Security you can trust

Security and compliance are at the foundation of our system. We've built a secure, HIPAA-compliant platform that you can trust. 

As a mental healthcare provider, you need to know your patient data is completely secure and that you're staying compliant with all regulations. We've got you covered with the same enterprise-level protections used by major healthcare systems. 

​

HIPAA Compliance 

We fully comply with the U.S. Health Insurance Portability and Accountability Act (HIPAA), including the HIPAA Privacy, Security, and Breach Notification Rules. We have implemented stringent security measures and organizational safeguards to protect the confidentiality, integrity, and availability of Protected Health Information (PHI). 

• End-to-end encryption - All patient data is encrypted using industry-standard AES-256 encryption at rest and TLS 1.2-1.3 in transit 

• Comprehensive logging - Complete audit trails track every data access and system action for compliance reporting 

• Trained team - Every team member undergoes background screening and annual HIPAA compliance training 

• Continuous monitoring - Regular compliance assessments ensure we maintain the highest standards at all times 

​

Infrastructure and Hosting 

Kenzie customer data is hosted by Amazon Web Services (AWS), which maintains SOC 2 Type 2 certification and an extensive list of compliance certifications. AWS infrastructure is housed in Amazon-controlled data centers with multiple layers of physical security controls to prevent unauthorized access. 

Our infrastructure is hosted in a fully secured environment with access restricted to authorized operations staff only, providing complete data segregation, firewall protection, and advanced security monitoring. 

​

Data Encryption 

All Kenzie web application communications are encrypted over TLS 1.2-1.3, which cannot be viewed by third parties and is the same level of encryption used by banks and financial institutions. All data is encrypted at rest using AES-256 encryption. 

​

All patient information is encrypted and stored in AWS's highly secure, FedRAMP-certified cloud environment. 

​

Data Handling and Privacy 

Simple rule: We never train AI models with identifiable patient data. 

​

Automatic cleanup - Audio recordings are automatically deleted after 3 days, and transcriptions are deleted after 10 days, and session summaries are deleted after the following appointment (to allow for note persistence between appointments). 

​

You Control Your Patients' Data - Only you have direct access to your identifiable patient data. Our team can only access your data if you grant explicit permission. 

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

 

 

 

We only use completely de-identified information (no names, dates, or identifying details) to: 

•  Make our AI smarter - Help our system better understand clinical conversations  

• Support research - Share anonymous insights with medical institutions studying mental health  

• Build better features - Understand how to make our platform more helpful for providers like you 

​

Using de-identified data for these purposes pushes mental healthcare forward, while protecting individual privacy. 

​

Security Testing and Monitoring 

We maintain ongoing security monitoring 24/7/365 with automated vulnerability scanning to ensure your practice stays protected. 

 

We understand the unique challenges you face because we've been there. Our security is designed specifically for the sensitive nature of mental health care. You can focus on your patients while we handle the technical details of keeping everyone safe and compliant.