Security & Privacy

Hermetiq is built on SOC 2 and HIPAA-compliant infrastructure:

• End-to-end encryption for all data
• Audio deleted immediately after transcription
• SOC 2 + HIPAA-compliant infrastructure
• No data used for AI model training
• Regional data processing (US/EU)
• BAA available for enterprise customers

All data is encrypted at every stage:

• TLS 1.3 for all data in transit
• AES-256 encryption for all data at rest
• Audio files encrypted during upload and processing
• Generated notes stored with client-side encryption
• Database-level encryption on all tables

Audio is the most sensitive data Hermetiq processes. Here's exactly what happens:

1. 1You upload an audio file — it's encrypted in transit via TLS 1.3
2. 2The file is transcribed by our AI pipeline in an isolated environment
3. 3The audio file is permanently deleted immediately after transcription
4. 4Only the encrypted transcript remains, under your control

• use your data to train AI models
• share client information with third parties
• retain audio after transcription
• collect usage analytics or telemetry
• sell or monetize your data in any way

Hermetiq stores only what you explicitly save:

• Your account email (for authentication)
• Generated clinical notes (encrypted)
• Session metadata (dates, note types)
• Your customization preferences

You can delete your data at any time from your account settings.

No analytics. No telemetry. No crash reports. No usage tracking.

• No automatic error reporting
• No feature usage tracking
• No session statistics
• No behavioral analytics
• No third-party analytics SDKs

• Hosted on SOC 2-compliant cloud infrastructure
• All processing in isolated, ephemeral environments
• Regional data processing — US or EU based on your preference
• Regular security audits and penetration testing
• Encrypted database with row-level security policies

If your practice, clinic, or compliance team has questions about our security posture, we're happy to provide detailed documentation.