Privacy Policy

Learn how Mental Note AI protects your data and maintains HIPAA compliance

Last Updated: March 2026

Introduction

Mental Note AI ("we," "us," "our," or "Company") is committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Word add-in and related services designed to generate AI-powered clinical documentation for mental health professionals.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our service. By accessing and using Mental Note AI, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy.

No Patient Data Stored on Our Servers

Mental Note AI operates on a fundamental principle of data minimization and privacy protection: we do not store, retain, or have persistent access to Protected Health Information (PHI) or patient data. When you use Mental Note AI to generate clinical notes, the add-in processes session information within Microsoft Word to produce clinical documentation. The patient information, session notes, and all clinical content remain exclusively within your Word document and Microsoft's infrastructure.

Our servers never receive, store, or process the actual patient data or clinical content from your notes. This architecture ensures that your patients' sensitive health information is never transmitted to or retained by Mental Note AI's servers, providing you with maximum confidentiality and compliance with HIPAA requirements. All data processing for documentation generation occurs within the Microsoft Word environment, protecting your clinical data at every step.

Information We Collect

We collect information necessary to operate Mental Note AI and provide you with a secure, personalized experience. The types of information we collect include:

  • Account Information: When you create an account with Mental Note AI, we collect your email address and basic profile information required for account management and authentication.
  • Usage Data: We collect technical and analytical data about how you use Mental Note AI, including features accessed, add-in performance metrics, error logs, and session information. This data helps us improve our service, diagnose technical issues, and understand user needs.
  • Payment Information: If you subscribe to a paid plan, we collect billing information. However, we do not directly process or store credit card information. All payment processing is handled by third-party payment processors through secure, encrypted channels. We receive only confirmation of successful transactions and billing status.
  • Device Information: We automatically collect information about the device and software you use to access Mental Note AI, including your operating system version, Word version, browser type, and IP address.

How We Use Your Information

Mental Note AI uses the information we collect for specific, legitimate purposes aligned with healthcare compliance and service delivery:

  • To create, maintain, and manage your account and subscription
  • To process payments and send billing information
  • To deliver, maintain, and improve Mental Note AI services and features
  • To diagnose and resolve technical issues and provide technical support
  • To understand how users interact with our service and optimize user experience
  • To send you important account, service, and legal notifications
  • To comply with legal obligations and enforce our Terms of Service
  • To prevent fraud, security breaches, and other harmful activity

We are committed to using your information only for these specified purposes. We do not sell, rent, lease, or share your personal information with third parties for marketing purposes.

Microsoft Word Integration and Data Processing

Mental Note AI operates as a Microsoft Word add-in, which means your use of our service involves processing data within Microsoft's infrastructure. When you use Mental Note AI, the clinical documentation generation occurs within your Word document and Microsoft's systems. All session data and processing during your work in Word is governed by both our Privacy Policy and Microsoft's privacy policies.

Microsoft's services are processed in accordance with your organizational settings, data residency requirements, and Microsoft's business practices. For users in healthcare organizations, Microsoft provides enterprise-grade security and compliance features that align with HIPAA requirements. We recommend reviewing Microsoft's privacy documentation to understand how Microsoft handles data within Word and Microsoft 365 environments.

HIPAA Compliance

Mental Note AI is designed to support HIPAA compliance for mental health professionals and organizations. We understand the critical importance of protecting Protected Health Information and have built our service with healthcare privacy requirements at its core.

Our commitment to HIPAA compliance includes:

  • Architectural design that prevents transmission of PHI to Mental Note AI servers
  • Secure data transmission using industry-standard encryption (HTTPS/TLS)
  • Strict access controls and authentication mechanisms
  • Regular security assessments and vulnerability testing
  • Administrative safeguards and workforce security training
  • Audit logs and monitoring for unauthorized access attempts

For organizations requiring a Business Associate Agreement (BAA) with Mental Note AI, we provide a standard BAA that outlines our responsibilities as a business associate and ensures compliance with HIPAA Privacy and Security Rules. Organizations using Mental Note AI in a HIPAA-regulated context should execute a BAA before processing PHI. Please contact us at support@mentalnote.ai to request a BAA.

Third-Party Services and Data Sharing

Mental Note AI uses third-party service providers to operate our platform and provide services on our behalf. These vendors have access only to information necessary to perform their functions and are contractually obligated to maintain the confidentiality and security of your data.

Key third-party services include:

  • Microsoft: We rely on Microsoft's infrastructure for Word add-in delivery, user authentication, and data processing within Microsoft 365 environments. Microsoft's privacy policies apply to data processed through their services.
  • Payment Processors: Payment processing is handled by PCI-DSS compliant third-party payment processors. We do not store or have direct access to your credit card information.
  • Hosting and Cloud Infrastructure: We use secure cloud infrastructure providers to host our services and maintain system reliability.
  • Analytics Services: We use privacy-focused analytics tools to understand usage patterns and improve our service. These services do not track individual user behavior or collect PHI.

