Security at TherapyScribe
Built for the sensitivity of clinical data from day one.
Encryption & Data Protection
- AES-256 encryption at rest on all stored data
- TLS 1.2+ encryption in transit for all communications
- Session audio is processed and then permanently deleted — never stored long-term
- Clinical notes are stored encrypted and accessible only to the authenticated account holder
Infrastructure
- Hosted on AWS US-East infrastructure (HIPAA-eligible)
- No offshore data processing
- All subprocessors (AWS, Microsoft Azure, Deepgram) have executed Business Associate Agreements (BAAs) with TherapyScribe
Access Controls
- Authentication required for all data access
- No TherapyScribe employee can access your session recordings or notes without your explicit authorization
- Audit logging on sensitive operations
AI & Your Data
- Your session content is never used to train AI models — yours or anyone else's
- No data is sold, shared, or monetized beyond providing the service
- AI processing happens in HIPAA-eligible environments under BAA
Compliance
- HIPAA Business Associate Agreement included automatically with all accounts — view our BAA
- Designed to meet the requirements of 45 C.F.R. Parts 160 and 164
Contact & Reporting
To report a security concern or request our security documentation, email security@therapyscribe.ai