• HelloNote is built with healthcare-grade security to protect patient data, ensure compliance, and support modern clinical workflows

• HIPAA-aligned data protection
• Encrypted data (in transit & at rest)
• Secure cloud infrastructure
• Role-based access controls

Compliance & Regulatory Alignment

• HIPAA Alignment
  • Administrative, physical, and technical safeguards
  • Business Associate Agreement (BAA) available
• Industry Standards
  • Secure hosting environment
  • Regular security reviews and monitoring
  • Policies for access control, incident response, and data retention

Data Protection & Encryption

• Data Encryption
  • Encryption in transit
  • Encryption at rest
• Data Isolation
  • Customer data logically separated
  • No cross-tenant access
• Backups & Recovery
  • Regular backups
  • Disaster recovery planning
• Access Controls & User Security
• Role-based permissions (front desk vs clinician vs owner)
• Least-privilege access
• Secure authentication practices
• Account activity logging / audit trails

Infrastructure & Hosting

• Secure, reputable cloud infrastructure
• Physical security controls at the data center level
• Redundancy and availability consideration

Internal Security Practices

• Employee access restrictions
• Security training and awareness
• Vendor risk management
• Incident response process (high level)