Privacy Policy
Focus on Patients. Not Paperwork.
OnSet OpNote privacy policy for clinical use and data protection.
Effective Date: 11 August 2025 · Last Updated: 11 August 2025
Overview
OnSet OpNote ("OnSet", "we", "our", "us") is an AI-powered procedural documentation application designed for medical specialists and healthcare professionals. This Privacy Policy explains how we collect, use, disclose, and protect information when you use OnSet OpNote. By using our service, you agree to the collection and use of information in accordance with this policy.
Information We Collect
- Account Information — name, email, professional credentials, clinic or practice details, and authentication data.
- Clinical Content — operative notes, patient procedures, billing-related details, and clinical workflow data you enter or dictate.
- Voice & Audio — dictations and voice recordings processed to generate structured clinical documentation.
- Usage Data — device type, operating system version, app interactions, performance metrics, and error logs.
- Support Communications — messages, feedback, and assistance requests you send to our support team.
- Technical Data — IP addresses, browser type, and other technical information necessary for service delivery.
How We Use Information
- Generate and structure operative notes, clinical documentation, and relevant medical billing codes.
- Automate administrative tasks including follow-up scheduling, patient reminders, and clinical handovers.
- Provide clinical workflow automation and integration with healthcare systems when configured.
- Improve the accuracy, reliability, and security of our AI-powered documentation services.
- Provide technical support and respond to user inquiries and feedback.
- Comply with legal, regulatory, and healthcare compliance obligations.
- Conduct research and development to enhance our services (using anonymized data only).
Legal Basis for Processing
We process your information based on:
- Contract Performance — to provide the OnSet OpNote service you requested.
- Legitimate Interest — to improve our services and ensure security.
- Legal Obligation — to comply with applicable laws and regulations.
- Consent — where explicitly provided for specific processing activities.
Data Security & Protection
- All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
- Access to systems is restricted through role-based access controls and multi-factor authentication.
- Regular security audits, penetration testing, and vulnerability assessments are conducted.
- We maintain compliance with applicable healthcare privacy frameworks including:
- Australian Privacy Principles (APP) in Australia
- Health Insurance Portability and Accountability Act (HIPAA) in the United States
- General Data Protection Regulation (GDPR) in the European Union
- Other applicable regional healthcare privacy laws
- Regular staff training on data protection and privacy best practices.
Data Retention
We retain information only as long as necessary to:
- Provide and maintain our services
- Comply with legal and regulatory obligations
- Resolve disputes and enforce agreements
- Meet healthcare record retention requirements
You may request deletion of your account and associated data by contacting our support team. Note that some data may be retained longer if required by law or for legitimate business purposes.
Your Privacy Rights
Depending on your jurisdiction, you may have the following rights:
- Access — request a copy of your personal information
- Correction — request correction of inaccurate or incomplete information
- Deletion — request deletion of your personal information
- Portability — request transfer of your data to another service
- Restriction — request limitation of how we process your information
- Objection — object to certain types of processing
- Withdraw Consent — withdraw consent where processing is based on consent
To exercise these rights, contact us at sk@ui.care. We will respond within 30 days.
International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including:
- Standard Contractual Clauses approved by relevant authorities
- Adequacy decisions for certain countries
- Other appropriate safeguards as required by applicable law
Children's Privacy
OnSet OpNote is intended for use by licensed healthcare professionals and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Universal Integrated Care Pty Ltd
8 Bowen Place, South Melbourne, VIC 3205, Australia
Email: sk@ui.care
Data Protection Officer
For privacy-specific inquiries: privacy@ui.care
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last Updated" date at the top of this page indicates when the policy was last revised.
Significant changes will be communicated through:
- In-app notifications
- Email notifications to registered users
- Updates to this page
We encourage you to review this policy periodically to stay informed about how we protect your information.