Security & Privacy

Hermetiq's architecture avoids many common HIPAA concerns by design:

• No cloud processing of PHI
• No data transmission to external servers
• No third-party AI services
• No subprocessors handling client data
• No data residency questions
• No BAA required (no covered entity relationship)

Hermetiq runs entirely on your Mac. All processing happens locally.

• Speech-to-text transcription runs locally (Whisper AI)
• Note generation runs locally (on-device LLM)
• Client records stored locally in encrypted database
• No audio or text sent to external servers
• No cloud inference, ever

Hermetiq works without an internet connection after initial setup.

Hermetiq does not:

• upload session recordings
• transmit transcripts
• send generated notes to any server
• store data in the cloud
• share client information with third parties

All session data exists only on your device and is under your control.

Hermetiq maintains a local database on your Mac containing:

• Client profiles (name, notes)
• Session records (date, duration, notes)
• Generated documentation
• Your customization settings

Audio files are not stored by default.

Hermetiq processes audio in memory and discards it after transcription. You can optionally choose to keep audio files, but this is off by default.

Hermetiq does not require:

• an account
• email registration
• authentication
• API keys

Hermetiq does not identify users or devices. Your license is validated locally.

No analytics. No telemetry. No crash reports. No usage tracking.

• No automatic error reporting
• No feature usage tracking
• No session statistics
• No behavioral analytics
• No third-party analytics SDKs

Bug reports and feedback: If you choose to report an issue, the in-app form opens your email client. You control exactly what information you send. Nothing is collected automatically.

The only network call Hermetiq makes is to validate your subscription.

• Hermetiq is a signed and notarized macOS application
• The AI models run as sandboxed local processes
• Hermetiq cannot access files outside its own directories unless you explicitly select them
• Database is stored in the app's sandboxed container

• Client data is stored in an encrypted SQLite database
• Hermetiq relies on standard macOS file system protections
• FileVault encryption recommended for additional security
• Backup files can be password-protected

Hermetiq works fully offline after initial setup.

Network access is not required for:

• transcribing sessions
• generating SOAP notes
• generating DAP notes
• generating progress notes
• managing clients
• exporting documentation

You can use Hermetiq in airplane mode.

Hermetiq validates your license periodically when connected to the internet.

This check only verifies your license status. It does not transmit:

• client names or data
• session content
• transcripts or notes
• usage patterns

If offline for extended periods, Hermetiq continues to work with a grace period.

Hermetiq is a local productivity tool, not a SaaS platform.

Because Hermetiq does not process or store data on remote systems, many traditional vendor risk categories do not apply.

If your practice, clinic, or compliance team has questions, we are happy to provide a technical overview.