must be developed and deployed responsibly.
Evidence for Assurance
We provide DPIAs, PIAs, risk assessments, and security reports upfront - giving your governance team assurance without starting from scratch.
Operational Fit
Our processes are designed to fit into existing IG workflows, with templates and checklists that cut down paperwork and speed up approvals.
Audit-Ready Support
When regulators or auditors ask questions, you’ll have clear, credible answers. We supply the proof so you’re never left scrambling.
International Standards
From GDPR to HIPAA - we align with international frameworks so compliance works wherever you operate.
Partnership, Not Burden
IG is about trust. We act as an extension of your team, helping you meet requirements with less stress and more confidence.
With privacy built in, every
consultation brings peace of mind
Product Security
- Multi-Factor Authentication (MFA)
MFA can be enabled for user accounts via an SSO provider.
- Role-Based Access Control
Note Dr implements Role-Based Access Control (RBAC) to manage permissions.
- SSO Support
Customers can authenticate using SSO, including SAML.
- Separate Production Environment
Customer data is not used in non-production environments.
Access Control
- Data Access
Access to internal systems is granted based on the principle of least privilege and is reviewed on a regular basis.
- Logging
All important security events in our environment are monitored.
- Staff Password Security
We have a strong internal password policy that includes a requirement for MFA for accounts that do not support SSO. Passwords are stored in a company managed password manager.
Endpoint Security
- Disk Encryption
Full-disk encryption is used to protect employee endpoints.
- DNS Filtering
Employee endpoints are protected from malicious web traffic.
- Endpoint Detection & Response
All employee endpoints are protected with an advanced EDR solution.
- Mobile Device Management
All employee endpoints are centrally managed and secured using an MDM solution.
- Threat Detection
Note Dr's Security Defense and Intelligence proactively monitors for known attacker TTPs, known malicious binaries, and suspicious activity in the environment. Our team also review anomalous activity and hunt for unknown threats on a regular cadence.
Network Security
- Data Exfiltration Monitoring
We restrict removable media on endpoints and have tools to monitor for suspicious activity, including data exfiltration.
- DMARC
Our domain has DMARC enabled to reduce the risk of spoofing attacks.
- Firewall
We use Firewalls to monitor and control traffic in our infrastructure.
- IDS
Network activity is centrally logged and arbitrary detection logic has been defined to identify attackers and other anomalous behavior and generate alerts for further investigation.
- Security Information and Event Management
Important infrastructure logs are centrally stored and monitored.
Corporate Security
- Email Protection
We restrict removable media on endpoints and have tools to monitor for suspicious activity, including data exfiltration.
- Employee Training
Personnel perform security and privacy awareness training on an annual basis. Topics covered include: Passwords, Mobile devices, Social engineering, Physical security, Phishing, GDPR and CCPA.
- Incident Response
We have a documented Incident Response Plan that is reviewed, tested and approved at least annually.
- Internal Assessments
We conduct an annual risk assessment to identify major gaps in our environment.
- Penetration Testing
We perform frequent penetration testing.
Our policies
PRIVACY & COOKIES
WEBSITE TERMS OF USE
Our values lead the way
- Safe
- Patient-Centred
- Innovative
- Environmental
- Inclusive & Diverse
- Clinician Development
- Research Led
