Privacy policy · Praxnote

Last updated: 2026-04-30. This is a summary; the binding terms live in your signed agreement.

What this policy covers

This policy covers two surfaces:

The praxnote.com marketing site, the page you're reading.
The Praxnote platform, the application your practice uses, governed by your BAA and service agreement.

The marketing site

praxnote.com is a static site served from Netlify with no third-party analytics by default. We collect what you submit through forms (demo requests, contact, BAA requests) and use that information to respond to you.

No third-party trackers or fingerprinters by default.
No third-party CDN assets, fonts are self-hosted via @fontsource.
Forms route to Netlify Forms; submissions are emailed to the Praxnote team.
We retain form submissions long enough to respond and follow up; we do not sell or share them.

The Praxnote platform

Inside the Praxnote application, your data (including PHI) is governed by your BAA and service agreement. The architectural commitments below are baseline:

All PHI columns encrypted at rest with Fernet.
TLS 1.2+ in transit.
PostgreSQL Row-Level Security for multi-tenant isolation.
Activity log on every PHI read and write.
Right-to-erasure workflow (GDPR Article 17 / PIPEDA equivalent).
Six-year retention via redaction, not deletion.
No third-party AI proxies, Anthropic API direct.
Your data is never used to train AI models.

Cookies

The marketing site uses no cookies for tracking. The platform uses cookies and local storage for session management (JWT, language preference), never for cross-site tracking or advertising.

Your rights

You have the right to access, correct, and (where applicable) erase data you've provided. Email privacy@praxnote.com for access or correction. For erasure inside the platform, your practice administrator can open an erasure request from the application.

Contact

Questions about this policy should go to privacy@praxnote.com. Security disclosures should go to security@praxnote.com.