Compliance
HIPAA Compliance (Federal USA)
PIPEDA Compliance (Federal Canadian)
HIA/PIPA (Alberta), PIPA (BC), PHIPA (Ontario) , PHIA (Manitoba), HIPA (SK), PHIA (NS), PHIPAA (NB), PHIA (NL),
We are compliant with Quebec’s modernized privacy framework as per Law 25
SOC 2 Type 2 Compliant – Request access by emailing hello@scribeberry.com
Access our continuous real-time privacy monitoring dashboard: https://app.getdelve.com/scribeberry
Security
Legal
Controls
Audited Document List
Anthropic BAA
Azure Canada Privacy Laws
Azure Foundational PIA
Microsoft Data Processing
HIPAA Questionnaire – Dashboard Summary
Azure Compliance Offerings
Azure BAA
Privacy Policy Scribeberry
Scribeberry Notice of Privacy Policies
Comprehensive Scribeberry Guide (PIA)
Scribeberry PIA Amendment
Scribeberry Contingency Plan
Scribeberry HIPAA Sanctions Plan
HIPAA Compliance Program for Scribeberry
Terms and Conditions for Scribeberry
About the Auditor
The audit was conducted by Ingrid Ruys, a seasoned professional with extensive experience spanning multiple decades in the privacy and regulatory sector. Ingrid Ruys is renowned for her proficiency in conducting a multitude of privacy impact assessments. Her notable expertise is drawn from her distinguished work in privacy-related roles at esteemed organizations such as the Alberta Medical Association, Brightsquid, and the City of Edmonton, among others.
FAQs
Where is data stored?
Scribeberry does not see any stored PHI. We utilize Microsoft Azure and Google Cloud as our cloud providers. We have signed data protection agreements/BAAs with Microsoft Azure, Google Cloud, OpenAI, Anthropic, and any other utilized third-party vendors to safeguard any PHI transmitted through the application. This PHI is transmitted from the user and back securely via end-to-end encryption. The data is only temporarily stored on Scribeberry in an encrypted fashion. The only purpose of this storage is to synchronize notes across user devices. Once the notes are deleted by the user, no encrypted data is stored
Azure/GCP servers are region specific. When a Canadian user logs-in, that data stays in Canada. When a user from the USA logs in, data is able to be routed to USA based servers
How do you use data?
Scribeberry does not permanently store PHI. We can not see the PHI nor do we train any AI systems on any PHI. Data inputs remains private and confidential.
When text is created, the text is submitted through an encrypted channel and back to the user device. We can never see this data.
Is data encrypted?
Yes – we utilize state-of-the-art encryption methods to ensure secure transit of sensitive data to and from the AI service
Are there stored audio recordings?
We do not store nor create audio recordings of any kind. Transcription occurs using our own self-hosted encrypted transcription service. Transcription occurs in real-time. The transcribed text is then utilized to generate notes across various use cases. No distinct audio files are created or stored. This ensures compliance and removal of any identifying characteristics (accents, language etc.)
Are you compliant across Canada (ie. Provincially)
Yes, Scribeberry is compliant across all Canadian Provinces. We have submitted a PIA (Privacy Impact Assessment) and have completed an audit on our security risk and data management policies.
We also make public a third-party live continuous monitoring platform so you can see the security of our platform in real time: https://app.getdelve.com/scribeberry
Who are your third-party providers?
We utilize a number of third-parties. We utilize Microsoft, Anthropic, and Google as main infrastructure providers. We have a healthcare data agreement with all three providers.
Can we Access Further Documentation?
Documentation is provided on the left hand side. For any other documentation, please email hello@scribeberry.com. You can also request documentation through https://app.getdelve.com/scribeberry – Some documents will require signing of an NDA as some of our agreements with third-party providers necessitate this for disclosure
Scribeberry Trust Center 