Data Retention and Compliance
At Scope Health, we believe you should have full control over your data. This guide outlines our data retention practices and how we help you comply with healthcare regulations including HIPAA and PIPEDA.
Our Commitment to Data Security
Scope Health is SOC 2 certified and maintains the highest standards of data security. We are fully compliant with both HIPAA (for US healthcare providers) and PIPEDA (for Canadian healthcare providers). All data is encrypted in transit and at rest, and we enforce strict access controls across our systems.
Your data is never used for training AI models, and is only used to personalize models for your use. For more details, refer to our HIPAA BAA and PIPEDA Compliance pages.
What Data We Process
- Audio recordings - Voice recordings of patient encounters captured during visits
- Transcripts - Text transcriptions generated from audio recordings
- Clinical notes - AI-generated documentation (SOAP notes, H&P, etc.)
- Uploaded documents and images - Files uploaded for chats and clinical workflows
- Visit metadata - Visit titles, timestamps, and organizational information
Default Retention Periods
| Data Type | Retention | Notes |
|---|---|---|
| Audio recordings | Deleted after processing | Automatically deleted once transcription is complete |
| Transcripts | Indefinite | Retained with visit notes until you delete them |
| Clinical notes | Indefinite | Retained until you delete them |
| Uploaded documents/images | Deleted after processing | Automatically deleted once analysis is complete |
| Visit metadata | Matches note retention | Deleted when associated note is deleted |
Audio Recording Handling
Audio recordings contain the most sensitive information, so we take extra precautions: all audio is encrypted immediately upon capture, processed in secure isolated environments, and automatically deleted after transcription is complete.
When explaining Scope to patients, you can assure them that audio is encrypted, used only for generating notes, and automatically deleted afterward.
Data Deletion
You can manually delete individual visits, notes, and associated data at any time. Deleted data is permanently removed within 24 hours. Deletion is irreversible—ensure you have any necessary copies before deleting.
If you close your account, all associated data is permanently deleted within 7 days. We retain only what is legally required for compliance purposes.
Your Rights and Controls
You can access, export, and delete your data at any time through your account. Patients can request access to and correction of their records through their clinician.
If you have questions about our data retention practices, please contact support@scopehealth.com.