Trust & Compliance

Scribeable is built by clinicians for clinicians. PHI stays encrypted end-to-end, every access is logged, and our compliance posture is published in the open.

Checking status…

Auto-refreshes every 60s

Full status page

Live posture

Updated 1h ago

Uptime (90d)

99.25%

across monitored services

Critical incidents

—

awaiting first evidence run

Encryption

AES-256-GCM

at rest and in transit

TLS grade

A+

quarterly external scan

Evidence freshness

Last evidence run: —
Last pentest: —
Subprocessors: 19

Policy posture

Oldest policy review: Apr 2026
Policies due for review: 0

Certifications & frameworks

HIPAA

BAA available

SOC 2 Type I

Readiness in progress

SOC 2 Type II

Observation window planned

HITRUST CSF r2

Control framework mapped — validation 2027

Compliance program

Security overview

Whitepaper covering encryption, access control, and operational security.

Subprocessors

Vendors that may process PHI. BAA-aware, with change history.

What data we collect, how we use it, and your rights.

Business Associate Agreement

Standard BAA template for HIPAA-covered customers.

Data Processing Addendum

GDPR / CCPA-aligned DPA for international and consumer use.

System status

Real-time uptime, incident history, and 90-day service health.

Transparency report

Government data requests, security disclosures, and platform metrics.

Audit reports

SOC 2 / pentest summaries available under NDA.

Responsible disclosure

Report a vulnerability — safe-harbor policy + contact.