StatNote (“we” or “us” or “our”) is the custodian of data on behalf of the Organizations, Teams, Team Members, Administrative Users, and Individual Users that use our Service, as defined in our Terms of Service Agreement (“TOS”) which includes, but is not limited to, our StatNote® software. “You” or “your” means you, any Individual User, or Team Member using the Service or any Organization as defined in the TOS. All capitalized terms shall have the definition and meaning given them in our TOS.
StatNote doesn’t own Your Data or Metadata. You may own same, depending on the type of Organization (i.e. Type 1, 2, or 3) of which you are a Team Member. Please refer to our TOS for more details. In order to access content shared within a specific Team, authentication as an Organization User or Administrative User is required. Please refer to our User Data Request Policy for details on requests for user data and content removal requests.
This policy describes how StatNote treats Your Data and information, not how others treat it. Privacy, security and confidentiality are important to StatNote. If you’re using the Service as a Team Member most likely your Organization has established its own policies regarding access to your information, storage, deletion, modification, sharing, and retention of content which may apply to your use of the Service. Content that would otherwise be considered private to you or a limited group of people may be accessible by your Organization Administrator or Team Administrator. Please check with your Organization regarding its policies and settings and how they may impact your communication and data in using the Service. In addition, the Type of Organization to which you belong will affect your Privacy rights to certain content.
In any Organization Type, some people will have more privileges regarding the Service than others. For example, the Organization Administrator has the most power and control to create, edit, set access controls, and to remove Organization Users, Team Administrators, Users or Teams from the Service. Team Administrators can only add and remove Organization Users within their Team. Organization Users have no such privileges but may be able to create or edit content. The nature and extent of these privileges are based on the Type of Organization to which you belong.
Information We Receive and Collect
Account Creation Information: To create your account we collect information such as, your email address, your name, your password, your Team, and where applicable, Organization name, and related domain details (“Account Information”). At your option, and subject to your access controls, if you are an Organization User on a Team you can provide an email domain to allow people on that domain to sign up for your Team without any invitation, or individually add email addresses for others you invite to join your Team.
Personal Profile Information: Personal Profile information not required to create your account may include additional contact information, a self-uploaded user photograph, astrological sign, hobbies, and general location information such as the City, State, and Country of your residence. Providing this information is optional. Please know that if you add any such information to your Personal Profile, it will be visible to other people as described on your profile management page.
Billing Information: We collect credit card details and billing address for paid accounts. StatNote does not store credit card details, we pass them securely to our payment processor.
Your Data: StatNote may access and use Your Data as reasonably necessary and in accordance with instructions of Individual Users and those of Administrative Users on behalf of an Organization to (i) provide and maintain the Service: (ii) to address and prevent Service, security, or technical issues or per request in connection with customer support; (iii) as required by law; (iv) and as set forth in our TOS.
Log Data: When you utilize the Service, our servers automatically record access and usage details, chiefly so that we can diagnose problems and secondarily to maintain aggregate data on system performance. Log data may include your Internet Protocol (“IP”) address, the address of the webpage you visited immediately in advance of using the Service, details about the authentication you used to access the Service, the date and time of events related to your use of the Service, information about your browser configuration and plug-ins, cookie data and language preferences. Log data does not include Snippet content. Log Data is not routinely deleted.
Device Information: We may also collect information about the device you use to access the Service, including type of device, its operating system and version, its device name, settings, application IDs, its unique identifiers, and crash data. The type of device you are using and its settings will play a role in whether we collect some or all of this information.
Geographic Information: We do not collect precise location data. We may use IP address information to determine your general location and to make inferences about the location of our users in the aggregate.
Service Usage Information: We collect statistics on your use of the Service, including the number of Snippets you expand, the count of characters you were saved from typing, the number of times you’ve expanded each of your Snippets, and the last date and time you expanded each of your Snippets. We also store and retrieve Metadata for your Snippets such as its abbreviation, label, use count, and modification history. We share this data with you through the Service. We may share this data with your Organization Administrator or Team Administrator, typically in the form of a periodic summary. Depending on the Type of Organization of which you are a Team member and the Organization’s policies, you may or may not own the contents of messages you create, or Metadata, and could be required to share Metadata with your Organization.
Snippet Content: We store and retrieve Snippet content and any related images and/or scripts that you send or receive with the Service.
Information From Third Parties: We may receive information from third parties or partners which augments our own. For example, we may receive general and aggregate location data for a given IP address or details on which country is most active in accessing our Site.
How We Use Your Information
We may use Your Data or Account Information as reasonably necessary to: (a) communicate with you, authenticate you, and to provide access via the Service to your Snippet content for sending and receiving message content; (b) to determine how the Service is being used and to improve it; (c) to investigate or prevent fraud or abuse of the Service; (d) to communicate with you to resolve problems you experience with, or in response to your questions or to provide customer support; (e) as required by applicable law or as permitted by our User Data Request Policy; (f) to send you email messages about Service issues, changes, billing details, payments, account management, usage summaries or; (g) when you are reaching any limits on Service. Because such messages are part of the Services, you may not opt out of them. We also send emails with StatNote news, details on new product features, and other non-essential topics. You can opt out of these at any time.
