Security & trust · Praxnote

How your data is locked

Every piece of client information is encrypted while it sits in our database. The keys live somewhere else, not in the database itself.
When data travels between your browser and Praxnote, it's encrypted in transit. Same protection your bank uses.
Database backups are encrypted too. A stolen backup file would be unreadable.
If you work in places where wifi is unreliable (home visits, schools, rural clinics), Praxnote can hold a PIN-locked copy on your device. Without the PIN, the cache is unreadable.

Who can see what

Each role only sees what their job requires. Therapists see their own clients. Supervisors see the people they supervise. Practice administrators see the practice.
Each practice is fully separated from every other practice. No record from another practice is reachable from yours, ever.
Your session times out after 30 minutes of inactivity (the practice can adjust this). One open laptop is not one open chart.

Audit trail

Every time someone reads or changes client information, the action is logged with who did it and when. You can export the log for your records.
HIPAA requires keeping records for six years. Praxnote handles that retention automatically.
If a client requests their data be erased (GDPR for the EU, PIPEDA for Canada), Praxnote runs that workflow end to end, without breaking the HIPAA retention rule.
Consent is tracked plainly: what the client agreed to, when, and whether they later revoked it.
A Business Associate Agreement is included on every paid plan.

How we run the platform

The AI we use (Anthropic) is called directly. No middleman vendor sits between Praxnote and the AI.
This site uses no third-party fonts, trackers, or analytics. View source if you like, nothing is loading from Google or anyone else.
Your client data is never used to train AI models. Yours stays yours.
Anything destructive (deleting, voiding, redacting) requires an explicit confirmation. There's no one-click way to lose work.

What we don't do

We do not train AI models on your charts. Ever.
We do not run third-party analytics by default.
We do not load fonts, scripts, or images from third-party servers.
We do not route AI calls through any other vendor.
We do not mark up payment processing.
We do not make canceling difficult.

What you can hand your compliance officer

Activity log export (CSV)
Summary of any erasure request and how it was carried out
Per-client consent log
Billing audit trail
BAA template, on request
Per-practice data residency setting (US or Canada today)

When a client asks for their data to be erased

Redacting, not deleting. Compliant with HIPAA and GDPR at the same time.

European law (GDPR) gives clients a right to be forgotten. United States law (HIPAA) requires a six-year retention window. Both can be true. Praxnote redacts the identifiable information from notes, transcripts, documents, messages, assessments, and billing entries, and keeps the empty record shells that HIPAA requires. Every step is logged.

Request. A practice administrator opens a request and chooses what to erase (notes, documents, messages, etc.).
Approval. A Praxnote administrator reviews and approves. Both signatures are recorded.
Execution. Praxnote redacts the requested information. The empty record skeleton stays for HIPAA retention.
Summary. A summary of what was erased is written to the request, and the audit log captures the whole chain.

Have questions?

Talk to us about your specific situation.

The fastest path to a clear answer is a 20-minute call. We can walk through your practice's situation (solo, group, multi-practice, EU clients) and map it to what Praxnote does today.

Request a BAA Email security questions →