Legal

Privacy Policy & Terms

Last updated: March 24, 2026

Who we are

Niceley AI Consulting LLC (“we,” “us,” “our”) operates Clinic Notes AI and this website. Brian Niceley is the sole owner and operator. We are based in Northern Kentucky, USA.

Data we collect

For Clinic Notes AI users: Session audio, transcripts, clinical notes, EHR field extractions, consent records, and audit logs. All data is stored in encrypted databases with row-level security ensuring each provider sees only their own sessions.

For this website: Only the information you voluntarily provide via the contact form (name, email, organization, message).

How we use your data

  • To provide and improve Clinic Notes AI services
  • To respond to your inquiries
  • To comply with legal obligations

What we will never do

  • Sell, share, or monetize your clinical data — not anonymized, not aggregated, not for any reason
  • Use your data to train AI models
  • Provide your data to advertisers or third-party data brokers
  • Share your data with anyone except as required by law or as necessary to provide the service (e.g., our infrastructure vendors under signed Business Associate Agreements)

HIPAA compliance

Clinic Notes AI is designed to handle Protected Health Information (PHI) in compliance with HIPAA. We maintain Business Associate Agreements (BAAs) with all infrastructure vendors that may access PHI, including our database provider (Supabase), AI service providers (Anthropic, OpenAI), and hosting platform (Vercel). AI API calls use zero data retention endpoints — your transcripts and notes are never stored by our AI vendors and never used to train their models.

Data retention and deletion

You may request deletion of your data at any time. Session data (audio, transcripts, notes, EHR fields) can be deleted within the application. Account deletion requests are processed within 30 days. All associated data — including audio files in storage, database records, and audit logs — are removed as part of the deletion process.

Security

All data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Access is controlled via role-based authentication with row-level database security policies. All access is logged in a comprehensive audit trail with 22 distinct event types covering the entire application lifecycle.

Third-party services

Clinic Notes AI uses the following third-party services to provide its functionality. Each operates under a signed Business Associate Agreement where applicable:

  • Supabase — Database, authentication, and file storage
  • OpenAI — Audio transcription (Whisper API, zero retention)
  • Anthropic — Clinical note generation and EHR field extraction (Claude API, zero retention)
  • Vercel — Application hosting and serverless compute
  • Upstash — Rate limiting and session management (no PHI stored)

Contact

For privacy inquiries, data requests, or questions about our security practices, contact: brian@niceley.ai

Terms of Service

Clinic Notes AI is a clinical documentation assistant. It generates draft notes and field extractions from session transcripts using artificial intelligence. All AI-generated content is clearly marked as a draft and must be reviewed, edited, and approved by a licensed clinician before use in any medical record.

We make no warranties regarding clinical accuracy. The clinician is solely responsible for verifying and approving all documentation before it enters the medical record. Niceley AI Consulting LLC is not a healthcare provider and does not provide medical advice.

We reserve the right to modify these terms and our privacy policy. Users will be notified of material changes via email at the address associated with their account.