Data Retention / Export Options: We will retain Your Data including Snippet Content until it is deleted. Depending on your access controls or settings, you or an Administrative User may have the ability to delete Your Data. If you are a Team Member, depending upon the Organization Type to which you belong, its policies, and the TOS, you may have limited or no right to export Your Data or Metadata. To the extent that you have export rights or have been given access permissions, you may request access to your account, and to all those you administer, if any, to support@StatNote.com, for the sole purpose of exporting Your Data. StatNote will grant such access, provided you have made all payments required of you under the TOS and have not breached any of your representations or agreements made in the TOS. If you do not request access within the time periods specified below, or do timely request but fail to complete the export of Your Data within the specified time from such request, your account and right to access and use the Service will terminate.
Choices for Trial Accounts: Any of Your Data which is transmitted to or stored in the Service during your free trial account must be exported by you within thirty (30) days from the expiration of the trial period or all of Your Data will be permanently deleted unless, before expiration of your trial period, you purchase a subscription to use the Service. We will notify you by email when your trial period is expiring.
Choices for Individual Paid Accounts: You may deactivate your account or terminate the Service at any time. Your Data retention period shall not exceed 30 days from deactivation unless otherwise specified in the pricing plan you selected at https://StatNote.com/prices. All of Your Data will be permanently deleted unless it is exported by you within thirty (30) days from deactivation or termination. You have the option to delete Your Data at any time.
Choices for Organization Paid Accounts
Data Retention: Your Data retention period shall not exceed 30 days from account deactivation or termination of the Service, whichever comes first, unless otherwise specified in the pricing plan you selected at https://StatNote.com/prices. All Your Data will be permanently deleted unless it is exported by you within 30 days from deactivation. This shall be applicable to account deactivation by Organization Administrator, Team Administrator, and Organization Users. Depending on your Organization Type and policies, your right to export Your Data will vary. Please refer to Section 4.4 of our TOS. Similarly, whether you can delete Snippet content or Metadata will vary with your Organization Type. Please refer to Section 4.5 and 4.6 of our TOS.
Individual Users and Organizations, through their Organization Administrators, have control over and many choices concerning Your Data. Depending upon whether the Organization is a Type 1, Type 2, or Type 3, those choices may result in access, disclosure, use, deletion, or modification of Your Data. Please refer to details below.
Organization Administrator: You may create, edit, suspend, deactivate accounts for, set access controls for, and remove Organization Administrators, Team Administrators, Team Members, Teams, and Organization Users within your Organization. You may also change the Organization Type as provided in the TOS.
Team Administrators: You may manage and change most of the Team settings as well as the group permissions and group sharing. You may deactivate accounts of Team Members. You may modify the circumstances under which Organization Users, can edit or delete Snippet content. You may delete groups controlled by any of your Team Members. Deleting shared groups will not result in their immediate removal from local storage or backups by group members.
Organization Users: You may edit your Personal Profile information at any time, including any opt-in email permissions. Subject to your access controls and permissions, you may be able to create Snippets and Snippet groups and share them with others, both within and outside the Organization and you also may be able to edit Snippet groups and Snippets. You can set control of any Snippet group you create, either to you or to the Organization of which you are a Team Member. Depending on your Organization Type, you may or may not have the right to delete Snippet content. See our TOS. You may deactivate your account at any time, subject to the approval of your Organization Administrator.
If you are an Individual User, you may control your Snippet group. Otherwise, Snippet groups are controlled either by the Organization Administrator, Team Administrator, or Organization User. When an Organization User becomes an Individual User, that Individual User loses access to Snippets and Snippet groups controlled by the Organization. The Individual User would still have access to Snippets and Snippet groups controlled by or otherwise shared with that user.
As used herein, “Confidential Information” is defined as all information disclosed by one party (“Disclosing Party”) to the other party (“Receiving Party”) that is marked as confidential at time of disclosure or which reasonably should be considered confidential given the nature of the information. Your Confidential Information is Your Data and your Personal Profile. Our Confidential Information is the Service and its components including, but not limited to, the Software. The Confidential Information of each party includes the TOS, business, and marketing plans, technical information, and any product plans and designs disclosed by such party (collectively “Business Plans”). It is agreed that Confidential Information, relating to Business Plans does not include any information that: (a) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation due the Disclosing Party; (b) is or becomes generally known to the public without breach of any obligation owed to Disclosing Party; (c) was independently developed by the Receiving Party; (d) is received from a third party without breach of any obligation owed to the Disclosing Party.
