Effective Date: January 10, 2025

1. Introduction

Ready Notes, LLC ("Ready Notes," "we," "us," or "our") provides a documentation platform designed for Early Steps providers and early intervention professionals. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website, mobile applications, and services (collectively, the "Services").

We are committed to protecting the privacy and security of all information entrusted to us, including Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). By using our Services, you agree to the terms of this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and professional credentials
  • Email address
  • Phone number (optional, required if opting in to SMS notifications)
  • Practice or organization name
  • Billing and payment information
2.2 Protected Health Information (PHI)

In the course of providing our Services, you may upload or enter PHI related to the children and families you serve. This may include:

  • Client names, dates of birth, and contact information
  • Individualized Family Service Plan (IFSP) documents and data
  • Visit notes and progress documentation
  • Developmental assessments and outcomes
  • Service delivery records
2.3 Usage Information

We automatically collect certain information when you use our Services, including:

  • Device information (type, operating system, browser)
  • Log data (IP address, access times, pages viewed)
  • Feature usage and interaction data
2.4 Cookies and Similar Technologies

We use cookies and similar tracking technologies to operate and improve our Services. These technologies help us:

  • Keep you logged in and remember your preferences
  • Understand how you use our Services
  • Improve performance and user experience

You can control cookies through your browser settings. Disabling certain cookies may limit your ability to use some features of our Services.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Services
  • Process IFSP documents and generate AI-assisted visit plans
  • Create and manage your account
  • Process payments and send billing communications
  • Send service-related communications and updates
  • Send SMS/text messages if you have opted in, including appointment reminders, service notifications, and account alerts
  • Respond to your requests and provide customer support
  • Monitor and analyze usage patterns to improve user experience
  • Comply with legal obligations
3.1 AI and Automated Processing

Our Services use artificial intelligence to analyze uploaded documents and generate suggested visit plans. This processing is designed to assist you in your work and does not make autonomous decisions about client care. You maintain full control over all documentation and can modify or reject any AI-generated suggestions. We do not use your data to train AI models.

4. HIPAA Compliance and PHI Protection

Ready Notes functions as a Business Associate under HIPAA when processing PHI on behalf of covered entities. We maintain appropriate administrative, physical, and technical safeguards to protect PHI in accordance with HIPAA requirements.

4.1 Business Associate Agreements

We enter into Business Associate Agreements (BAAs) with healthcare providers who use our Services and with our subcontractors who may access PHI. These agreements ensure all parties maintain appropriate protections for PHI.

4.2 Use of PHI

We only use and disclose PHI as permitted by our Business Associate Agreements, as required by law, or as otherwise authorized. We do not sell PHI or use it for marketing purposes. PHI may be processed by our AI systems solely to provide document analysis and visit planning features within the Services.

5. Third-Party Service Providers

We work with trusted third-party service providers to operate our Services. These providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.1 Providers with Business Associate Agreements (PHI Access)

Certain service providers may process PHI on our behalf and have signed Business Associate Agreements with us. These include:

  • HIPAA-compliant cloud database hosting providers
  • Secure document storage providers
  • AI processing services for document analysis
5.2 Providers without PHI Access

Other service providers support our Services but do not have access to PHI. These include:

  • Authentication and identity verification services
  • Payment processing services
  • Business communication tools
  • Software development and hosting infrastructure

A list of our current sub-processors is available upon request for compliance purposes. Please contact us at privacy@readynotes.app.

6. Data Security

We implement robust security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Access controls and authentication requirements
  • Regular security assessments and monitoring
  • Employee training on data protection and HIPAA requirements
  • Incident response procedures for potential breaches

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We encourage you to use strong passwords and protect your login credentials.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide you Services. We retain PHI in accordance with applicable law and our Business Associate Agreements, which typically require retention for a minimum of six (6) years from the date of creation or last effective date, whichever is later.

Upon account termination, you may request export or deletion of your data. Certain information may be retained as required by law or for legitimate business purposes such as fraud prevention.

8. Data Location and Transfers

Your information is processed and stored in the United States. Our service providers may process data in other locations, but we ensure appropriate safeguards are in place through contractual obligations and, where applicable, Business Associate Agreements that require HIPAA-compliant protections regardless of where data is processed.

9. Your Rights and Choices

Depending on your location and applicable law, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Data Portability: Request export of your data in a commonly used format
  • Opt-Out: Opt out of marketing communications at any time

To exercise these rights, please contact us using the information provided in Section 14. For rights related to PHI, please refer to the Notice of Privacy Practices provided by your covered entity or contact us directly.

9.1 Do Not Track

Some browsers offer a "Do Not Track" (DNT) setting. Our Services do not currently respond to DNT signals. However, you can manage your privacy preferences through your browser's cookie settings as described in Section 2.4.

9.2 SMS/Text Messages

If you opt in to receive SMS/text messages from us, you agree to receive service-related messages at the phone number you provide. Message frequency varies based on your account activity. Message and data rates may apply depending on your mobile carrier plan. You may opt out of SMS messages at any time by replying STOP to any message or by updating your communication preferences in your account settings. After opting out, you may receive one final confirmation message. Opting out of SMS will not affect other communications from us. For help with SMS, reply HELP to any message or contact us at support@readynotes.app.

10. Children's Privacy

Our Services are designed for use by early intervention professionals and are not directed to children under 13. We do not knowingly collect personal information directly from children. The PHI of minor children that is processed through our Services is provided by authorized healthcare providers and is protected in accordance with HIPAA and this Privacy Policy.

11. Third-Party Links

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. State-Specific Privacy Rights

12.1 California Residents

California residents may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we collect and how it is used, the right to delete personal information, and the right to opt out of the sale or sharing of personal information. We do not sell personal information. To exercise your rights, contact us at the address below.

12.2 Louisiana Residents

Louisiana residents may have rights under the Louisiana Database Security Breach Notification Law. We will notify affected individuals of any security breach involving personal information as required by law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Effective Date" above. For significant changes affecting how we handle PHI, we will provide additional notice as required by law. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about our privacy practices, please contact us at:

Ready Notes, LLC
Email: privacy@readynotes.app
Website: www.readynotes.app

For HIPAA-related inquiries or to report a potential privacy concern involving PHI, please email: hipaa@readynotes.app

15. Acknowledgment

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.