Skip to main content

How is my data handled and protected?

Learn about Tenor's data, privacy, and security practices.

Paul Salvatore avatar
Written by Paul Salvatore
Updated over a week ago

We understand that privacy is foundational to the therapeutic relationship—without trust, the whole therapeutic process falls apart. This article explains what we store, what controls you have over your data, and how your information is protected and accessed.

What data does Tenor store?

Tenor stores information about your recorded sessions in the form of full transcripts and AI-generated analyses of those transcripts. We also store the client information that you provide, though we encourage the use of pseudonyms to add an extra layer of security.

Important: Session audio is permanently and irreversibly deleted immediately after transcription—this information is never retained by our system.

Complete control over your data

We recognize that sessions can sometimes get intense, and clinicians might reconsider whether they're comfortable having even a transcript of an interaction. Ensuring you have peace of mind with complete control over what data lives in Tenor's system—both before and after a session—is important to us.

Four ways to permanently delete data

  1. Deleting transcripts

    • Navigate to any session summary to delete a transcript at any time

    • Once deleted, the transcript is permanently gone with no way to retrieve it

    • Set up automatic transcript deletion for specific clients through their client settings

  2. Deleting sessions

    • Navigate to any session summary to delete the entire session

    • This removes all associated data and AI-generated analyses

    • This action makes it as if the session never happened in our system

  3. Deleting a client

    • Navigate to client settings to delete a client

    • This removes all their associated metadata and session data

    • This action makes it as if the client never existed in our system

  4. Deleting your account

    • You can irreversibly delete your entire account at any time

    • This removes all AI summaries, client information, transcripts, and session data

    • This action is like never having signed up for Tenor

    • Before taking this step, please consider reaching out to us at support@tenortherapy.com to see if we can address your concerns

Enhanced privacy controls through automatic redaction

In addition to the ability to delete data, Tenor offers nuanced and differentiated ways to add layers of protection and privacy:

  1. HIPAA-compliant PHI redaction

    • Automatically redact all 18 HIPAA-defined identifiers from transcripts

    • This includes names, addresses, dates, phone numbers, and other personally identifiable information

    • Adds an additional layer of privacy protection while maintaining clinical utility

  2. Sensitive topic redaction

    • Automatically redact sensitive topics from transcripts

    • Customize redaction for areas like immigration status, explicit content, or abuse discussions

    • Ensures only essential clinical information is retained in the system

These privacy features can be toggled in your practice "Settings" accessible from the top right dropdown menu.

Security practices and data access

  1. HIPAA compliance & BAA

    • Tenor is HIPAA compliant and follows all relevant HIPAA regulations and guidelines.

    • Our standard Business Associate Agreement (BAA) is agreed to as part of our terms of service when you sign up for Tenor.

  2. Secure transmission and storage of data

    • All data is encrypted both in transit (HTTPS) and at rest (256-bit server disk-level encryption).

    • All enriched data is stored in encrypted relational databases (Amazon Web Services RDS) and all raw session data (captured audio and text transcriptions) is stored in encrypted blob storage (Amazon Web Services S3).

    • All data is stored in encrypted databases and data storage repositories located in the United States.

  3. Infrastructure access

    • Access to AWS infrastructure is limited to members of technical staff who require it for their job function.

    • All technical staff are required to use multi-factor authentication when accessing any systems that contain sensitive information.

    • Direct access to the relational databases requires approved access to our Virtual Private Cloud (VPC)—a logically isolated, secure section of AWS where all sensitive systems reside. Only authorized staff, who have completed multi-factor authentication, can access protected resources within the VPC. This ensures that only authenticated users can reach sensitive infrastructure, adding an extra layer of security beyond standard login credentials.

    • Access to administrative tools (e.g. internal reporting) is limited to members of staff who require it for their job function.

  4. Authentication & session security

    • Tenor provides two-factor authentication to all users to substantially decrease the risk of any compromised passwords being used to access to their account.

    • Tenor automatically logs out users after thirty minutes of inactivity, reducing the risk that idle computers can be used to gain access to sensitive information.

Services we use

For Tenor to function effectively, we work with trusted partners to perform AI analyses and transcription. Tenor has Business Associate Agreements (BAAs) in place with all partners who handle sensitive data to ensure HIPAA compliance and maximum data security.

  1. OpenAI

  2. Anthropic

    • Used to analyze session transcripts and create progress notes or session summaries

    • We have a “Zero Retention” agreement with Anthropic, where “Anthropic does not log or store prompts or completions."

  3. Deepgram

  4. Datadog

    • Used for logging and monitoring

Questions about your data?

If you have any questions or concerns about how your data is handled, please contact us at support@tenortherapy.com.

Did this answer your question?