Security
Security & Compliance
How SOAPNoteAPI protects your data and your patients' data.
HIPAA Compliance
- Signed Business Associate Agreement (BAA) included at no extra cost
- Available to all accounts
- Contact support@soapnoteapi.com to request your BAA
Encryption
- TLS 1.2+ for all data in transit
- AES-256 encryption at rest
- API keys hashed with SHA-256, shown once at creation, never stored in plaintext
Data Handling
- Notes auto-expire after configurable retention period
- No PHI in application logs
- No customer data used for model training
- Transcripts and notes are processing artifacts — not stored beyond expiry
Infrastructure
- Hosted on AWS (US regions)
- Redundant architecture
- 99.9% uptime target — see live data on the status page
Authentication & Access Control
- API key authentication for all requests
- Keys scoped per account
- Audit logging for all access events
Contact
Security questions?
If you have security concerns or need to report a vulnerability, reach out to support@soapnoteapi.com.