Data Retention and Compliance
At Scope Health, we believe you should have full control over your data. This guide outlines our data retention practices and how we help you comply with healthcare regulations including HIPAA and PIPEDA.
Our Commitment to Data Security
Scope Health is SOC 2 certified and maintains the highest standards of data security. We are fully compliant with both HIPAA (for US healthcare providers) and PIPEDA (for Canadian healthcare providers). All data is encrypted in transit and at rest, and we enforce strict access controls across our systems.
Your data is never used for training AI models, and is only used to personalize models for your use. For more details, refer to our HIPAA BAA and PIPEDA Compliance pages.
What Data We Process
- Audio recordings - Voice recordings of patient encounters captured during visits
- Transcripts - Text transcriptions generated from audio recordings
- Clinical notes - AI-generated documentation (SOAP notes, H&P, etc.)
- Uploaded documents and images - Files uploaded for chats and clinical workflows
- Visit metadata - Visit titles, timestamps, and organizational information
Default Retention Periods
| Data Type | Retention | Notes |
|---|---|---|
| Audio recordings | Deleted after processing | Automatically deleted once transcription is complete |
| Transcripts | Indefinite | Retained with visit notes until you delete them |
| Clinical notes | Indefinite | Retained until you delete them |
| Uploaded documents/images | Deleted after processing | Automatically deleted once analysis is complete |
| Visit metadata | Matches note retention | Deleted when associated note is deleted |
Audio Recording Handling
Audio recordings contain the most sensitive information, so we take extra precautions: all audio is encrypted immediately upon capture, processed in secure isolated environments, and automatically deleted after transcription is complete.
When explaining Scope to patients, you can assure them that audio is encrypted, used only for generating notes, and automatically deleted afterward.
Data Deletion
You can delete individual visits—along with their notes, transcripts, and associated data—at any time. By default, deleted visits go to the trash first, giving you a short window to recover from mistakes:
- A deleted visit moves to the trash, where it stays for 3 days. During that time you can restore it from Settings → Trash.
- After 3 days, the visit's note, transcript, and all related content are permanently deleted. This is irreversible—not even our support team can recover it.
- If you don't want to wait, Delete permanently on the Trash page destroys a trashed visit's content immediately.
If you'd rather deleted visits be erased immediately, you can turn off Move deleted visits to trash in Settings → Trash. With the trash off, deleting a visit permanently deletes it right away, with no recovery window. In an organization, this setting applies to everyone in the organization and only organization admins can change it.
You can also permanently delete your entire account yourself from Settings—see Deleting Your Account for steps. When you delete your account, all associated data is permanently deleted within 7 days. We retain only what is legally required for compliance purposes.
Your Rights and Controls
You can access, export, and delete your data at any time through your account. Patients can request access to and correction of their records through their clinician.
If you have questions about our data retention practices, please contact support@scopehealth.com.