Privacy

Last updated: 27 April 2026. Full legal version under review by counsel — this page is the plain-English summary.

What we collect

Account information you give us (name, email, specialty, country). Audio recordings of consultations you choose to record. Generated transcripts and notes from those recordings. Usage logs needed for security and audit.

What we don't do

We never train AI models on patient data. We never sell, share, or license patient data — even de-identified. We never present AI output as a final clinical record; you sign every note.

Where data lives

Patient data for Malaysian and Singaporean customers is hosted in Singapore (Supabase ap-southeast-1 region). Audio is encrypted at rest. Default audio retention is 24 hours after the note is generated; configurable per consultation.

Your control

Two clicks to export everything you have in Annota as a clean JSON + PDF bundle. Two clicks to delete your account and wipe all your data within 7 days. PDPA Malaysia and HSA Singapore compliant.

Sub-processors

OpenAI (transcription and note drafting), Supabase (database/storage/auth), Vercel (hosting), Stripe (billing), Resend (email). Updated list maintained on this page.

Questions: hello@annota.my