Notehouse Privacy, Security, and Compliance Overview

Notehouse is committed to protecting user data and supporting organizations as they meet their privacy and security requirements. Below is an overview of how we support major privacy frameworks and what users should know about compliance.  

Table of Contents


HIPAA

Notehouse maintains technical and administrative safeguards required under HIPAA to support covered entities and business associates that use the platform for protected health information (PHI).

Organizations are responsible for determining whether Notehouse is appropriate for their specific HIPAA-related workflows and for maintaining required internal policies, procedures, and agreements.


CCPA

Notehouse complies with the California Consumer Privacy Act (CCPA) and provides controls that allow organizations and California residents to exercise applicable privacy rights, including the right to access, correct, and delete personal data when appropriate.

We do not sell or share user data.


GDPR

Notehouse implements safeguards and data-handling practices aligned with the General Data Protection Regulation (GDPR), including data minimization, secure storage, lawful processing, and applicable user rights to access, correct, and delete personal data.

Organizations using Notehouse remain responsible for determining whether the platform meets their specific GDPR obligations based on their workflows, data categories, and applicable regulations.


Other International Privacy Laws

Privacy requirements vary by country and region.

While Notehouse follows industry-standard security and privacy practices, organizations operating outside the United States or European Union are responsible for evaluating whether Notehouse aligns with their local regulatory obligations. They are also responsible for meeting any additional requirements that apply.


Data Ownership

Your organization owns its data. Notehouse does not access user content unless:

  • the user requests technical support and access is required to resolve the issue, or
  • a clear Terms of Use violation or platform misuse requires investigation.

We do not use your notes, client data, or account information for analytics, profiling, or any purpose unrelated to platform functionality or support.


Security Practices

Notehouse uses multiple safeguards to protect user data, including:

  • two-factor authentication (2FA)
  • encrypted connections
  • role-based access controls
  • secure infrastructure
  • time-limited support impersonation (when needed for troubleshooting)
  • routine security updates

For more information about access controls, see Can Notehouse Access My Notes?


For questions, contact us at support@getnotehouse.com.

Still need help? Contact Us Contact Us