Security Overview
Security Overview
This document explains how MediMic.Ai protects your data in plain language. For the full technical and regulatory breakdown, see HIPAA Compliance Details.
The Short Version
- Only you can read your sessions. Session content is encrypted on your device before it ever leaves. MediMic's servers never see the words spoken in a session.
- Each session has its own unique key. Keys are generated randomly and stored in your device's secure hardware store — not on our servers.
- Invite links are designed so the key never reaches our servers. The encryption key travels in the URL fragment (
#…), which browsers never send to servers. - We don't sell your data. We are a HIPAA Business Associate — we are legally bound to protect PHI and cannot use it for any purpose other than providing the service.
End-to-End Encryption
What it means: The content of your sessions (speech transcriptions, translations) is encrypted on your device using a key that only your device knows. It is transmitted and stored in encrypted form. No one — including MediMic employees and our cloud infrastructure — can decrypt and read session content.
How it works:
- When you create a session, your device generates a random 256-bit encryption key using cryptographically secure random number generation.
- The key is stored in your device's hardware-backed secure storage (iOS Keychain / Android Keystore). It never leaves your device in a readable form.
- All session content is encrypted with AES-256-GCM — an authenticated encryption algorithm that also detects any tampering.
- Encrypted data is what gets sent to MediMic servers for relay and storage.
For Two-Device sessions: The patient's device needs the same key to decrypt the provider's speech. The key is shared via the invite link using a split-URL technique:
- The invite token (used to authenticate joining) is in the URL query string and is sent to our server.
- The encryption key is in the URL fragment (
#secret=…). Browsers never include the fragment in network requests, so our server never sees the key. - The patient's device reads the key from the fragment client-side and stores it locally.
Encryption Standards
| Layer | Algorithm | Key Size |
|---|---|---|
| Session content | AES-256-GCM | 256 bits |
| Key derivation | CSPRNG (OS-level) | 256 bits |
| Data in transit | TLS 1.2 / 1.3 | Per TLS spec |
| Data at rest (server) | AES-256 (database encryption) | 256 bits |
AES-256-GCM provides both confidentiality (no one can read it) and integrity (any tampering is detected and rejected).
Where Your Data Lives
| Data | Location | Encrypted? |
|---|---|---|
| Session audio | Not stored — processed in real time only | N/A |
| Session transcripts | MediMic cloud (Azure) | Yes — E2E encrypted |
| Encryption keys | Device only (Keychain/Keystore) | Yes — OS-protected |
| Account credentials | MediMic cloud | Yes — bcrypt hashed |
| Session metadata | MediMic cloud | Yes — TLS + database encryption |
| Device IDs | Device secure storage + MediMic cloud | Yes |
Audio is never stored. Speech is captured, processed to text, and the audio is discarded. Only the text transcript is retained.
Account Security
- Passwords are stored as bcrypt hashes — we cannot recover your password if you forget it.
- Portal sessions use secure HttpOnly cookies with
SameSite=Strictand HTTPS-only flags, protecting against cross-site request forgery and cookie theft. - Email verification is required for new accounts.
- Device revocation is available from Account Settings if a device is lost or stolen.
- Session tokens expire — access tokens have a 2-hour TTL.
HIPAA Compliance
MediMic is built specifically for healthcare. We comply with:
- 45 CFR §164.312 — Technical Safeguards (access control, encryption, audit, integrity, transmission security)
- 45 CFR §164.308 — Administrative Safeguards (policies, training, incident response)
- 45 CFR §164.310 — Physical Safeguards (data center security, workstation controls)
We sign a Business Associate Agreement (BAA) with all Individual, Team, and Enterprise plan customers. The BAA is a legally binding contract that establishes our obligations as a HIPAA Business Associate.
For the full regulatory mapping, see HIPAA Compliance Details.
Data Retention
| Data Type | Default Retention |
|---|---|
| Session transcripts | 365 days from session end |
| Audit logs | 6 years (HIPAA minimum) |
| Account data | Duration of account + 90 days post-cancellation |
| Push notification tokens | Updated on each app open; removed on revocation |
Enterprise customers can configure custom retention policies.
Incident Response
If MediMic detects a security incident affecting Protected Health Information:
- We will notify affected customers within 60 days of discovery, as required by HIPAA Breach Notification Rule (45 CFR §164.400–414).
- We will provide the nature of the breach, types of PHI involved, steps you should take, and what we are doing to mitigate.
To report a security issue: [email protected]
Infrastructure
MediMic's cloud infrastructure runs on Microsoft Azure in HIPAA-eligible regions:
- All data remains within the United States.
- Azure is covered under Microsoft's HIPAA BAA.
- Infrastructure is encrypted at rest using AzSQL Transparent Data Encryption.
- Access to production systems is restricted to authorized staff with audit logging on all access.
What MediMic Cannot Do
Because of end-to-end encryption, MediMic cannot:
- Read the content of any session transcript
- Recover a session transcript if the originating device's key is lost
- Share PHI with law enforcement, advertisers, or any third party (except as required by law and described in our BAA)