Privacy & Security

Privacy.

Protected.

Privacy is a fundamental human right. It’s also one of our core values. Which is why we have designed our products & services to protect it. That’s the kind of innovation we believe in.

Anonymised Patient Data

If patient identifiers, such as names are detected, Note Dr detects and redacts this information, to ensure your patients, clients and colleagues identity is protected.

" It's lovely to

meet you,

Mrs Dobson " [Patient Name] "

Audio Recordings, Deleted

You have the ability to download the recording of your session. After ending the session, audio recordings are deleted from Note Dr and never accessible again.

Whether it's intimate confessions, difficult conversations or light-hearted humor, your appointment needs to be protected .

End-to-End Encryption

Note Dr is encrypted over 256-bit SSL, which cannot be viewed by unauthorised third parties.

Layers of Privacy

We add additional layers of protection to all of your appointments, to ensure they stay between you and your patient.

Enterprise Security

Built-in layers of security give you the peace of mind to focus on connecting with your world.

Data Centres

We ensure that the machines within the Note Dr network are protected at all times. Note Dr uses industry leading data centres managed by Equinix, which are also trusted and used by Google, Microsoft and Amazon. Investing in leading data centres provide a highly scalable cloud computing platform with advanced end-to-end security and privacy features as standard.

Access to these data centres is strictly controlled and monitored using a variety of physical controls, intrusion detection systems, environmental security measures, 24 x 7 on-site security staff, biometric scanning, multi-factor authentications, video surveillance and other electronic means. All physical and electronic access to data centres is authorised strictly on a least privileged basis and is logged and audited routinely.

These Data Centers are certified to meet rigorous security standards:

These Data Centers are certified to meet rigorous security standards (right):

Artificial intelligence has the potential to benefit nearly every aspect of our lives—so it must be developed and deployed responsibly .

Product Security

MFA can be enabled for user accounts via an SSO provider.

Note Dr implements Role-Based Access Control (RBAC) to manage permissions.

Customers can authenticate using SSO, including SAML.

Customer data is not used in non-production environments.

Access Control

Access to internal systems is granted based on the principle of least privilege and is reviewed on a regular basis.

All important security events in our environment are monitored.

We have a strong internal password policy that includes a requirement for MFA for accounts that do not support SSO. Passwords are stored in a company managed password manager.

Endpoint Security

Full-disk encryption is used to protect employee endpoints.

Employee endpoints are protected from malicious web traffic.

All employee endpoints are protected with an advanced EDR solution.

All employee endpoints are centrally managed and secured using an MDM solution.

Note Dr's Security Defense and Intelligence proactively monitors for known attacker TTPs, known malicious binaries, and suspicious activity in the environment. Our team also review anomalous activity and hunt for unknown threats on a regular cadence.

Network Security

We restrict removable media on endpoints and have tools to monitor for suspicious activity, including data exfiltration.

Our domain has DMARC enabled to reduce the risk of spoofing attacks.

We use Firewalls to monitor and control traffic in our infrastructure.

Network activity is centrally logged and arbitrary detection logic has been defined to identify attackers and other anomalous behavior and generate alerts for further investigation.

Important infrastructure logs are centrally stored and monitored.

Corporate Security

We restrict removable media on endpoints and have tools to monitor for suspicious activity, including data exfiltration.

Personnel perform security and privacy awareness training on an annual basis. Topics covered include: Passwords, Mobile devices, Social Engineering, Physical security, Phishing, GDPR and CCPA.

We have a documented Incident Response Plan that is reviewed, tested and approved at least annually.

Privacy.

Protected.

Privacy is a fundamental human right. It’s also one of our core values. Which is why we have designed our products & services to protect it. That’s the kind of innovation we believe in.

Anonymised Patient Data

If patient identifiers, such as names are detected, Note Dr detects and redacts this information, to ensure your patients, clients and colleagues identity is protected.

" It's lovely to

meet you,

Mrs Dobson " [Patient Name] "

Audio Recordings, Deleted

You have the ability to download the recording of your session. After ending the session, audio recordings are deleted from Note Dr and never accessible again.

Whether it's intimate confessions, difficult conversations or light-hearted humor, your appointment needs to be protected .

End-to-End Encryption

Layers of Privacy

Enterprise Security

Data Centres

These Data Centers are certified to meet rigorous security standards:

These Data Centers are certified to meet rigorous security standards (right):

Artificial intelligence has the potential to benefit nearly every aspect of our lives—so it must be developed and deployed responsibly .

Product Security

MFA can be enabled for user accounts via an SSO provider.

Note Dr implements Role-Based Access Control (RBAC) to manage permissions.

Customers can authenticate using SSO, including SAML.

Customer data is not used in non-production environments.

Access Control

Access to internal systems is granted based on the principle of least privilege and is reviewed on a regular basis.

All important security events in our environment are monitored.

We have a strong internal password policy that includes a requirement for MFA for accounts that do not support SSO. Passwords are stored in a company managed password manager.

Endpoint Security

Full-disk encryption is used to protect employee endpoints.

Employee endpoints are protected from malicious web traffic.

All employee endpoints are protected with an advanced EDR solution.

All employee endpoints are centrally managed and secured using an MDM solution.

Note Dr's Security Defense and Intelligence proactively monitors for known attacker TTPs, known malicious binaries, and suspicious activity in the environment. Our team also review anomalous activity and hunt for unknown threats on a regular cadence.

Network Security

We restrict removable media on endpoints and have tools to monitor for suspicious activity, including data exfiltration.

Our domain has DMARC enabled to reduce the risk of spoofing attacks.

We use Firewalls to monitor and control traffic in our infrastructure.

Network activity is centrally logged and arbitrary detection logic has been defined to identify attackers and other anomalous behavior and generate alerts for further investigation.

Important infrastructure logs are centrally stored and monitored.

Corporate Security

We restrict removable media on endpoints and have tools to monitor for suspicious activity, including data exfiltration.

Personnel perform security and privacy awareness training on an annual basis. Topics covered include: Passwords, Mobile devices, Social Engineering, Physical security, Phishing, GDPR and CCPA.

We have a documented Incident Response Plan that is reviewed, tested and approved at least annually.

We conduct an annual risk assessment to identify major gaps in our environment.

We perform frequent penetration testing.

Our Policies

Privacy & Cookies Policy

Review Policy →

Website Terms of Use

Review Terms →