Privacy Policy

Notefree AS ("Notefree", "we", or "us") provides Agentic AI for medical purposes across modalities, including Ambient AI that listens to clinical conversations and helps generate structured notes and insights for healthcare professionals. Privacy and information security are built into the product by design. This policy explains how we collect, use, store, and protect personal data when you visit notefree.no or use our services (the "Services").

Notefree AS is the data controller for personal data processed through our website and certain user information. When we process patient data on behalf of healthcare providers, we act as a data processor.

• Company: Notefree AS
• Email: [email protected]

• Data minimisation: We process only what is necessary to deliver the Services.
• No full audio retention: Audio is processed in small chunks and deleted immediately; no complete recording is stored on our servers.
• Predictable deletion: Clinical notes are stored temporarily and erased automatically.
• No training on your data: Clinical inputs are not used to train models.
• Security by default: Encryption and strict access controls apply across the stack.

We collect the following categories of information to operate the Services:

• Account and contact data (name, role, organisation, email, phone, login credentials, billing details).
• Clinical data processed during use (e.g., audio chunks and derived clinical facts).
• Clinical notes and transcripts created for your review.
• Usage and technical data (device identifiers, browser type, IP address, pages visited, OS/app version).
• Support communications (messages and support requests).

When Ambient AI is used, audio is streamed and processed in small segments in real time. Each segment is deleted immediately after processing. No complete audio file is ever stored on our servers.

Notes and transcripts are stored in encrypted form so you can review and export them. They are automatically deleted after 24 hours. After deletion, the data is unrecoverable—even by us.

We process and store data within the European Economic Area (EEA). Your data does not leave the EEA.

• Provide and improve the Services.
• Ensure accuracy, safety, and quality.
• Support users and respond to requests.
• Comply with legal obligations.

• Contractual necessity to deliver the Services.
• Legitimate interests in security, reliability, and service analytics.
• Consent for optional communications and non‑essential cookies.
• Legal obligations where required by law.

• Encryption in transit and at rest.
• Role‑based access control and least‑privilege access.
• Logging and monitoring to detect misuse.
• Regular security reviews and testing.

We use cookies to provide essential functionality and, where permitted, basic analytics. You can manage cookie preferences at any time.

If you are located in the EEA or another jurisdiction with data‑protection laws, you may have rights including access, rectification, deletion, restriction, objection, and data portability.

• To exercise these rights, contact: [email protected]
• You may also lodge a complaint with your local supervisory authority.

We may update this policy from time to time. Material changes will be posted on the website with an updated effective date.