Security
How ScribeMDPro protects your clinic, your clinicians, and the patients you serve.
Last reviewed: July 2026
Controls in place today
Encryption
TLS 1.2/1.3 for all client-server traffic. Data at rest is protected with AES-256-class encryption on our managed database and object storage.
Authentication
Email/password with strong password requirements, plus federated Google sign-in. Sessions use short-lived tokens with automatic rotation.
Secure infrastructure
ScribeMDPro runs on managed cloud infrastructure with hardened defaults, network isolation, and continuously patched runtimes.
Data backup
The managed database performs point-in-time backups on a rolling window, enabling recovery of clinic metadata without exposing raw audio.
Access controls
Row-Level Security enforces per-clinic and per-user access on every query. Administrative access is scoped and audited.
Disaster recovery
We rely on our infrastructure providers' multi-zone durability guarantees and rehearse recovery of critical services.
Responsible disclosure
If you believe you have discovered a security vulnerability affecting ScribeMDPro, please report it privately to our team. Do not publish details until we have had a reasonable opportunity to investigate and remediate.
Compliance roadmap
Where we are and where we're heading. See the full Compliance page for details.
ScribeMDPro is designed against HIPAA, SOC 2, GDPR, ISO 27001, NDPR (Nigeria), and PIPEDA control frameworks. Formal certifications are on our Compliance roadmap.