Scope is 100% free for US + CA healthcare professionals.
All CollectionsComplianceData Retention and Compliance

Data Retention and Compliance

At Scope Health, we believe you should have full control over your data. This guide outlines our data retention practices and how we help you comply with healthcare regulations including HIPAA and PIPEDA.

Our Commitment to Data Security

Scope Health is SOC 2 certified and maintains the highest standards of data security. We are fully compliant with both HIPAA (for US healthcare providers) and PIPEDA (for Canadian healthcare providers). All data is encrypted in transit and at rest, and we enforce strict access controls across our systems.

Your data is never used for training AI models, and is only used to personalize models for your use. For more details, refer to our HIPAA BAA and PIPEDA Compliance pages.

What Data We Process

  • Audio recordings - Voice recordings of patient encounters captured during visits
  • Transcripts - Text transcriptions generated from audio recordings
  • Clinical notes - AI-generated documentation (SOAP notes, H&P, etc.)
  • Uploaded documents and images - Files uploaded for chats and clinical workflows
  • Visit metadata - Visit titles, timestamps, and organizational information

Default Retention Periods

Data TypeRetentionNotes
Audio recordingsDeleted after processingAutomatically deleted once transcription is complete
TranscriptsIndefiniteRetained with visit notes until you delete them
Clinical notesIndefiniteRetained until you delete them
Uploaded documents/imagesDeleted after processingAutomatically deleted once analysis is complete
Visit metadataMatches note retentionDeleted when associated note is deleted

Audio Recording Handling

Audio recordings contain the most sensitive information, so we take extra precautions: all audio is encrypted immediately upon capture, processed in secure isolated environments, and automatically deleted after transcription is complete.

When explaining Scope to patients, you can assure them that audio is encrypted, used only for generating notes, and automatically deleted afterward.

Data Deletion

You can delete individual visits—along with their notes, transcripts, and associated data—at any time. By default, deleted visits go to the trash first, giving you a short window to recover from mistakes:

  • A deleted visit moves to the trash, where it stays for 3 days. During that time you can restore it from Settings → Trash.
  • After 3 days, the visit's note, transcript, and all related content are permanently deleted. This is irreversible—not even our support team can recover it.
  • If you don't want to wait, Delete permanently on the Trash page destroys a trashed visit's content immediately.

If you'd rather deleted visits be erased immediately, you can turn off Move deleted visits to trash in Settings → Trash. With the trash off, deleting a visit permanently deletes it right away, with no recovery window. In an organization, this setting applies to everyone in the organization and only organization admins can change it.

You can also permanently delete your entire account yourself from Settings—see Deleting Your Account for steps. When you delete your account, all associated data is permanently deleted within 7 days. We retain only what is legally required for compliance purposes.

Your Rights and Controls

You can access, export, and delete your data at any time through your account. Patients can request access to and correction of their records through their clinician.

If you have questions about our data retention practices, please contact support@scopehealth.com.

Back to Compliance