Security

In transit: TLS for communications between your device and our services.
At rest: encrypted storage for session data.

Effective Date: January 16, 2026

Security at a glance

Designed for clinician workflows involving PHI.
Data stored and processed in the United States.
Encryption in transit (TLS) and at rest.
Clinician data is scoped so users can access only their own sessions.
Session audio auto-deletes after ~3 days.
Session deletion removes content from primary systems; backups expire within up to ~7 days.
Report security issues: security@alaniscribe.com.

We operate as a HIPAA Business Associate and provide BAAs to clinician customers.
We maintain a BAA with our cloud infrastructure providers for the infrastructure used to store and process data.
If/when we use additional AI providers, we require appropriate contractual protections (including a BAA where applicable) before processing PHI with that provider.

Only you can access your sessions in the app.
Administrative access is restricted and audited.
Support access to session content is rare and permitted only upon explicit customer request for troubleshooting; such access is logged.

We may process transcript text with AI providers to generate clinical notes.
We configure AI processing to prohibit training on your data and to minimize retention by the provider where available.
Outputs must be reviewed by the clinician and may be inaccurate.

Record session audio in the app
Transcription produces text
Notes are generated from the transcript
Audio auto-deletes after ~3 days
You can delete sessions at any time (primary deletion is immediate; backups expire within up to ~7 days)

We use the following third-party subprocessors to provide the Service:

Name	Purpose	Location
Amazon Web Services (AWS)	Cloud infrastructure, hosting, storage, and AI processing	United States