Privacy Policy

1. Overview

NotoMed.dev (“we,” “us,” or “our”) operates a collection of physician-built clinical decision-support tools at notomed.dev (the “Site”). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using the Site, you agree to the practices described in this policy. If you do not agree, please discontinue use.

For detailed information about how patient data is handled, de-identified, and processed within inReview (our clinical note summarizer), please see our Patient Privacy & PHI De-Identification Policy.

2. Data We Collect

a. Data you provide

• Feedback & contact forms: name (optional), email (optional), and message content submitted through our feedback or support forms.
• Support/donation information: payment details are processed entirely by Stripe; we never see or store your full card number.

b. Data collected automatically

• Analytics: we use Vercel Analytics and Google Analytics to collect anonymous usage metrics (page views, device type, browser, country). No personally identifiable information (PII) is collected through analytics.
• Cookies: we use a single first-party cookie (NEXT_LOCALE) to store your language preference, and localStorage for theme preference and sidebar state. No third-party tracking cookies are used.

c. Clinical data entered into tools

Several tools on NotoMed.dev allow you to enter clinical information (e.g., lab values, medication doses, clinical notes). This data is processed entirely in your browser and is never sent to our servers or stored unless explicitly stated otherwise. For inReview (our note summarizer), clinical notes are first de-identified client-side before being sent to AI providers. Other AI-powered tools (inScope, Pre-op Risk Stratifier) do not process patient notes and do not require de-identification. See our PHI De-Identification Policy for full details.

3. How We Use Data

• To respond to feedback and support requests.
• To improve the Site and tools through anonymous usage analytics.
• To process voluntary donations via Stripe.
• To provide tool functionality (calculations, recommendations) — processed client-side.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services. Each processes data according to its own privacy policy:

• Vercel: hosting and analytics (Privacy Policy).
• Google Analytics: anonymous usage tracking (Privacy Policy).
• Stripe: payment processing for donations (Privacy Policy).
• OpenAI / Anthropic: AI inference for inScope (evidence retrieval) and inReview (note summarization). For inReview, text is de-identified client-side before transmission. inScope does not process patient data. See our PHI De-Identification Policy for details.

5. Data Retention

Clinical data entered into tools is not retained — it exists only in your browser session. Feedback submissions are retained only as long as needed to respond. Anonymous analytics data is retained per the respective provider's policies.

6. Your Rights

Since we collect minimal personal data, there is typically nothing to delete. If you submitted feedback containing personal information and wish to have it removed, contact us via the feedback form or email at yasmineabbey@gmail.com.

7. Children's Privacy

NotoMed.dev is intended for licensed healthcare professionals and medical trainees. We do not knowingly collect data from individuals under the age of 18.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the Site constitutes acceptance of the revised policy.

9. Contact

For privacy-related questions or requests, contact us via the feedback form on NotoMed.dev or email yasmineabbey@gmail.com.