Notehouse Privacy, Security, and Compliance Overview
Notehouse is committed to protecting user data and supporting organizations in meeting their privacy and security requirements. Below is an overview of how we support major privacy frameworks and what users should know about compliance.
Table of Contents
HIPAA
Notehouse meets the technical and administrative safeguards required under HIPAA for covered entities and business associates who choose to use the platform for protected health information (PHI).
Organizations are responsible for determining whether Notehouse is appropriate for their specific HIPAA-related workflows and for maintaining required internal policies, procedures, and agreements.
CCPA
Notehouse complies with the California Consumer Privacy Act (CCPA) and provides controls that allow organizations and California residents to exercise applicable privacy rights, including access, correction, and deletion of personal data when appropriate.
We do not sell or share user data.
GDPR
Notehouse implements safeguards and data-handling practices aligned with the General Data Protection Regulation (GDPR), including data minimization, secure storage, lawful processing, and user rights to access, correction, and deletion when applicable.
Organizations using Notehouse remain responsible for determining whether the platform meets their specific GDPR obligations based on their workflows, data categories, and regulatory requirements.
Other International Privacy Laws
Privacy requirements vary by country and region.
While Notehouse follows industry-standard security and privacy practices, organizations operating outside the United States or European Union are responsible for evaluating whether Notehouse aligns with their local regulatory obligations and for meeting any additional requirements that apply.
Data Ownership
Your organization owns its data. Notehouse does not access user content unless:
- the user requests technical support and access is required to resolve the issue, or
- a clear Terms of Use violation or platform misuse requires investigation.
We do not use your notes, client data, or account information for analytics, profiling, or any purpose outside platform functionality and support.
Security Practices
Notehouse uses multiple safeguards to protect user data, including:
- multi-factor authentication
- encrypted connections
- role-based access controls
- secure infrastructure
- time-limited support impersonation (when needed for troubleshooting)
- routine security updates
For more information about access controls, see: “Can Notehouse Access My Notes?”
If you have questions, please contact us at support@getnotehouse.com.