Skip to main content
TryCaSIE logoTryCaSIE

Security

Trust & Security

HIPAA-compliant infrastructure built on Microsoft Azure. Every service we use is covered by a signed Business Associate Agreement.

Last updated: April 2026

HIPAA-Compliant Infrastructure

Every service we run (database, cache, AI, transcription, secrets) uses HIPAA-eligible Azure managed services with BAAs in place.

Your Data Never Trains AI

We use enterprise Azure OpenAI, not consumer APIs. Your client data is never retained, stored, or used for model training. Ever.

6-Year Audit Trail

Every note change, every login, every action is recorded in immutable audit logs retained for 6 years.

Security Checklist

Technical safeguards implemented across infrastructure, application, and mobile layers.

Encryption

  • AES-256 encryption at rest for all stored data
  • TLS encryption for all data in transit
  • HSTS enforced across all endpoints

Network & Infrastructure

  • Private VNet with no public database access
  • Azure Key Vault for secrets management
  • Managed identity with no static credentials on disk
  • Private endpoints for all data services

Access Controls

  • Role-based access controls (RBAC)
  • Rate limiting and brute force protection
  • CSRF protection on all endpoints
  • HTTP-only session cookies (web)
  • Certificate pinning (iOS)

Data Protection

  • Soft deletes (notes are never hard-deleted)
  • 6-year immutable audit trail
  • Content history for every note change
  • 15-minute auto-lock with biometric (mobile)
  • 72-hour breach notification policy

Infrastructure Certifications

TryCaSIE runs exclusively on Microsoft Azure, which holds the following certifications covering the infrastructure where your data is stored and processed.

SOC 2 Type II

Independent audit verifying security, availability, and confidentiality controls

ISO 27001

International standard for information security management systems

HITRUST CSF

Healthcare-specific security framework combining HIPAA, NIST, and ISO requirements

FedRAMP High

U.S. federal security authorization for cloud services handling sensitive data

How Your Data Flows

Every step is encrypted, isolated, and covered by a Business Associate Agreement.

1

You Record or Type

Input captured on your device. Audio never stored permanently.

2

Transcription

Audio processed by Azure Speech (BAA). Deleted after transcription.

3

AI Structuring

Azure OpenAI formats your note (BAA). No data retained or used for training.

4

Encrypted Storage

Note saved to encrypted PostgreSQL in a private VNet. Only you can access it.

Business Associate Agreement

We maintain a Business Associate Agreement (BAA) with Microsoft Azure that covers all Azure services we use, including Azure OpenAI and Azure Speech Services. This agreement explicitly guarantees your data is never used to train AI models and requires HIPAA-compliant handling of all Protected Health Information.

View Microsoft Azure HIPAA BAA

For our complete legal privacy policy and your data rights, see our Privacy Policy.

Security questions? Reach us at support@trycasie.com

Get Started