Built like it handles PHI. Because it does.
Audio is never stored
Visit audio is processed in memory and discarded the moment your note is drafted. No audio archive exists, for anyone. What remains is the structured note your clinician reviews and signs.
Encrypted in transit and at rest
All traffic uses TLS 1.2 or newer. Notes and account data are encrypted at rest with AES-256. Access is role-scoped and logged.
You own your data
Notes belong to your practice, not to us. Export every visit, or delete any visit, at any time. We never sell or share clinical data.
Compliance posture (US)
Safeguards mapped to the HIPAA Security Rule (administrative, technical, and physical), with BAAs available for every customer. SOC 2 Type II audit is underway with an independent assessor; report available on request.
Questions about our security posture, or need our SOC 2 status for procurement? Book a demo and ask. A clinician and an engineer are on every call. Please do not include patient information in any form or booking note.