Unless otherwise consented to in writing by the Disclosing Party, the Receiving Party agrees: (a) to use the same degree of care it uses to protect its own Confidential Information, but in no event less than reasonable care, and (b) to limit access to the Disclosing Party’s Confidential Information to those of its employees, agents, and contractors that require access to perform under this Agreement and who have signed confidentiality obligations at least as strict as those stated above.
Sharing and Disclosure
StatNote may access and share Your Data: as allowed by the TOS or this Policy; with your written consent; to respond to claims that Your Data violates third party rights; to enforce the TOS; to engage third parties to process Your Data or payments made; when we have determined that disclosure is reasonably required to comply with the law, court order or legal process; to protect and defend the property rights or safety of us or others; to investigate and/or prevent fraud; to provide the Service; to address technical problems; or should you so request in order to obtain customer support. Except as stated in StatNote’s User Data Request Policy, when we can legally do so, StatNote will provide prior notice to you if any third party or law enforcement entity requests your information.
StatNote may share Your Data with third parties and agents, in accordance with this Policy, including sharing your name and email address and, where applicable, Team name with Administrative Users of your Team. Also, if you contact StatNote seeking our help to resolve an issue specific to your Team, if helpful to resolve the issue, we may share your concern with your Team Administrator.
StatNote may share aggregate non-personally identifiable information for any purpose, including with prospective StatNote customers, such as, but not limited to, the total number of Snippets expanded in a month or the average number of Snippets expanded per Team.
StatNote uses both session-based and persistent cookies for recording of log data. Cookies are unique small text file identifiers exchanged with our server each time you access our Service. Session-based cookies are limited to a single browser session; they are deleted when you close your browser. Persistent cookies last until they are deleted by you or expire.
StatNote sets and accesses our own cookies via our company-owned domains. We also use third party cookies such as Google Analytics and Flurry for analytics. You may opt-out of third party cookies from Google Analytics and Flurry on their websites. We cannot ensure compliance with browser-initiated Do Not Track preferences, as our third parties do not offer us any such assurance.
The Site and Service are not intended for the storage or receipt of: (1) any sensitive Personally Identifiable Information or other data, such as social security numbers or bank account numbers. the loss of which would trigger a data breach notification requirement; or (2) health information, including without limitation, Protected Health Information, as defined under the Health Information Portability and Accountability Act of 1996 (“HIPAA”), as amended, (“collectively the ”Prohibited Information”) For this reason, StatNote prohibits all Organizations and all Individual Users, Organization Users and Administrative Users from placing or storing any Prohibited Information in the Site or the Service. You will defend, indemnify, and hold StatNote harmless from and against all costs and expenses (including, without limitation, litigation costs, fees, and settlement sums) arising from any claims, including third party claims, that StatNote may incur relating to your making any of the Prohibited Information available to the Site and/or the Service.
We take security seriously. It is important that you do as well. StatNote uses commercially reasonable efforts to protect information you supply to us, including Your Data, from misuse, loss and unauthorized access or disclosure. StatNote is not responsible for certain unauthorized access to Your Data or the unauthorized use of the Service. For example, you are solely responsible for the use of the Service by any of your employees, any person to whom you have given access to the Service, including independent contractors and any person who gains access to Your Data or the Service as a result of your failure to use reasonable security precautions, even if you did not authorize such use. Your sign in credentials will be encrypted using secure socket layer technology (SSL). We will follow generally accepted standards to protect Your Data submitted to us in transmission and storage.
Pursuant to the Children’s Online Privacy Protection Act of 1998 (COPPA) 15 U.S.C. §§ 6501–6506, the Service is not intended for use by children under the age of 13. Please contact us should you learn that a minor child has provided us personal information and such use is prohibited.
StatNote may change this Policy from time to time, and if we do we’ll post any changes on this page. By your continued access to or use of the Service after those changes are in effect, you agree to the revised policy. If we deem the changes to be material, we may, but are not obligated to, provide more prominent notice or seek your consent to the new policy, (including, but not limited to, electronic mail).
The Site and Service are operated in the United States and Your Data is stored on servers in the United States. Internal laws of the state of Oregon, without regard to conflict of laws principles and United States law shall govern in any and all disputes, including, but not limited to, privacy and defamation.
EU-US Privacy Shield
StatNote complies with the EU-US Privacy Shield and the Swiss-US Privacy Shield frameworks (“Framework”) as stated by the U.S. Department of Commerce, regarding the collection, use, and retention of personal data transferred from the European Union and Switzerland, respectively, to the United States. StatNote has self-certified to the Department of Commerce that it adheres to the frameworks and Privacy Shield principles. See our Privacy Shield Notice. To learn more about the Privacy Shield Program, and to view our certification, please visit, https://www.privacyshield.gov/welcome and https://www.privacyshield.gov/list.
For example, when we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve directly with our users. Please refer to our Privacy Shield Notice for further details.