Radical Transparency

You should not have to trust us. You should be able to verify.

How Scribeable actually works — architecture, BAAs, models, prompt structure, pricing logic, data retention, and the things Scribeable does not do well yet. Every claim on this page carries a date. Every claim is verifiable.

As of 2026-04-17. Reviewed quarterly.

On this page

Our Architecture
Our BAAs
Our LLM Choices
Our Prompt Architecture
Our Benchmarks
Our Pricing Logic
Our Data Retention
Our Limitations
Our Incident History

Our Architecture

Your audio and PHI travel a specific path. Here is every step.

Audio capture (iOS / web / Apple Watch)

Recording happens on your device. Raw audio is encrypted before it leaves the device. Nothing reaches our servers in plaintext.

Encrypted upload

Audio and any PHI fields travel over envelope-encrypted channels (AES-256-GCM, ECDH P-256 key exchange). The CDN, edge, and reverse proxies never see plaintext.

Transcription

Deepgram nova-3-medical (BAA covered) performs transcription on encrypted audio streams. Transcripts are encrypted at rest immediately after generation.

Two-stage LLM note generation

Anthropic Claude (BAA covered) runs a two-pass pipeline: Stage 1 drafts the note; Stage 2 validates calculators, checks clinical reasoning, and anchors billing codes to specific sentences in the draft.

Storage (Firestore + Firebase + KMS)

PHI is stored field-level-encrypted on Google Cloud (HIPAA-eligible, BAA executed). Each organization has its own data encryption key (DEK), wrapped by a master key encryption key (KEK) managed in Google Cloud KMS.

Retrieval & EHR insertion

Notes are decrypted only at the moment of retrieval, using keys negotiated via ECDH. Browser-extension insertion into the EHR happens on the clinician device; Scribeable servers do not touch the EHR directly.

For the full encryption architecture — see the Security page — including the 5-layer envelope encryption model, ECDH P-256 key exchange, and enforcement-mode details.

For live uptime, latency, and incident history — see the Status page. Updated continuously.

Our BAAs

Every vendor that touches PHI has an executed Business Associate Agreement. Named counterparties — not a vague "we have BAAs in place."

Counterparty	Scope	Status
Anthropic	LLM inference for all note-generation and review stages (Claude Opus 4.7, Sonnet 4.6, Haiku 4.5).	Active
Google Cloud (Firebase / Firestore / Cloud KMS)	PHI storage, field-level encryption key management, authentication.	Active
Deepgram	Medical transcription (nova-3-medical model). Encrypted audio streaming.	Active
OVH Public Cloud (HIPAA)	Application server hosting for HIPAA-scoped infrastructure.	Active

BAAs are executed directly between Scribeable LLC and each named vendor. Copies are available under NDA for covered-entity diligence — contact [email protected].

Our LLM Choices

Which models we use, for what, and what they may and may not do with your data.

Claude Opus 4.7

Anthropic

Complex reasoning passes, specialty-specific note refinement, Rounding Mode patient segmentation.

Zero data retention. No training on customer data.

Claude Sonnet 4.6

Anthropic

Default note generation for standard encounters. Quality-pass validation. Billing code anchoring.

Zero data retention. No training on customer data.

Claude Haiku 4.5

Anthropic

Lightweight summarization, quality-gap nudges, fast UI helpers.

Zero data retention. No training on customer data.

Deepgram nova-3-medical

Deepgram

Medical speech-to-text with clinical vocabulary and speaker diarization.

Encrypted audio only. Zero data retention.

What we do not do

We do not route PHI through non-BAA LLM providers.
We do not use OpenAI, Gemini, or other general-purpose LLMs for PHI processing.
We do not train, fine-tune, or contribute to training of any model on your patient data.
We do not operate a shared-tenant vector store over customer PHI.
We do not send PHI to third-party ML-observability, analytics, or evaluation tools.

Our Prompt Architecture

How prompts are composed. Structure is public. Verbatim content is not — partial disclosure is a deliberate tradeoff between transparency and clinical risk.

Per-specialty prompt composition

Prompts are composed per encounter from (a) a specialty-specific clinical scaffold, (b) a care-setting layer (outpatient/inpatient/ED), (c) a note-type layer (H&P, progress, ED, SOAP, etc.), and (d) the organization's quality configuration.

Two-pass verification

Stage 1 generates. Stage 2 validates — calculators scored, HCC/MIPS codes anchored to specific draft sentences, quality-gap opportunities surfaced. Stage 2 outputs corrections that the Stage 1 model cannot overrule.

Chart-aware context

Prior encounters, medications, allergies, recent labs, and open quality gaps are injected as context. Context carries across encounters for the same patient.

What we do not publish

Specific prompt text is not published. Publishing verbatim prompts creates clinical risk (competitors produce lookalikes without clinical review) and no educational value. Structure is public; content is protected.

Our Benchmarks

Honest about where we are. Published benchmarks will appear at scribeable.ai/research with full methodology.

Calculator validation accuracy

Published study in progress (Q2 2026)

Methodology: inputs extracted by AI vs. inputs verified by attending; scored against reference implementation. Full methodology and dataset will publish with the study.

