NotedRx

Privacy Policy

Effective Date: March 22, 2026 · Last Updated: March 22, 2026

NotedRx (“we,” “us,” or “our”) operates the NotedRx platform, a review response tool designed for dental and healthcare practices. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, practice name, and billing information. This information is necessary to provide our services and process payments.

Practice and Review Data

To generate review responses, we process the review text you submit or that is imported from connected platforms (such as Google Business Profile or Yelp). We also store practice profile information you provide, such as practice name, specialty, and preferred communication tone.

Google User Data

When you connect your Google Business Profile, we access the following Google user data through Google's OAuth 2.0 authentication:

  • Google Business Profile account information — your business account ID, used to identify your business listing
  • Google Business Profile location data— your business location ID, used to fetch and respond to reviews for the correct location
  • Google reviews— review content, reviewer names, ratings, and dates from your Google Business Profile, used to display reviews in your dashboard and generate AI responses
  • OAuth tokens— access and refresh tokens used to maintain your connection to Google, stored in encrypted form

We only request access to Google Business Profile data that is necessary to provide review management features. We do not request access to any other Google services or data.

Usage Data

We automatically collect certain information when you use our platform, including IP address, browser type, pages visited, and feature usage patterns. This helps us improve our service and diagnose technical issues.

Cookies and Similar Technologies

We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies. Analytics cookies, if used, are anonymized and used solely to improve the product experience.

2. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the NotedRx platform
  • Generate HIPAA-conscious review responses on your behalf
  • Fetch reviews from your connected Google Business Profile to display in your dashboard
  • Post approved review responses to your Google Business Profile on your behalf (when you explicitly approve a response)
  • Process payments and manage your subscription
  • Send service-related communications (account alerts, updates)
  • Improve our AI response generation and product features
  • Respond to your support requests
  • Comply with legal obligations

3. Google API Services — Limited Use Disclosure

Google API Services User Data Policy Compliance

NotedRx's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, NotedRx:

  • Only uses Google user datato provide and improve user-facing features of the NotedRx platform that are visible in our application interface — specifically, displaying your reviews and posting approved responses
  • Does not transfer Google user data to third parties except as necessary to provide our service (e.g., AI processing for response generation), for security purposes, or to comply with applicable laws
  • Does not use Google user data for advertising, retargeting, or interest-based advertising purposes
  • Does not sell Google user data to any third party, including advertising platforms, data brokers, or information resellers
  • Does not use Google user data to determine credit-worthiness or for lending purposes
  • Does not allow humans to read your Google user data unless: (a) you have given affirmative consent to view specific data, (b) it is necessary for security or abuse investigation, (c) it is required to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations

How Google Data Is Stored

Google OAuth tokens (access tokens and refresh tokens) are encrypted using AES-256-GCM encryption before being stored in our database. They are only decrypted on our servers when needed to make authorized API calls on your behalf.

Google review data (review text, ratings, reviewer names) is stored in our database to display in your dashboard and generate AI responses. This data is treated with the same security measures as all other data in our system.

How to Revoke Google Access

You can disconnect your Google Business Profile from NotedRx at any time through your practice settings. When you disconnect, we will delete your stored Google OAuth tokens. You can also revoke NotedRx's access directly from your Google Account permissions page.

4. Important Note on Protected Health Information (PHI)

NotedRx is designed to help practices respond to reviews without disclosing protected health information. However, we recognize that review text submitted to our platform may contain information posted publicly by patients.

We do not use review content to build patient profiles, and we do not share review content with third parties for marketing purposes. Review data is processed solely for the purpose of generating compliant responses and is handled with the same care as any sensitive business data.

NotedRx does not access, store, or process electronic health records (EHR), patient charts, or clinical data. Our platform operates exclusively on publicly posted review content and practice profile information.

5. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Service providers who help us operate our platform (payment processing via Stripe, cloud hosting via Vercel and Supabase, email delivery via Resend), under strict contractual obligations
  • AI processing partners(Anthropic) to generate review responses — review text is sent to our AI provider for processing and is subject to their data handling policies
  • Review data providers (Outscraper) to fetch reviews from public review platforms on your behalf
  • Legal authorities when required by law, regulation, or valid legal process

We do not share Google user data with any third parties for advertising, data brokerage, or purposes unrelated to providing our service.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) for all data transmissions
  • AES-256-GCM encryption for sensitive stored data (including Google OAuth tokens)
  • Row-level security policies in our database
  • Access controls ensuring users can only access their own practice data
  • Regular security reviews of our codebase and infrastructure

However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your account data for as long as your account is active. If you close your account, we will delete or anonymize your data within 90 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes).

Generated review responses are retained for your reference and can be deleted by you at any time through the platform.

When you disconnect your Google Business Profile, your stored Google OAuth tokens are deleted immediately. Google review data that has already been imported will be retained as part of your practice data unless you request its deletion.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Revoke access to your Google Business Profile data at any time

To exercise any of these rights, contact us at support@notedrx.com.

9. Third-Party Services

Our platform integrates with the following third-party services, each governed by their own privacy policies:

  • Google Business Profile— for fetching and responding to Google reviews
  • Stripe— for payment processing
  • Anthropic (Claude)— for AI-powered review response generation
  • Outscraper— for fetching reviews from public review platforms
  • Supabase— for database and authentication services
  • Vercel— for application hosting
  • Resend— for email delivery

We encourage you to review the privacy policies of these services. We are not responsible for the privacy practices of third-party services.

10. Children's Privacy

NotedRx is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our platform at least 30 days before they take effect. If we make changes to how we use Google user data, we will notify you and obtain your consent before using Google data in any new way. Your continued use of NotedRx after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, our data practices, or how we handle your Google user data, contact us at:

NotedRx
Email: support@notedrx.com