Privacy Statement
Version 1.0 • 1 April 2026 • England and Wales
NoteSense is an AI-powered clinical documentation platform developed and operated by NoteSense Limited, a company registered in England and Wales (company number 17090762). Our registered address is First Floor Sterling House, Outrams Wharf, Little Eaton, Derby, DE21 5EL.
We provide tools that enable physiotherapists and allied health practitioners to audio record clinical sessions, generate clinical notes using artificial intelligence, and transfer those notes into clinic management software. We serve both individual practitioners and clinic operators across the United Kingdom.
If you have any questions about this Privacy Statement or how we handle your data, contact us at: privacy@notesense.ai
2. What this statement covers
This Privacy Statement explains how NoteSense Limited collects, uses, stores, and protects personal data in connection with our website and platform. It covers two distinct roles we play depending on the context:
- As a Data Controller — for data we collect directly from website visitors, account holders, and practitioners using our platform
- As a Data Processor — for patient personal data that clinics and practitioners submit to us when using the NoteSense recording and note generation features. In this role, the clinic or practitioner is the Data Controller and we process data on their instructions only.
This statement applies to all personal data we process under UK GDPR and the Data Protection Act 2018.
3. Data we collect and why
3.1 Account and registration data
When you create a NoteSense account, we collect your name, professional role and specialism, clinic or practice name, email address, and payment information. We use this to provide your account, process payments, and communicate with you about the service. The lawful basis is performance of a contract.
3.2 Website usage data
When you visit notesense.ai, we automatically collect IP address, browser type, pages visited, and referring URLs. We use this to improve the website and understand how it is used. The lawful basis is legitimate interests. See our Cookie Policy for full details of tracking technologies used.
3.3 Clinical session data — special category
| How we handle patient health data
When a practitioner uses NoteSense to record a clinical session, the following data is processed: • Audio recording of the session (patient and clinician voices) • AI-generated clinical notes derived from the recording • Patient identifiers passed from the clinic’s management software This is special category health data under UK GDPR Article 9. We process it solely as a Data Processor on the instructions of the clinic (the Data Controller). The lawful basis for this processing sits with the clinic, which is responsible for obtaining valid patient consent. Audio recordings are permanently and irrevocably deleted from NoteSense systems once the clinical notes have been generated and transferred. We do not store patient audio recordings. Only audio is captured. NoteSense does not record video at any point. |
3.4 Clinician quality monitoring data
Where a clinic uses the quality monitoring feature and patients have separately consented, we process the clinician’s audio contributions for professional development and quality assurance purposes. Only the clinician’s voice is used for this purpose. Patient audio is excluded entirely by the platform’s speaker diarisation system. The lawful basis is legitimate interests in clinical quality assurance.
3.5 Communications data
If you contact us by email or through the platform, we retain those communications to respond to your query and for our records. The lawful basis is legitimate interests.
4. How we share your data
We do not sell personal data. We share data only in the following circumstances:
- With sub-processors who help us deliver the platform, including AI processing providers, cloud hosting services, and payment processors. All sub-processors are subject to data processing agreements and are listed below.
- With clinic management software providers (currently Clinico) to transfer completed clinical notes on the practitioner’s instruction.
- Where required by law, court order, or regulatory authority.
- In connection with a business sale or transfer, subject to appropriate confidentiality obligations.
Sub-processors:
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| OpenAI | AI-powered clinical note generation and summarisation | Audio transcripts and clinical text data | United States and other jurisdictions |
| Groq | Audio transcription processing | Audio data (processed transiently) | United States |
| Fireworks AI | Audio transcription processing | Audio data (processed transiently) | United States |
| Resend | Email delivery and communication | Email addresses and account-related data | United States |
| Stripe | Payment processing and billing | Payment details, billing information, and account data | United States and other jurisdictions |
5. International data transfers
NoteSense hosts data in secure data centres in the United Kingdom. Where any sub-processor operates outside the UK, we ensure appropriate safeguards are in place, including UK International Data Transfer Agreements or equivalent mechanisms, before any transfer takes place.
6. How long we keep your data
| Data type | Retention period |
| Session audio recordings | Deleted immediately after clinical notes are generated and transferred. Maximum retention: 24 hours. |
| Clinical notes (generated) | Transferred to clinic software and deleted from NoteSense on transfer confirmation. |
| Account data | For the duration of your subscription and 12 months after account closure, then deleted. |
| Consent records | 7 years from the date of consent, in line with healthcare record-keeping guidance. |
| Payment data | As required by financial regulations, typically 7 years. |
| Website analytics | Aggregated and anonymised. Individual session data deleted after 26 months. |
| Support correspondence | 3 years from last contact. |
7. Your rights
Under UK GDPR you have the following rights in relation to your personal data:
| Right | What it means |
| Right to be informed | To know how your data is used — this statement fulfils that obligation. |
| Right of access | To request a copy of the personal data we hold about you. |
| Right to rectification | To ask us to correct inaccurate data. |
| Right to erasure | To ask us to delete your data, subject to legal obligations. |
| Right to restrict processing | To ask us to pause processing in certain circumstances. |
| Right to data portability | To receive your data in a structured, machine-readable format. |
| Right to object | To object to processing based on legitimate interests, including quality monitoring. |
| Rights re automated decisions | To request human review of any automated decision that significantly affects you. |
To exercise any of these rights, email privacy@notesense.ai. We will respond within one month. There is no charge for reasonable requests.
If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.
8. Children and young people
NoteSense does not knowingly collect personal data from children under 13 through its website. The platform applies automatic age-gating to block live session recordings for patients under 13.
For patients aged 13 to 17, the clinic is responsible for obtaining written parental or guardian consent before any session is recorded. NoteSense processes this data on the clinic’s instruction in its role as Data Processor.
9. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. This includes encryption in transit and at rest, access controls, and regular security reviews. If you become aware of any security concern relating to your account, contact security@notesense.ai immediately.
10. Changes to this statement
We may update this Privacy Statement from time to time. Where changes are material, we will notify account holders by email at least 30 days before the change takes effect. The current version is always available at notesense.ai/privacy-statement/.
11. Contact
NoteSense Limited, First Floor Sterling House, Outrams Wharf, Little Eaton, Derby, DE21 5EL
Email: privacy@notesense.ai | Website: notesense.ai