Note-quality blinded review

Early-user blinded review — analysis pending

Blinded attending review: AI-drafted vs. attending-written notes, from early users who consented to participate. Results will be published on scribeable.ai/research with full methodology when complete.

Hallucination rate

Internal tracking only (methodology in development)

We have not yet published a hallucination benchmark. We will when the methodology is reproducible — "trust me" metrics get challenged and should.

Our Pricing Logic

Every tier, to the dollar. Every cost driver, named.

Free Trial

$014 days

Unlimited notes with Pro features. No credit card required. After trial, account drops to 5 notes/month on the permanent free tier.

Lite

$39/mo (or $390/yr — 17% off)

40 AI notes/month. All note formats. HIPAA + BAA included. Browser extension for any EHR.

Pro

$79/mo (or $790/yr — 17% off)

150 AI notes/month. After-visit summaries. 35+ document types. ICD-10 & HCC coding. Template marketplace. 2 rounding sessions/week.

Team

$89/seat/mo (or $890/seat/yr)

100 notes/seat. All Pro features. Quality reporting dashboard. Population-health insights. 2–10 seats.

Enterprise

Custom

Unlimited notes, dedicated support, custom EHR integration, SSO. Priced per engagement — published starting point is available under NDA.

Where the money goes

LLM inference

Largest direct cost per note

Two-pass generation runs primarily on Claude Sonnet 4.6 with Opus 4.7 for reasoning-heavy passes. Cost per note scales with encounter length, specialty complexity, and how many chart-context passes run.

Transcription

Second-largest direct cost

Deepgram nova-3-medical charges per minute of audio. Rounding Mode amortizes this across many patients.

Storage + compute

Smaller but growing

Firestore, Cloud Functions, KMS, and HIPAA-scoped hosting on OVH. Costs grow linearly with stored encounters and user count.

Support

Currently founder-led

Support is answered by the founder directly through 2026. Scales to a support team as usage grows.

Gross margin: We will publish a gross-margin range in the first quarterly transparency report (Q4 2026). We are not yet publishing a number because we want it to be one we can stand behind with audited math — not an estimate. The honest answer today is that per-note margin is positive across all tiers; precise tier-level numbers will appear in the quarterly report.

Our Data Retention

What we keep, for how long, how you export, how you delete.

Encounter recordings

Stored encrypted for the life of the account. User can delete any single recording at any time from the app; deletion is permanent within 30 days.

Generated notes

Stored encrypted for the life of the account. Exportable at any time in structured JSON or plain text.

Transcripts

Stored encrypted, linked to the associated encounter. Deletable with the encounter.

Account deletion

On account closure, all PHI is permanently deleted within 30 days. Audit-log records of access (which do not contain PHI) are retained per HIPAA minimum-retention requirements.

Export

Full account export (all notes, templates, documents) is available from the web dashboard at any time. Export is available even during cancellation.

Our Limitations

Honesty beats overselling. Things Scribeable does not do well yet.

Non-English multi-language

Speaker diarization supports many languages, but deep specialty-specific note structures outside US-English are a Year-2 target. Don't rely on non-English specialty templates yet.

Specialty depth is uneven

IM, hospitalist, ED, primary care, and psych are well-tested. Surgical intraoperative notes are not the workflow we've optimized — for OR dictation, specialized tools remain better.

Real-time EHR integration

SMART on FHIR direct integration is roadmap (targeted for enterprise deployments). Today's EHR insertion is clinician-side via browser extension or clipboard. This is intentional — it preserves data portability — but it is not the tightest EHR coupling a health system buyer would demand.

Benchmarks are not yet fully published

We have internal quality metrics but have not published a reproducible hallucination benchmark. That is on us. Methodology in development; first public benchmark study targeted for Q3 2026.

Audit and compliance certifications

HIPAA-compliant infrastructure. SOC 2 audit is in progress, not complete. GCP and OVH HIPAA cloud hold their own SOC 2 Type II — we rely on those today and are pursuing our own.

Response decryption on iOS

There is a known iOS response-decryption workaround currently in place (feature flag off). Fix tracked internally; does not affect encryption at rest or in transit for any other platform.

Our Incident History

Security incidents, outages, and accuracy regressions will be logged here as they occur — not retroactively summarized.

To date

No reportable HIPAA breaches

We have not had a HIPAA-reportable breach. We commit to publishing incident summaries on this page when and if they occur, within the HIPAA-mandated notification timeline.

Upcoming cadence

Quarterly transparency report

Starting Q4 2026 we publish an 8–10 page quarterly PDF: uptime, latency, accuracy benchmark updates, incidents, customer-count (anonymized), support response metrics, feature shipping cadence.

Found something wrong? Tell us.

A page like this only works if it is accurate. If you spot a factual error, an out-of-date claim, or a gap, email [email protected]. We will correct within five business days and log the correction in the next quarterly transparency report.

Last reviewed: 2026-04-17 · Next scheduled review: quarterly

Now that you've verified, try it.

Your account is yours — not your employer's.

Verify further

Related proofs

Manifesto

We build for physicians. DAX builds for hospitals.

The Scribeable Method

Four principles for AI-augmented documentation without surrendering autonomy.

Security

HIPAA architecture, encryption, access controls.

Business Associate Agreement

Executed BAA included with all paid plans.