Built like it handles PHI. Because it does.
Audio is never stored
Visit audio is processed in memory and discarded the moment your note is drafted. There is no audio archive — for anyone. What remains is the structured note your clinician reviews and signs.
Encrypted in transit and at rest
All traffic uses TLS 1.2 or newer. Notes and account data are encrypted at rest with AES-256. Access is role-scoped and logged.
You own your data
Notes belong to your practice, not to us. Export every visit, or delete any visit, at any time. We never sell or share clinical data.
Compliance posture
US: safeguards mapped to the HIPAA Security Rule — administrative, technical, and physical — with BAAs available for every customer. India: handled to DPDP Act 2023 standards — consent-first and purpose-limited. SOC 2 Type II audit is underway with an independent assessor; report available on request. ABDM integration is on our roadmap.
Questions about our security posture, or need our SOC 2 status for procurement? Book a demo and ask — a clinician and an engineer are on every call. Please do not include patient information in any form or booking note.