Privacy Policy

Anota Health — AI Scribe for Doctors · Last updated: March 30, 2026

1. Overview

Anota Health ("Anota", "we", "us", or "our") is an AI-powered clinical documentation assistant for medical professionals. This Privacy Policy explains how we collect, use, and protect information when you use the Anota iOS application and related services.

By using Anota, you agree to the practices described in this policy.

2. Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials (via email/password, Google Sign-In, or Apple Sign-In). We do not collect your name, phone number, or physical address.

Professional Profile

We collect optional professional information you provide during onboarding, such as your medical specialty and country of practice. This information is used solely to improve the quality of AI-generated clinical notes.

Consultation Audio and Transcriptions

Anota records audio during consultations to generate transcriptions and clinical notes. Audio is processed entirely on your device using an on-device AI transcription engine (WhisperKit). Audio recordings never leave your device and are never transmitted to our servers or any third party. After transcription, the audio recording is deleted from your device.

Automatic PII Anonymization

Before any transcribed text is sent to external services, Anota automatically removes personally identifiable information (PII) from the transcript using on-device processing. This includes but is not limited to: patient names, national ID numbers, phone numbers, email addresses, and physical addresses. The anonymization process runs locally on your device before any data leaves it.

Clinical Notes and Drafts

Generated clinical notes and drafts are stored temporarily on your device and in your account for up to 12 hours for synchronization purposes. Notes are not retained permanently on our servers beyond this window unless you explicitly save them.

Usage Data

We collect anonymous usage analytics (via PostHog) to understand how the app is used and improve its features. This data does not include patient information, consultation content, or personally identifiable patient data.

Crash Reports

We collect crash reports and performance diagnostics (via Firebase Crashlytics) to identify and fix technical issues. These reports do not contain consultation content.

3. Third-Party AI Data Processing

Anota uses a third-party AI service to generate structured clinical notes and provide real-time clinical feedback during consultations. Before using any AI features, the app requires your explicit consent through an in-app disclosure screen. You must review and accept this disclosure before any data is shared with the AI service.

What data is sent

  • Anonymized consultation transcript text (medical conversation only)
  • The language of the consultation (for accurate note generation)

What data is NOT sent

  • Audio recordings — transcription is performed entirely on your device
  • Patient names, national IDs, phone numbers, addresses, or email addresses — these are automatically stripped by on-device PII anonymization before any data leaves your device
  • Your account information, location, device identifiers, or IP address
  • Any data from other apps on your device

Who receives your data

Anonymized transcript text is sent to OpenAI (San Francisco, CA, USA), the provider of the GPT-4 language model, via our secure backend servers (Firebase Cloud Functions). OpenAI processes the anonymized text to:

  • Generate structured clinical notes (SOAP format) from your consultation
  • Provide real-time clinical feedback and suggested follow-up questions during consultations
  • Build a clinical history summary for the encounter

How OpenAI handles your data

  • No training: OpenAI does not use data sent through our API to train or improve their models
  • No storage beyond processing: Data is retained by OpenAI only for the duration of the API request processing and for a maximum of 30 days for abuse monitoring, after which it is deleted
  • Encryption: All data is transmitted to OpenAI over TLS-encrypted connections
  • Contractual protections: Our use of OpenAI is governed by their Business Terms and Data Processing Agreement, which require OpenAI to handle data securely and only for the purpose of providing the service

Your consent

The first time you attempt to start a consultation, Anota displays a mandatory, non-dismissible consent screen that explains exactly what data is shared, who it is shared with, and how it is used. You must tap "I Agree & Continue" before any consultation data is processed by the AI service. If you do not consent, no data is shared and you cannot use the AI-powered features. You can withdraw consent at any time by contacting us at anota@mogambo.xyz.

4. Patient Data and HIPAA

Anota is designed with patient privacy as a core principle:

  • No patient identifiers. You must not enter patient names, national IDs, phone numbers, addresses, or any other directly identifying information into the app. The app includes automatic PII anonymization as an additional safeguard.
  • On-device transcription. All audio transcription is performed on your device using on-device AI models (WhisperKit). Audio never leaves your iPhone or iPad.
  • Automatic anonymization. Even if patient-identifiable information is spoken during a consultation, Anota automatically detects and removes names, IDs, phone numbers, email addresses, and physical addresses from the transcript before any data is sent to external services.
  • Data minimization. We collect only what is necessary to provide the service. Consultation content is transient and not retained beyond the session window.
  • No third-party data sales. We do not sell, rent, or share your data with third parties for advertising or marketing purposes.

5. How We Use Your Information

  • To provide, operate, and improve the Anota service
  • To generate AI-powered clinical notes from consultation transcriptions (see Section 3 for details on third-party AI processing)
  • To provide real-time clinical feedback during active consultations
  • To authenticate your account and maintain session security
  • To send transactional notifications related to your account or consultations
  • To analyze aggregate usage patterns and improve product features
  • To diagnose technical issues and ensure app stability

6. Data Sharing and Third Parties

We share data with the following third-party services, strictly to provide the Anota service:

  • OpenAI — AI processing of anonymized consultation transcriptions to generate clinical notes, real-time feedback, and clinical history summaries (see Section 3 for complete details)
  • Firebase (Google) — Authentication, database, cloud functions (backend processing), and crash reporting
  • RevenueCat — Subscription and in-app purchase management
  • PostHog — Anonymous product analytics (no consultation content is shared)
  • OneSignal — Push notification delivery

All third-party providers are contractually obligated to handle data securely and only for the purposes specified. Each provider maintains security practices and data protection standards that meet or exceed industry norms, including encryption in transit and at rest. We do not share data with advertisers or data brokers.

7. Data Retention

  • Audio recordings: Never transmitted; deleted from your device immediately after on-device transcription
  • Consultation transcripts sent to AI: Retained by OpenAI for up to 30 days for abuse monitoring only, then permanently deleted (not used for training)
  • Consultation drafts: Available for 12 hours, then deleted from servers
  • Account data: Retained while your account is active
  • Analytics data: Retained in aggregate, anonymized form

You can request deletion of all your data at any time by deleting your account from Settings → Delete Account inside the app, or by contacting us at anota@mogambo.xyz.

8. Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit (including data sent to OpenAI)
  • Encryption at rest for stored account data
  • On-device PII anonymization before any consultation data leaves your device
  • On-device audio transcription — audio never leaves your device
  • Firebase App Check to prevent unauthorized API access
  • No storage of raw audio on our servers or any third-party servers

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Object to or restrict certain processing activities
  • Withdraw consent for AI data processing at any time
  • Data portability

To exercise any of these rights, contact us at anota@mogambo.xyz.

10. Children's Privacy

Anota is intended for use by licensed medical professionals only. We do not knowingly collect personal information from individuals under the age of 18.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting a notice within the app or sending an email to your registered address. Continued use of the app after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Anota Health

anota@mogambo.xyz