Privacy Policy

1. Introduction

CasenotePRO ("we", "our", "us") is a privacy-first documentation application designed for social workers and allied professionals. This Privacy Policy explains how information is collected, used, processed, stored, and protected when you use the CasenotePRO mobile application and related services ("Services").

By using CasenotePRO, you agree to this Privacy Policy.

2. Information We Collect

a. Account Information

When you create an account, we collect only the minimum required information:

• Email address (if signing up with email)
• Apple Sign-In (which may use a private relay email)
• Google Sign-In identifier

We do not require names, profile photos, or additional personal details.

b. Case Notes & Professional Content

You may create or input:

• Case notes
• Assessments
• Dictated text
• Structured documentation
• Uploaded audio clips (for transcription, if enabled)

c. Third-Party (Client) Information

You may input information relating to third parties (including clients, families, or children).

You are responsible for ensuring you have lawful authority and appropriate consent to collect and process such information.

CasenotePRO acts as a data processor. You remain the data controller for any client or third-party information you enter.

d. Technical & Diagnostic Information

We may collect limited technical data such as:

• Device type and operating system version
• App performance metrics
• Crash reports

This information is used solely to improve reliability and performance and is not linked to case content.

3. On-Device Storage & Security

CasenotePRO is designed with a local-first, privacy-by-design architecture.

• Case notes and transcripts are stored only on your device
• Data is not synced to iCloud
• Data is not backed up to our servers
• Data is not shared across devices, even when using the same account

If you sign in on a different device, previously created data will not be available.

Biometric Protection

CasenotePRO supports optional biometric security (such as Face ID).

When enabled:

• Access to the app requires biometric authentication
• Data remains protected by device-level encryption and secure hardware safeguards

Users are strongly encouraged to enable biometric protection and maintain appropriate device security (passcodes, encryption, OS updates).

App Deletion

Because data is stored locally:

• Deleting the app permanently deletes all stored data
• Deleted data cannot be recovered
• We do not maintain backups of locally stored content

This design maximises user control and confidentiality.

4. Speech-to-Text Processing

CasenotePRO supports both on-device and cloud-based transcription, depending on device capability and subscription status.

a. On-Device Transcription

On supported devices:

• Audio is processed entirely on the device
• No audio or transcripts are uploaded to our servers
• We do not access or store this data

b. Cloud-Based Transcription (Optional)

If cloud transcription is enabled:

• Audio is uploaded to a temporary, signed URL in secure Google Cloud storage
• The audio is accessed by a transcription provider (such as Groq or AssemblyAI) solely for transcription
• Once transcription is complete, the audio file is deleted immediately
• Audio is not retained by us

Cloud transcription is used only to deliver the requested functionality.

5. AI-Based Processing & Structuring

CasenotePRO uses artificial intelligence to assist with:

• Structuring notes
• Improving clarity and formatting
• Generating summaries or drafts (when requested)

We primarily use OpenRouter to route requests to AI providers that support zero data-retention endpoints.

AI features are assistive only and do not replace professional judgment.

6. Data Minimisation & Best Practice

To support confidentiality and privacy-by-design principles, CasenotePRO encourages the use of pseudonyms, initials, or non-identifying references when recording case notes, where appropriate and permitted by professional guidelines.

Where full personal identifiers are not required:

• Avoid using full names
• Avoid unnecessary personal details
• Use initials, codes, or non-identifying references

This practice helps reduce risk in the event of device loss or unauthorised access and aligns with professional documentation standards.

Users remain responsible for ensuring their documentation practices comply with applicable laws, organisational policies, and professional requirements.

7. Regulatory Standards & Compliance

CasenotePRO is designed to support HIPAA-aligned workflows and is built with privacy-by-design principles that support international privacy standards (including UK GDPR, PIPEDA, the Australian Privacy Principles, and the New Zealand Privacy Act 2020).

Note that case notes are stored locally on your device, but certain features necessarily involve cloud processing: cloud transcription (where selected) and AI-based structuring send content to third-party providers as described in Sections 4 and 5. On-device transcription is available on supported devices (iPhone 12 and later).

