Scribeberry - Security & Privacy | HIPAA & PIPEDA Compliant

🏆 COMPLIANCE UNLOCKED

USA 🇺🇸

✓ HIPAA Compliant (Federal)

CANADA 🇨🇦

✓ PIPEDA Compliant (Federal)
✓ HIA/PIPA (Alberta)
✓ PIPA (BC)
✓ PHIPA (Ontario)
✓ PHIA (Manitoba, NS, NL)
✓ HIPA (Saskatchewan)
✓ PHIPAA (New Brunswick)
✓ Law 25 (Quebec)

🎖️ SOC 2 Type 2 Compliant

Request access by emailing hello@scribeberry.com

🔴 LIVE SECURITY DASHBOARD

Access our continuous real-time privacy monitoring platform

🛡️ SECURITY VAULT

SECURITY AUDIT

Independent Security Risk Assessment Report

📄

PRIVACY CONTROLS

Scribeberry Privacy Controls Documentation

📄

COMPLIANCE STATEMENT

HIPAA & PIPEDA Compliance Summary

📄

PATIENT CONSENT

Patient Informed Consent Form

📄

PRIVACY IMPACT ASSESSMENT

Comprehensive PIA Report

📄

COMPLIANCE SUMMARY

HIPAA & PIPEDA Compliance Overview

📄

⚖️ LEGAL DOCS

TERMS & CONDITIONS

Updated Terms (April 2025)

📋

PRIVACY POLICY

Privacy Policy (April 2025)

📋

👤 ABOUT THE AUDITOR

The audit was conducted by Ingrid Ruys, a seasoned professional with extensive experience spanning multiple decades in the privacy and regulatory sector.

Ingrid Ruys is renowned for her proficiency in conducting a multitude of privacy impact assessments. Her notable expertise is drawn from her distinguished work in privacy-related roles at esteemed organizations such as:

▸ Alberta Medical Association
▸ Brightsquid
▸ City of Edmonton

View LinkedIn Profile →

🔐 SECURITY & PRIVACY FAQ

Your data. Your rules. Here's how we protect it.

WHERE IS DATA STORED?

Scribeberry does not see any stored PHI. We utilize Microsoft Azure and Google Cloud as our cloud providers. We have signed data protection agreements/BAAs with Microsoft Azure, Google Cloud, OpenAI, Anthropic, and any other utilized third-party vendors to safeguard any PHI transmitted through the application.

This PHI is transmitted from the user and back securely via end-to-end encryption. The data is only temporarily stored on Scribeberry in an encrypted fashion. The only purpose of this storage is to synchronize notes across user devices. Once the notes are deleted by the user, no encrypted data is stored.

🌍 Azure/GCP servers are region specific. When a Canadian user logs-in, that data stays in Canada. When a user from the USA logs in, data is able to be routed to USA based servers.

HOW DO YOU USE DATA?

Scribeberry does not permanently store PHI. We cannot see the PHI nor do we train any AI systems on any PHI. Data inputs remain private and confidential.

When text is created, the text is submitted through an encrypted channel and back to the user device. We can never see this data.

IS DATA ENCRYPTED?

Yes – we utilize state-of-the-art encryption methods to ensure secure transit of sensitive data to and from the AI service.

AUDIO RECORDINGS?

No. Audio is streamed to Scribeberry's self-hosted transcription service in real time; no permanent audio files are created or stored.

Transcription occurs in real-time. The transcribed text is then utilized to generate notes across various use cases. No distinct audio files are created or stored. This ensures compliance and removal of any identifying characteristics (accents, language, etc.)

PROVINCIAL COMPLIANCE?

Yes. Scribeberry is compliant across all Canadian Provinces. We have submitted a PIA (Privacy Impact Assessment) and have completed an audit on our security risk and data management policies.

We also make public a third-party live continuous monitoring platform so you can see the security of our platform in real time: app.getdelve.com/scribeberry

THIRD-PARTY PROVIDERS?

We utilize a number of third-parties. We utilize Microsoft, Anthropic, and Google as main infrastructure providers.

We have a healthcare data agreement with all three providers.

ACCESS MORE DOCUMENTATION?

Documentation is provided above. For any other documentation, please email hello@scribeberry.com

You can also request documentation through app.getdelve.com/scribeberry

Some documents will require signing of an NDA as some of our agreements with third-party providers necessitate this for disclosure.

📚 AUDITED DOCUMENT LIST

• Anthropic BAA

• Azure Canada Privacy Laws

• Azure Foundational PIA

• Microsoft Data Processing

• HIPAA Questionnaire

• Azure Compliance Offerings

• Azure BAA

• Privacy Policy Scribeberry

• Notice of Privacy Policies

• Comprehensive Guide (PIA)

• PIA Amendment

• Contingency Plan

• HIPAA Sanctions Plan

• HIPAA Compliance Program

• Terms and Conditions

📧 Need Access?

Contact us at hello@scribeberry.com to request any of these documents.

ACHIEVEMENT UNLOCKED

🔒

ENCRYPTED

✅

COMPLIANT

🇨🇦

CANADIAN

🛡️

AUDITED

YOUR DATA. YOUR RULES. ZERO EXCEPTIONS.

READY TO BREAK FREE?

Security checked. Compliance verified. Now it's time to escape the call room.

BACK TO HOME