Privacy Policy
Last updated: April 13, 2026
1. Introduction
Orinote Technology Inc. ("Orinote", "we", "us", or "our") operates the orinote.ai website and the Orinote AI medical documentation platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service.
We are committed to protecting the privacy and security of your personal data, including any health-related data processed through our platform. By using the Service, you agree to the collection and use of information in accordance with this policy.
2. Data Controller
The data controller responsible for your personal data is:
Orinote Technology Inc.
Email: info@orinote.ai
For any questions regarding data protection, please contact our Data Protection Officer at info@orinote.ai.
3. Information We Collect
3.1 Information You Provide
- Account Information: Name, email address, phone number, clinic/practice name, professional credentials, and billing information when you register for an account or request a demo.
- Patient Data: Audio recordings, transcriptions, clinical notes, and medical documentation created through the Service. This data is processed on behalf of the healthcare provider (our customer) who acts as the data controller for patient data.
- Communications: Information you provide when contacting us for support, submitting inquiries, or providing feedback.
3.2 Information Collected Automatically
- Usage Data: Pages visited, features used, time spent on pages, click patterns, and interaction data.
- Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
- Cookies and Tracking: We use cookies and similar technologies as described in our Cookies Policy.
4. How We Use Your Information
We use the collected information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|
| Providing and maintaining the Service | Performance of contract |
| Processing AI transcriptions and generating clinical notes | Performance of contract |
| Sending service-related communications | Legitimate interest |
| Improving and developing the Service | Legitimate interest |
| Responding to inquiries and support requests | Legitimate interest |
| Complying with legal and regulatory obligations | Legal obligation |
| Billing and payment processing | Performance of contract |
| Marketing communications (with consent) | Consent |
5. Audio and Transcription Data
Our Service processes audio recordings of patient-provider conversations to generate transcriptions and clinical documentation. We handle this data with the highest level of care:
- Audio data is processed automatically and is not stored permanently unless explicitly configured by the healthcare provider.
- Transcriptions and clinical notes are encrypted at rest and in transit.
- Patient data is never used to train our AI models without explicit, separate consent.
- Audio and transcription data is never sold to third parties.
- Healthcare providers maintain full control over their patient data and may request deletion at any time.
6. Data Sharing and Disclosure
We do not sell your personal data. We may share information with:
- Service Providers: Cloud hosting (EU-based data centers), payment processors, and analytics providers who process data on our behalf under strict contractual obligations.
- Legal Requirements: When required by law, regulation, legal process, or governmental request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to affected users.
- With Consent: With your explicit consent for any other purpose.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy:
- Account data: Retained for the duration of the account plus 30 days after deletion request.
- Patient/clinical data: Retained according to the healthcare provider's configuration and applicable medical record retention laws.
- Usage data: Retained for up to 24 months for analytics purposes.
- Marketing data: Retained until consent is withdrawn.
8. Data Security
We implement appropriate technical and organizational security measures to protect your data, including:
- End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256).
- Access controls and authentication mechanisms.
- Regular security audits and penetration testing.
- Employee training on data protection and security practices.
- Incident response procedures for potential data breaches.
9. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When such transfers occur, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Adequacy decisions where applicable.
- Other appropriate safeguards as required by applicable data protection laws.
10. Your Rights
Under the GDPR and applicable Lithuanian data protection law, you have the following rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data ("right to be forgotten").
- Right to Restriction: Request restriction of processing in certain circumstances.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
- Right to Lodge a Complaint: File a complaint with the State Data Protection Inspectorate of the Republic of Lithuania (Valstybine duomenu apsaugos inspekcija) or another competent supervisory authority.
To exercise any of these rights, please contact us at info@orinote.ai.
11. Children's Privacy
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: info@orinote.ai
Data Protection Officer: info@orinote.ai