Our commitment to client privacy
Therapy documentation demands rigorous technical safeguards. Here is exactly how we handle, process, and protect your practice data.
Encryption Standards
- All data encrypted in transit: Transmitted securely using TLS 1.2 or higher.
- Data encrypted at rest: Stored on secure databases using AES-256 encryption.
Infrastructure & Isolation
- HIPAA-eligible cloud: Built entirely on enterprise-grade cloud systems verified for healthcare storage.
- Backups & retention: Automated geo-redundant backups with a 35-day retention policy.
Technical & compliance status
Compliance Roadmap
We are actively building toward official compliance audits and certifications. While our infrastructure implements the technical parameters required for HIPAA, DPDP, and GDPR readiness, we are currently working toward formal certifications (including signing BAAs and completing external compliance audits).
Security Auditing
We are actively aligning our operational controls with the SOC 2 Type II trust services criteria. We currently do not hold a SOC 2 Type II certification, but we are working to prepare our environment for future external audits.
Legal Jurisdiction
MyKaya is operated out of Mumbai, India.
How we process session audio
Encrypted Transmission
Audio is captured silently from your desktop recorder and transmitted immediately to our processing environment.
Secure Transcription & Drafting
The audio is transcribed and formatted into clinical templates (SOAP, DAP, CBT) on isolated cloud compute instances. PHI-aware logging ensures no client identifiers are leaked.
Encrypted Storage
Once notes are generated, the resulting drafts are stored in our secure database encrypted at rest (AES-256).