Security

Protecting your data is our top priority

Our Security Approach

DocNotes implements comprehensive security measures to protect sensitive clinical data. We follow industry best practices and comply with healthcare-specific security requirements.

Data Encryption

In Transit

All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security), the same encryption standard used by banks and financial institutions.

At Rest

All clinical data stored in our databases is encrypted using AES-256-GCM (Galois/Counter Mode) encryption with authenticated encryption. Each piece of data uses a unique initialization vector (IV) and includes an authentication tag to verify data integrity. This includes:

  • Patient names and identifiers
  • Clinical notes and draft content
  • Approved documents

Infrastructure Security

Secure Hosting

DocNotes is hosted on enterprise-grade cloud infrastructure with:

  • 24/7 monitoring and incident response
  • Regular security audits and penetration testing
  • DDoS protection and firewall management
  • Automated backup and disaster recovery

Data Centers

All data is stored in EU-based data centers that comply with:

  • ISO 27001 certification
  • SOC 2 Type II compliance
  • Physical access controls and monitoring
  • Environmental safeguards

Access Controls

Authentication

We implement strong authentication mechanisms:

  • Secure password requirements
  • Password hashing using bcrypt with adaptive cost factor
  • Secure password reset with time-limited, single-use tokens
  • Session management and timeout controls
  • Protection against brute force attacks

Authorization

Role-based access controls ensure users can only access data they're authorized to view:

  • Practice-based data isolation
  • User permission management
  • Audit logging of all data access

Application Security

Our application follows secure development practices:

  • Regular security updates and patches
  • Input validation and sanitization
  • Protection against common vulnerabilities (SQL injection, XSS, CSRF)
  • Secure API design and implementation
  • Code review and security testing

AI and Data Processing

Secure AI Processing

When processing clinical notes with AI:

  • Data is encrypted during transmission to AI services
  • We use enterprise AI providers with healthcare compliance
  • No training on your data without explicit consent
  • Minimal data retention by AI providers

No Audio Recording

Unlike voice-based solutions, DocNotes does not record audio, eliminating an entire category of privacy and security concerns. You type your notes, maintaining full control over what information is captured.

Monitoring and Incident Response

We maintain continuous security monitoring:

  • Real-time security event monitoring
  • Automated threat detection
  • Vulnerability scanning and patch management

Employee Access

We strictly limit employee access to user data:

  • Minimum necessary access principles
  • Access logging and monitoring

Compliance

DocNotes complies with relevant healthcare and data protection regulations:

  • GDPR (General Data Protection Regulation)
  • EU data protection requirements
  • Healthcare data security standards
  • Regular compliance audits

Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please contact us at:

Email: contact@docnotes.app

We will respond promptly and work with you to address any legitimate security concerns.

Questions?

If you have questions about our security practices, please contact us at contact@docnotes.app