Security

How ScribeMDPro protects your clinic, your clinicians, and the patients you serve.

Last reviewed: July 2026

Controls in place today

Encryption

TLS 1.2/1.3 for all client-server traffic. Data at rest is protected with AES-256-class encryption on our managed database and object storage.

Authentication

Email/password with strong password requirements, plus federated Google sign-in. Sessions use short-lived tokens with automatic rotation.

Secure infrastructure

ScribeMDPro runs on managed cloud infrastructure with hardened defaults, network isolation, and continuously patched runtimes.

Data backup

The managed database performs point-in-time backups on a rolling window, enabling recovery of clinic metadata without exposing raw audio.

Access controls

Row-Level Security enforces per-clinic and per-user access on every query. Administrative access is scoped and audited.

Disaster recovery

We rely on our infrastructure providers' multi-zone durability guarantees and rehearse recovery of critical services.

Responsible disclosure

If you believe you have discovered a security vulnerability affecting ScribeMDPro, please report it privately to our team. Do not publish details until we have had a reasonable opportunity to investigate and remediate.

Compliance roadmap

Where we are and where we're heading. See the full Compliance page for details.

ScribeMDPro is designed against HIPAA, SOC 2, GDPR, ISO 27001, NDPR (Nigeria), and PIPEDA control frameworks. Formal certifications are on our Compliance roadmap.