Privacy Policy

1. Who we are

SoapNote is a product of Sirendesk Technologies, an Indian company. When this policy says "we," "us," or "our," it refers to Sirendesk Technologies and the SoapNote product. When it says "you" or "your," it refers to the clinic or medical practitioner who has installed and operates the SoapNote software.

Patient data held within the SoapNote application belongs to your clinic. You are the data controller or data fiduciary under applicable Indian law. We act as a data processor only for the specific cloud services described below.

2. What data we collect and why

2a. Data that stays entirely on your device (we never see it)

• Patient demographics, medical history, diagnoses, prescriptions
• Consultation notes and SOAP records created manually
• Billing invoices and payment records
• Appointment and queue records
• Staff login credentials (stored locally, encrypted)

This data lives in the local CouchDB database on your clinic machine. We have no technical access to it unless you enable the Backup service.

2b. Data transmitted when you use cloud add-ons

• Backup & Safety Plan: An encrypted snapshot of your local database is sent to our secure cloud storage. The snapshot is encrypted on your device before transmission; we cannot read the contents without your key.
• AI Voice Notes: The audio recording of a consultation is sent to our AI processing pipeline for speech-to-text transcription. Transcripts and SOAP notes are returned to your device and not retained on our servers beyond the processing window (max 24 hours).
• WhatsApp Follow-ups: The patient's phone number and the message template you configure are passed to our WhatsApp Business API integration to deliver the message. Phone numbers are not retained after delivery confirmation.

2c. Clinic account and billing data

• Name and email provided during registration
• Subscription tier and payment records (payment card details are handled by our payment processing partner — we do not store raw card data)
• Usage counts for billing (e.g., number of AI notes generated this month)

2d. Technical and diagnostic data

• Application crash reports and error logs (anonymised, no patient data)
• Feature usage telemetry to improve the product (opt-out available in Settings)

3. How we use your data

• To deliver the services you have subscribed to (backup, AI notes, WhatsApp)
• To maintain your account, process payments, and send receipts
• To provide support when you contact us
• To detect and prevent abuse of the platform
• To improve and develop the product (using aggregated, anonymised data only)

We do not use patient data for advertising, profiling, or any purpose other than delivering the service to your clinic.

4. Who we share data with

We share data only with the specific services needed to deliver what you have switched on, and only to the extent necessary:

• Cloud storage — for encrypted backup
• Speech-to-text AI — for AI Voice Note processing
• WhatsApp Business API — for patient message delivery
• Payment processing — for subscription billing
• Error tracking — for anonymised crash reports

We do not sell, rent, or trade your data or your patients' data to anyone.

5. Data retention

• Local patient data: Retained on your device for as long as you keep the software installed. Deletion is entirely under your control.
• Encrypted backup snapshots: Retained for 90 days of rolling history while you are on a Backup Plan. Deleted within 30 days of subscription cancellation.
• AI note audio: Deleted from our servers within 24 hours of processing.
• WhatsApp recipient numbers: Deleted after delivery confirmation, within 48 hours.
• Account and billing data: Retained for 7 years as required by Indian accounting and tax law, then deleted.

6. Security

We take reasonable technical and organisational measures to protect data:

• All data in transit is encrypted using TLS 1.2 or higher
• Backup snapshots are encrypted at rest with AES-256 before leaving your device
• Our cloud infrastructure is access-controlled with multi-factor authentication
• We conduct periodic security reviews of our systems

No method of transmission or storage is 100% secure. If we become aware of a breach affecting your data, we will notify you promptly as required by applicable law.

7. Your rights

As a clinic operator, you have the following rights regarding data we hold about you or your account:

• Access: Request a copy of your account data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and associated cloud data
• Portability: Export your local database in standard format (CouchDB JSON)
• Opt-out of telemetry: Disable usage analytics in the application Settings

For patient data that lives locally on your device, you are the controller and manage rights directly within the application.

8. Cookies and tracking

The SoapNote desktop application does not use browser cookies. The SoapNote website (sirendesk.com) uses only essential cookies required to deliver the site. We do not use advertising cookies or third-party tracking pixels on our marketing site.

9. Children's data

SoapNote is a professional B2B tool licensed to medical practitioners. Patient records may include data of minor patients. This data is held locally under your clinic's control, not ours. Cloud add-ons (AI notes, WhatsApp) should only be used for patients where you have obtained appropriate consent under applicable medical and privacy laws.

10. Changes to this policy

We will update this policy when our practices change. Material changes will be communicated via email to your registered address and in-app notification at least 14 days before they take effect. Continued use of paid services after that date constitutes acceptance.

11. Contact us

For privacy questions, data requests, or concerns, please contact us:

Sirendesk Technologies
Email: privacy@sirendesk.com
Support: support@sirendesk.com

We aim to respond to all privacy enquiries within 5 business days.