Privacy Policy

Note Reviewer is a browser extension developed and maintained by Infinity Code LLC, a technology company dedicated to building productivity tools for healthcare professionals. Our secure API infrastructure is hosted at infinitycodellc.com.

If you have any questions about this Privacy Policy, please contact us at info@notereviewer.org.

When you use Note Reviewer, the extension reads the clinical note text visible on your active browser tab — only when you explicitly trigger the analysis by activating the side panel. This text may include session descriptions, behavioral observations, and goal progress notes authored by BCBAs.

We do not collect or process:

• Patient names, dates of birth, or any other direct identifiers.
• Social Security Numbers, insurance IDs, or financial information.
• Photographs, audio recordings, or biometric data.
• Your browsing history outside of the active note analysis session.

The note text you submit is used solely to generate real-time quality and compliance suggestions. The processing pipeline is as follows:

1. 1 You activate the Note Reviewer side panel and submit a note for review.
2. 2 The extension encrypts the text and sends it over HTTPS/TLS to our secure API endpoint at infinitycodellc.com.
3. 3 The AI model analyzes the note for clinical quality, objectivity, measurability, and ABA compliance standards.
4. 4 Suggestions are returned to your browser and displayed in the side panel.
5. 5 The submitted text is immediately discarded from our servers — it is never written to a database or log file.

We do not store clinical note content on our servers. After the AI analysis is complete and the response is sent back to your browser, all submitted text is discarded from memory and is not persisted in any database, file system, or log.

Your API key — required to authenticate with the AI provider — is stored exclusively in your browser's local storage using the browser Extension Storage API. It never leaves your device and is never transmitted to our servers.

We may retain anonymized, aggregate usage metrics (e.g., number of analyses performed per day) for the sole purpose of monitoring service reliability. These metrics contain no content from your notes.

We implement industry-standard security controls to protect the data you submit:

• Encryption in transit: All communication between the extension and our API uses TLS 1.2+ (HTTPS), preventing eavesdropping or interception.
• Secure infrastructure: Our API is hosted on enterprise-grade cloud infrastructure with restricted access, firewall protection, and regular security audits.
• Minimal data exposure: By design, we process the smallest amount of data necessary to fulfill the analysis request and discard it immediately after.

We do not sell, rent, or share your data with third parties for advertising, marketing, or any commercial purpose.

The note text you submit is processed by the AI model provider that you configure via your API key. That provider's own privacy policy and terms of service govern their handling of data. We strongly recommend reviewing the privacy documentation of your chosen AI provider.

We may disclose data only if required by law, court order, or to protect the rights and safety of our users — and solely to the minimum extent necessary.

Note Reviewer is designed to assist BCBAs in improving the quality of their documentation. We encourage users to exercise professional judgment and follow their organization's HIPAA compliance policies when using any technology tool that interacts with clinical records.

Because we do not store, log, or transmit PHI to our servers beyond the immediate processing window, our architecture is designed to minimize HIPAA risk. However, it is the responsibility of the clinician and their employing organization to ensure that any tool used in their workflow meets their specific compliance requirements.

If your organization requires a Business Associate Agreement (BAA), please contact us at info@notereviewer.org to discuss your needs.

Since we do not maintain persistent records of your note content, there is typically no stored personal data to access, correct, or delete. If you have concerns about any data we may hold, you have the right to:

• Request confirmation of whether we hold any personal data about you.
• Request deletion of any data we may have inadvertently retained.
• Withdraw consent for processing at any time by uninstalling the extension.
• Lodge a complaint with the relevant data protection authority in your jurisdiction.

To exercise any of these rights, contact us at info@notereviewer.org.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this page periodically. Continued use of the Note Reviewer extension after changes are posted constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests related to this Privacy Policy, please reach out to us: