Privacy Policy

Last updated: April 2026

Who we are

Noted is operated by Omar Matar, a data controller registered with the UK Information Commissioner's Office (ICO). We provide a clinical note-drafting tool for therapists and mental health practitioners.

Contact: omarmatar21@gmail.com

What data we collect and why

Account data

Your name, email address, hashed password, subscription status, and a monthly note usage counter. Lawful basis: contract (Article 6(1)(b) UK GDPR).

Voice memos (transient)

Audio you record or upload is sent directly to OpenAI Whisper for transcription and deleted immediately afterwards. It is never written to our database. Lawful basis: contract; legitimate interest in providing the service.

Transcripts (transient)

The text transcript is passed to our AI note-generation service and then discarded. It is never stored by Noted. Noted does not have access to the content of transcripts after they are processed.

Generated notes

Notes are streamed to your screen only. Noted does not store, retain, or have access to the content of any generated clinical note.

Special category data

Voice memos and transcripts may contain health-related information about your clients, which constitutes special category data under Article 9 UK GDPR. This data is processed transiently and solely to provide the transcription and note-generation service. It is not retained, profiled, or used for any other purpose.

You, as a therapist, are the data controller for your clients' personal data. Noted acts as a data processor on your behalf. By using Noted, you confirm you have an appropriate lawful basis (such as legitimate professional purpose) to process your clients' data in this way.

Sub-processors

We engage the following third-party processors to deliver the service. All are bound by Data Processing Agreements and appropriate safeguards for international transfers.

Speech-to-text providerAudio transcription (transient)USA — SCCs in place

AI language model providerNote generation (transient)USA — DPA in place

VercelHosting and infrastructureUK (London region)

NeonAccount database — no clinical contentEU

StripePayment processingUSA / EU — SCCs in place

Full sub-processor details available on request at omarmatar21@gmail.com.

Data retention

Account data is retained while your account is active. If you delete your account, all account data is permanently deleted immediately. Audio and transcripts are never retained. Generated notes are never retained.

Your rights

Under UK GDPR you have the right to access, correct, or erase your personal data; to object to or restrict processing; and to data portability. To exercise any right, email us at omarmatar21@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the ICO: ico.org.uk.

Cookies

Noted uses a single session cookie to keep you logged in. No analytics, advertising, or tracking cookies are used.

Changes to this policy

If we make material changes, we will notify you by email or via the app. Continued use after notice constitutes acceptance.