Skip to content
Security & Compliance

Privacy that starts on the device.

Most platforms ship raw session data to the cloud and promise to guard it there. Mediyn does the opposite: by default, PHI is identified and stripped on your device before anything uploads, so our servers see a de-identified note - and every document is labeled with where it was processed. Everything downstream - encryption, access, audit - is then built to the standard healthcare demands, not bolted on afterward.

HIPAA compliant · BAA included · SOC 2 Type II · 256-bit AES

On-Device
Ready
Therapist

How have you been feeling since we adjusted the medication?

Client

Much better. My mother Sarah ChenNAME noticed I've been sleeping through the night. We moved to 142 Oak StreetADDRESS last month. Next check-in is March 15thDATE.

On-device de-identification

We can’t leak what we never receive.

The safest data is the data that never has to leave. By default, Mediyn’s redaction engine runs on the device, finding names, dates, addresses, and other identifiers in the raw session and replacing them with tokens before anything is uploaded. What lands on our servers is a de-identified clinical note - structurally complete, but not re-identifiable. In the rare case on-device processing isn’t available, the app falls back to a secure encrypted upload that is deleted once your notes are ready - and every document is labeled with exactly where it was processed. That’s a fundamentally smaller attack surface than ‘upload everything, secure it later.’

Identifiers stripped locally by default, before upload
De-identified notes reach the cloud on the default path
Every document labeled with where it was processed
A far smaller attack surface by design
See how documentation works
What leaves the device
De-identified
Stays on device
Names & contacts
Dates of birth
Addresses
Raw audio
Reaches cloud
De-identified note
Token placeholders
Clinical structure
Nothing re-identifiable
Defense in depth

Five independent layers, not one wall.

A single safeguard is a single point of failure. Mediyn layers them: PHI stripped on device, TLS 1.3 in transit, AES-256 at rest with keys held in a hardware security module, role-based access with masking, and an immutable audit trail over all of it. Each layer is independently encrypted, independently audited, and independently configurable - so no one breach exposes the whole.

On device · in transit · at rest · access · audit
TLS 1.3 and AES-256 with HSM-held keys
Each layer independently audited
No single point of failure
Defense in depth
5 layers
01 · On devicePHI stripped locally
02 · In transitTLS 1.3 encrypted
03 · At restAES-256 + HSM keys
04 · AccessMFA + RBAC + masking
05 · AuditImmutable · 7 years
Immutable audit trail

Every access, on the record.

Who opened which chart, who submitted a claim, who changed a role, when the system posted a payment - all of it is logged to a tamper-evident audit trail and retained for seven years. If you’re ever audited or have to investigate an incident, the answer isn’t ‘we think so’; it’s a record you can produce.

Every view, edit, and action logged
Tamper-evident and append-only
Seven-year retention
Exportable for audits and investigations
Audit log
Immutable
Dr. OkaforViewed chart · S. Thompson09:12
Sam (Biller)Submitted claim #C-204109:31
Dr. ReyesChanged role · D. Lin10:04
SystemERA posted · $96.0010:22
Every access and change, recorded and tamper-evident.
Access control

The right people. Nothing more.

Access is least-privilege by default and enforced with real controls: multi-factor authentication you can require across the whole team, role-based permissions that keep clinical and financial data apart, periodic access recertification so stale permissions don’t linger, and trusted-device registration so logins come from hardware you’ve approved.

Require MFA for every account
Role-based, least-privilege permissions
Periodic access recertification
Trusted-device registration
Manage your team
Access control
Enforced
Multi-factor authRequired for all staff
Role-based accessLeast privilege
Access recertificationQuarterly review
Trusted devices2 registered
Policy controls

Your privacy posture, your settings.

Compliance isn’t one-size-fits-all, so the controls are yours. Choose how aggressively the redaction engine masks identifiers, hide PHI in the interface for non-clinical roles, track consent per type with clean withdrawal, and set data retention to match your policy. Sensible defaults out of the box; adjustable when your practice needs something specific.

Configurable redaction profiles
PHI masking in the UI by role
Per-type consent ledger with withdrawal
Policy-driven data retention
Privacy policy controls
Configurable
Redaction profileStrict (names, dates, IDs)
PHI masking in UIOn for non-clinical roles
Consent ledgerPer-type, withdrawable
Data retentionConfigurable per policy
Compliance

Built for healthcare from day one.

Mediyn is HIPAA compliant with a Business Associate Agreement included on every plan - not gated behind an enterprise tier. It’s SOC 2 Type II and supports No Surprises Act (Good Faith Estimate) obligations out of the box. The certifications and paperwork that hold up most clinical tools are simply part of the product here.

HIPAA compliant - BAA on every plan
SOC 2 Type II
No Surprises Act (GFE) support
Read the BAA
Compliance
Current
HIPAASOC 2256-bit AES
HIPAA compliant - BAA on every plan
SOC 2 Type II
No Surprises Act (GFE) support
Your data is yours

No training on your data. No selling it. Ever.

Your clients’ records exist to serve their care - nothing else. Mediyn doesn’t train models on your identifiable data, doesn’t sell or share it, and gives you a signed BAA that puts those commitments in writing. Trust here isn’t a tagline; it’s the contract.

Contact our security team
Our commitments
No model training on your PHI
Never sold or shared
Signed BAA on every plan
Export or delete your data anytime

Your evenings belong to you. Not your notes.

Join the therapists who stopped staying late for documentation and started focusing on what matters - their clients.

7-day free trial · Full access · Cancel anytime