Zero-Retention Architecture • HIPAA-Ready • BAA Available

Architecturally incapable of retaining your audio.

SolScribe doesn’t promise to delete your audio. It can’t keep it in the first place. Every job is destroyed on completion, and you get a Certificate of Destruction to file with your own compliance record.

Built for behavioral health and clinical practices, legal teams, clinical research, and medical-device QMS — anyone who can’t risk a vendor holding onto a recording.

Zero Retention By Architecture, Not Policy
Per-Job Certificate of Destruction
HIPAA-Ready BAA Available
AES-256-GCM In Transit & At Rest

Teams that can’t afford a retention mistake

If a recording sitting on someone else’s server is a liability, this page is for you.

Behavioral Health & Clinical

Session notes and intake calls carry PHI you’re responsible for the moment they’re recorded. A vendor with a data-retention policy is still a vendor holding your patients’ data.

Legal

Depositions, client interviews and case discussions are privileged. Transcription shouldn’t create a second copy of the record you didn’t authorize.

Clinical Research

Study interviews and adverse-event calls fall under protocols you signed up to defend. Zero retention removes an entire category of audit finding.

Medical-Device QMS

Design reviews and complaint-handling calls touch your quality system. You need a processor you can put in your supplier file, not a black box.


What actually happens to your audio

No vague privacy promises. Here is the exact path your file takes, and where it ends.

01 — UPLOAD

Encrypted in transit

Your audio is transmitted over TLS and staged in encrypted storage (AWS S3, SSE-KMS). It never lands anywhere unencrypted.

02 — PROCESS

Isolated GPU worker

A short-lived signed URL hands the file to an isolated GPU worker running Whisper Large-v3. The audio exists only for the duration of that job.

03 — DESTROY

Deleted on completion

The staged audio object is destroyed immediately after the transcript is produced. No archive copy, no backup, no retention after processing.

04 — ATTEST

Certificate issued

You receive a Certificate of Destruction confirming the job ran and the staged audio was deleted — a record your compliance officer can file.

Only the resulting transcript is retained, encrypted, under your control, until you delete it. We are not claiming audio never touches disk — it is briefly staged in encrypted storage during processing, then destroyed. That distinction is the whole point: we can tell you exactly where it went and exactly when it stopped existing.


Certificate of Destruction

Every job produces a record you can hand to an auditor without having to explain your vendor’s internal policies.

  • Attests that the staged audio for this specific job was deleted — not a hash of the audio content itself
  • Includes file metadata, processing tier and the exact UTC destruction timestamp
  • Downloadable per job, so it lives in your own records, not just ours
  • Backed by an immutable audit log entry (actor, action, record ID, timestamp), exportable as CSV
certificate-of-destruction.pdf
Certificate of Destruction
Job ID job_9f13a2c4
File metadata intake_0619.m4a · 18m 42s
Processing tier Compliance & Legal
Staged in AWS S3 (SSE-KMS)
Destroyed at 2026-06-30T14:22:03Z
Audio destroyed · no retained copies

Everything a compliance officer asks for

Not features bolted on for a checkbox. This is the same infrastructure every job runs on.

BAA available

Compliance & Legal and Enterprise tiers include an executed Business Associate Agreement with DST Digital LLC before any PHI touches the system.

Encryption in transit and at rest

TLS on the wire, AES-256-GCM for stored transcripts, SSE-KMS for staged audio. Keys are destroyed with the audio, not retained after the job ends.

Access controls & audit logging

Every read and write of protected data is logged: actor, timestamp, action, record ID. HIPAA-tier accounts can export the log as CSV for review.

Self-host or managed

Run the managed cloud service under a BAA, or deploy on your own infrastructure for full control over where audio and transcripts live.

No training on your audio or transcripts No retention after processing HIPAA-ready, not self-certified as compliant

Compliance infrastructure without the per-seat markup

Clinical transcription vendors charge per provider, per month, indefinitely. SolScribe charges once for the license and per minute for compute.

Vendor Model Typical Cost
Suki Per-provider subscription ~$200–400/provider/mo
Abridge Per-provider subscription ~$200–400/provider/mo
Fireflies Enterprise Per-seat subscription ~$200–400/provider/mo
SolScribe Compliance & Legal One-time license + per-minute compute $499 once, then pennies per minute

Competitor figures are indicative, based on publicly reported clinical-documentation pricing as of 2026. Confirm current rates directly with each vendor.

Talk to us before you sign anything

Tell us your data flow and we’ll tell you exactly what SolScribe does and doesn’t retain, what the BAA covers, and what a Certificate of Destruction looks like for your use case.

Book a Call Request a BAA