Syntry

Security & HIPAA Compliance

Your data is private, protected, and handled with the utmost care. Syntry is built for clinicians, by clinicians—with every detail designed to keep patient information safe and meet or exceed HIPAA standards.

1. Access Control & Authentication

  • Secure logins with multi-factor authentication options to ensure only authorized users access clinical data
  • Automatic session timeout after inactivity to protect against unauthorized access
  • Role-based permissions ensuring users only see data relevant to their clinical role
  • Encrypted password storage using industry-standard hashing algorithms

2. Data Encryption Everywhere

  • All data is encrypted in transit using TLS 1.3 encryption protocols
  • Patient data is encrypted at rest using AES-256 encryption standards
  • Audio recordings are encrypted immediately upon capture and remain encrypted during processing
  • Database connections use SSL encryption to prevent data interception

3. Minimal Data Storage

  • We collect only the minimum necessary data required for clinical documentation
  • Audio files are processed and securely deleted after transcription completion
  • Data retention policies ensure information is kept only as long as clinically necessary
  • Automatic purging of temporary files and processing data prevents unnecessary storage

4. Secure AI Usage

  • AI processing occurs within secure, HIPAA-compliant environments with signed Business Associate Agreements
  • No patient data is used for AI model training or improvement without explicit consent
  • All AI interactions are logged and auditable for compliance verification
  • Data anonymization protocols ensure patient identifiers are removed before AI processing

5. Business Associate Agreements

  • All third-party services handling PHI have signed Business Associate Agreements (BAAs)
  • Cloud infrastructure providers meet HIPAA compliance requirements with appropriate safeguards
  • Regular audits ensure all vendors maintain compliance with privacy and security standards
  • No external services are integrated without proper HIPAA compliance verification

6. Auditing & User Control

  • Comprehensive audit logs track all data access and modifications
  • Users maintain full control over their data with options to export or delete
  • Regular security assessments and penetration testing ensure system integrity
  • Incident response procedures are in place for rapid security breach containment

Our Commitment: No Shortcuts. No Data Selling. No Exceptions.

  • No audio recordings or PHI are used for marketing, analytics, or sold to third parties
  • No plugins, integrations, or services are added without signed Business Associate Agreements
  • Clinicians maintain complete control and ownership of their patient data at all times
  • Transparent privacy practices with no hidden data collection or usage
  • Regular third-party security audits validate our commitment to data protection

Questions about our security practices? Want to learn more?

Contact Syntry Support