Notehouse Privacy, Security, and Compliance Overview
Notehouse is committed to protecting user data and supporting organizations as they meet their privacy and security requirements. Below is an overview of how we support major privacy frameworks and what users should know about compliance.
Table of Contents
HIPAA
Notehouse maintains technical and administrative safeguards required under HIPAA to support covered entities and business associates that use the platform for protected health information (PHI).
Organizations are responsible for determining whether Notehouse is appropriate for their specific HIPAA-related workflows and for maintaining required internal policies, procedures, and agreements.
CCPA
Notehouse complies with the California Consumer Privacy Act (CCPA) and provides controls that allow organizations and California residents to exercise applicable privacy rights, including the right to access, correct, and delete personal data when appropriate.
We do not sell or share user data.
GDPR
Notehouse implements safeguards and data-handling practices aligned with the General Data Protection Regulation (GDPR), including data minimization, secure storage, lawful processing, and applicable user rights to access, correct, and delete personal data.
Organizations using Notehouse remain responsible for determining whether the platform meets their specific GDPR obligations based on their workflows, data categories, and applicable regulations.
Other International Privacy Laws
Privacy requirements vary by country and region.
While Notehouse follows industry-standard security and privacy practices, organizations operating outside the United States or European Union are responsible for evaluating whether Notehouse aligns with their local regulatory obligations. They are also responsible for meeting any additional requirements that apply.
Data Ownership
Your organization owns its data. Notehouse does not access user content unless:
- the user requests technical support and access is required to resolve the issue, or
- a clear Terms of Use violation or platform misuse requires investigation.
We do not use your notes, client data, or account information for analytics, profiling, or any purpose unrelated to platform functionality or support.
Security Practices
Notehouse uses multiple safeguards to protect user data, including:
- two-factor authentication (2FA)
- encrypted connections
- role-based access controls
- secure infrastructure
- time-limited support impersonation (when needed for troubleshooting)
- routine security updates
For more information about access controls, see Can Notehouse Access My Notes?
For questions, contact us at support@getnotehouse.com.