We carefully select service providers that meet healthcare compliance standards and maintain appropriate data processing agreements. We do not share your personal information with third parties for their independent marketing purposes.

Data Retention

Mental Note AI retains information only as long as necessary to provide services, comply with legal obligations, and protect our legitimate interests. Our data retention practices are designed to minimize the amount of personal information we hold:

  • Account Information: Retained for the duration of your account and for a reasonable period afterward to comply with accounting and legal requirements.
  • Usage Data: Aggregated analytics data is retained for service improvement purposes and is not linked to individual user identities.
  • Payment Information: Retained only as long as required for billing, accounting, and tax purposes, typically for 7 years to comply with regulatory requirements.
  • Technical Logs: System logs and error reports are retained for a limited period to diagnose issues and improve service reliability.

We will not retain information longer than necessary. When you request deletion of your account, we will remove your personal information from our systems, except where retention is required by law or regulation.

Your Privacy Rights and Choices

We believe you should have control over your personal information. Depending on your location and applicable law, you may have the following rights:

  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Correction: You have the right to request correction of inaccurate personal information in our systems.
  • Right to Deletion: You have the right to request deletion of your personal information, subject to certain legal and operational exceptions.
  • Right to Data Portability: You have the right to obtain your personal information in a structured, commonly used, machine-readable format.
  • Right to Opt-Out: You have the right to opt out of non-essential communications and analytics collection.

To exercise any of these rights, please contact us at support@mentalnote.ai with your request. We will respond to your request within 30 days or as required by applicable law. We may need to verify your identity before fulfilling your request.

Cookies and Tracking Technologies

Mental Note AI uses cookies and similar tracking technologies to enhance user experience and understand how our service is used. Cookies are small text files stored on your device that help us recognize you and maintain your preferences.

The types of cookies we use include:

  • Essential Cookies: Required for authentication, security, and basic functionality of our service.
  • Analytics Cookies: Used to understand aggregate usage patterns and improve our service. These cookies do not identify individuals and are used only for aggregate reporting.
  • Preference Cookies: Used to remember your settings and preferences for a better user experience.

We do not use cookies to track individuals across websites or to build behavioral profiles linked to patient data. You can manage cookie preferences through your browser settings, though disabling essential cookies may affect service functionality. We do not respond to "Do Not Track" signals because we do not track individual users for cross-site marketing purposes.

Children's Privacy

Mental Note AI is designed for and directed toward healthcare professionals and is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete such information promptly. If you believe we have collected information from a child under 13, please contact us immediately at support@mentalnote.ai.

Security of Your Information

Mental Note AI implements comprehensive technical, administrative, and physical safeguards designed to protect your personal information from unauthorized access, alteration, disclosure, and destruction. Our security measures include:

  • Encryption of data in transit using TLS/SSL protocols
  • Secure authentication mechanisms including multi-factor authentication support
  • Regular security audits and penetration testing
  • Access controls limiting information to authorized personnel only
  • Incident response procedures and security monitoring
  • Employee training on privacy and security practices

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of information transmitted over the internet or stored electronically. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately of any unauthorized access.

Changes to This Privacy Policy

Mental Note AI may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Last Updated" date at the top of this policy and, for significant changes, by sending you an email notification to the address associated with your account or by displaying a prominent notice on our website.

Your continued use of Mental Note AI following the posting of changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

International Data Transfers

Mental Note AI may process and store information in the United States and other countries where we operate. If you use our service from outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States and other countries, which may have data protection laws different from those in your country of origin. By using Mental Note AI, you consent to the transfer of your information to countries other than your country of residence, which may have different data protection rules.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Mental Note AI
Email: support@mentalnote.ai
Website: https://mentalnote.ai

We will respond to your inquiry within 30 business days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

California Privacy Rights

If you are a California resident, you have additional privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). These laws provide you with the right to know what personal information is collected, the right to delete personal information collected from you, and the right to opt-out of the sale or sharing of your personal information. Mental Note AI does not sell or share personal information as defined under California law. To exercise your rights under CCPA/CPRA, please submit a request to support@mentalnote.ai with "California Privacy Request" in the subject line.

European Users

If you are located in the European Union or United Kingdom, your use of Mental Note AI is governed by the General Data Protection Regulation (GDPR) and UK data protection laws. We process your personal information only with your consent or where we have a legitimate legal basis to do so. You have the right to access, rectify, erase, restrict, or port your personal data. To exercise your rights, please contact support@mentalnote.ai. If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local data protection authority.