Privacy Policy

This Privacy Policy describes how NOETED, Inc. ("NOETED," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our website, platform, and services (collectively, the "Services").

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, organization name, job title, and password. If you subscribe to a paid plan, we collect billing information including payment method details processed through our third-party payment processor.

1.2 Usage Data

We automatically collect information about how you interact with our Services, including pages visited, features used, actions taken, timestamps, browser type, device information, and IP address.

1.3 Document Data

When you connect document sources or upload files for analysis, we temporarily process the content of those documents. NOETED implements ephemeral data handling: uploaded documents are processed in encrypted temporary storage and are automatically deleted within 24 to 48 hours of processing completion. We do not persistently store your source documents.

1.4 Communications

When you contact us via email, contact form, or other channels, we collect the content of those communications along with your contact information.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process regulatory documents and generate compliance analysis
• Create and manage your account
• Process payments and send billing-related communications
• Send product updates, security alerts, and support messages
• Respond to your inquiries and provide customer support
• Analyze usage patterns to improve the platform
• Comply with legal obligations

3. HIPAA Considerations

NOETED is designed to process healthcare compliance and policy documents, not patient health information (PHI). Our platform analyzes organizational policies, procedures, and regulatory documents.

If a customer's documents inadvertently contain PHI, NOETED's ephemeral processing model ensures that such data is not persistently stored. Documents are processed in encrypted temporary storage and automatically purged within 24 to 48 hours.

For Enterprise customers who require a Business Associate Agreement (BAA), please contact us at contactus@noeted.com to discuss your specific requirements.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information in the following circumstances:

• Service Providers: We share information with third-party vendors who assist in operating our Services, including cloud hosting, payment processing, email delivery, and analytics. These providers are contractually obligated to protect your data.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• With Your Consent: We may share information with your explicit consent.

5. Third-Party Services

Our Services integrate with or rely on the following categories of third-party services:

• Cloud Infrastructure: We use industry-leading cloud providers to host our platform with encryption at rest and in transit.
• Payment Processing: Payment information is processed by PCI-compliant third-party payment processors. We do not store full credit card numbers on our servers.
• Analytics: We use analytics tools to understand usage patterns and improve our Services. Data collected by these tools is aggregated and anonymized.
• Document Connectors: When you connect external document sources (SharePoint, Google Drive, Box, SFTP), we access your documents through authorized API connections using your credentials or OAuth tokens.
• AI Processing: We use AI language models to analyze regulatory documents and generate compliance recommendations. Document content sent to AI models is processed ephemerally and not used for model training.

6. Data Security

We implement technical and organizational measures to protect your information, including:

• Encryption of data at rest and in transit (TLS 1.2+)
• Ephemeral document processing with automatic deletion
• Role-based access controls
• Regular security assessments and penetration testing
• Immutable audit logging of all platform actions
• SOC 2 compliance program (Enterprise plans)

7. Data Retention

We retain your account information for as long as your account is active or as needed to provide Services. Uploaded documents are deleted within 24 to 48 hours of processing. Compliance analysis results, workflow data, and audit trail records are retained according to your organization's configured retention policies. You may request deletion of your account and associated data at any time.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request a machine-readable copy of your data.
• Objection: Object to certain processing activities.
• Withdrawal of Consent: Withdraw previously given consent at any time.

To exercise any of these rights, contact us at contactus@noeted.com.

9. Cookies and Tracking

We use cookies and similar technologies to maintain session state, remember preferences, and analyze usage. You can control cookie settings through your browser. Disabling cookies may limit certain functionality of our Services.

10. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.

11. International Data Transfers

Your information may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our Services after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

NOETED, Inc.
Email: contactus@noeted.com
Website: noeted.ai