Privacy Policy

Last updated: January 15, 2024

1. Introduction

SpeechNote ("we," "our," or "us") is a product of Dalai Solutions AS, a company committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered transcription service for mental health professionals.

This policy complies with the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and other applicable privacy laws.

2. Information We Collect

2.1 Personal Information

  • Name, email address, and professional credentials
  • Practice information and contact details
  • Account preferences and settings
  • Payment and billing information

2.2 Health Information

  • Audio recordings of therapy sessions (with explicit consent)
  • Transcribed text and clinical notes
  • Patient information (anonymized when possible)
  • Template preferences and documentation patterns

2.3 Technical Information

  • Device information and IP addresses
  • Usage analytics and performance data
  • Cookies and similar tracking technologies
  • Log files and error reports

3. How We Use Your Information

  • Provide AI transcription and documentation services
  • Improve our algorithms and service quality
  • Process payments and manage subscriptions
  • Send important service updates and notifications
  • Ensure HIPAA and GDPR compliance
  • Prevent fraud and ensure security

4. Legal Basis for Processing (GDPR)

  • Consent: Explicit consent for health data processing
  • Contract: Processing necessary for service delivery
  • Legal Obligation: Compliance with healthcare regulations
  • Legitimate Interest: Service improvement and security

5. Data Security

  • End-to-end encryption for all data transmission
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Secure data centers with physical security
  • Regular staff training on data protection

6. Your Rights (GDPR)

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate information
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Export your data
  • Right to Object: Opt-out of certain processing

To exercise these rights, contact us at sven@dalai.no

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Account data: Until account closure + 7 years
  • Health records: As required by applicable laws
  • Analytics data: 2 years maximum
  • Marketing data: Until consent withdrawal

8. Third-Party Services

We may use trusted third-party services for:

  • Cloud hosting and storage (HIPAA-compliant providers)
  • Payment processing (PCI DSS compliant)
  • Analytics and monitoring
  • Customer support tools

All third-party services are bound by strict data protection agreements.

9. International Transfers

If we transfer your data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Certification schemes and codes of conduct

10. Children's Privacy

Our service is not intended for individuals under 18. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our service. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Information

For questions about this Privacy Policy or our data practices, contact us:

  • Email: sven@dalai.no
  • Organization: Dalai Solutions AS
  • Organization Number: 934555104
  • Address: Kapteinrosens vei 48, Trondheim, Norway
Privacy Policy - SpeechNote