Security & Privacy at Moco The Scribe

We built Moco with HIPAA standards at the core, so you can focus on your patients, not your IT.

1. Bank-Level Encryption

Everything you do on Moco is locked down. Whether data is moving between your device and our servers, or resting in our database, it is encrypted using AES-256 standards. This means no one—not even our engineers—can read your clinical notes without your specific authorization.

2. Your Data is Isolated

We use a "Private Cloud" architecture. Your client data doesn't float freely on the public internet. Instead, it resides in a secure, isolated container that is strictly gated and invisible to the public web.

3. Your Data Teaches You, Not Our AI

We have a strict Zero-Training Policy. We use AI to transcribe notes and surface your client's history for your benefit, but we never use your client's data to train our public models. Your client's secrets never leave your private workspace.

4. Strict Access Controls

You hold the keys. Our system requires Multi-Factor Authentication (MFA) to prevent unauthorized entry. Internally, we enforce a "Least Privilege" policy—meaning our software processes interact with your data only when necessary to perform a task you requested, and never otherwise.

5. Audio is Ephemeral

When you record a session, the audio streams directly into a secure digital vault. Once Moco generates the transcript and clinical note, the raw audio file is permanently purged. We minimize risk by holding onto the heavy data only as long as strictly necessary.

6. HIPAA Audit Ready

We track every system interaction to ensure security. Our infrastructure is built to support HIPAA 164.312(b) Audit Controls, providing you with a reliable, compliant digital paper trail whenever you need it.

Have Security Questions?

We're happy to discuss our security practices in more detail or provide documentation for your compliance needs.