The following summaries explain how CasenotePRO is designed to support the privacy frameworks referenced on our website. They are provided for transparency only, are not legal advice, and do not constitute certification or a guarantee of compliance under any of these regimes.

a. United States — HIPAA

Where you are a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA), you remain responsible for your own HIPAA obligations, including executing any required Business Associate Agreements (BAAs) with your downstream vendors. CasenotePRO supports HIPAA-aligned workflows through local-first storage, optional on-device transcription, and the use of zero-retention AI endpoints, but we do not currently offer a BAA and are not a certified HIPAA-compliant service. You are responsible for determining whether the app is appropriate for protected health information (PHI) in your context, and for using data-minimisation practices (such as initials or non-identifying references) where possible.

b. United Kingdom — UK GDPR & Data Protection Act 2018

Under the UK GDPR and Data Protection Act 2018, you act as the data controller for any personal data you enter, and CasenotePRO acts as a data processor processing that data only on your instructions to deliver the requested features. Case notes are stored locally on your device; cloud transcription and AI structuring involve processing by sub-processors (see Section 8). Case notes may contain special category data (such as health or social-care information), so you are responsible for identifying a lawful basis and an Article 9 condition, completing any required Data Protection Impact Assessment, and honouring data-subject rights. International transfers may occur where sub-processors operate outside the UK; these rely on appropriate safeguards such as standard contractual clauses.

c. Canada — PIPEDA

Under the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws, you are responsible for obtaining meaningful consent from individuals before recording their personal information, and for limiting collection to what is necessary. CasenotePRO supports these principles through local-first storage, data minimisation, and zero-retention processing. Some processing (cloud transcription and AI structuring) may occur outside Canada via our sub-processors; you remain accountable under PIPEDA for personal information transferred for processing.

d. Australia — Privacy Act 1988 & Australian Privacy Principles

CasenotePRO is operated from Australia. Where the Privacy Act 1988 and the Australian Privacy Principles (APPs) apply to you, you are responsible for collecting personal and sensitive information lawfully and with consent (APP 3), notifying individuals (APP 5), and handling cross-border disclosure appropriately (APP 8). Health information is sensitive information attracting higher protection. CasenotePRO supports these obligations through local-first storage and minimisation, while cloud transcription and AI structuring may involve overseas recipients as described in Section 8.

e. New Zealand — Privacy Act 2020

Under the New Zealand Privacy Act 2020 and its 13 Information Privacy Principles, you are responsible for collecting personal information for a lawful purpose, being transparent with individuals, and ensuring that any overseas disclosure (IPP 12) is to a provider subject to comparable safeguards. CasenotePRO supports these principles through local-first storage, data minimisation, and zero-retention processing, while certain features rely on the overseas sub-processors listed in Section 8. You remain responsible for meeting notifiable-privacy-breach obligations in relation to information you control.

8. Cloud Infrastructure & Third-Party Services

We use trusted third-party services solely to operate the Services, including:

• Google Cloud (backend services, signed URLs, infrastructure)
• Firebase Authentication (account management, password reset)
• Transcription providers such as Groq and AssemblyAI (for optional cloud transcription)
• OpenRouter (AI processing with zero data-retention endpoints)
• RevenueCat (subscription and payment services)

These providers are required to protect data in accordance with applicable security and privacy standards.

9. How We Use Information

We use information only to:

• Authenticate users
• Provide transcription and note-processing features
• Process subscriptions and payments
• Improve app stability and performance
• Maintain security and prevent misuse

We do not sell personal data or use it for advertising.

10. Data Retention

• Locally stored data remains on your device until you delete it or uninstall the app
• Cloud-processed audio is deleted immediately after transcription
• Limited technical logs may be retained for operational and security purposes

11. Your Rights

Depending on your location, you may have rights to:

• Access personal information we hold
• Request correction of inaccurate data
• Request deletion of account-level information
• Export account-level data

Requests can be made using the contact details below.

12. Children's Privacy

CasenotePRO is not intended for use by individuals under 18. Professionals may record information about minors as part of lawful professional activities.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app or our website.

14. Contact Us

If you have questions about this Privacy Policy: