Therapists are trusted with stories that clients may never share anywhere else. The technology used in therapy should respect the seriousness of that trust.

At AirNote, privacy is not a setting added after the product was built. It shapes how information is recorded, transcribed, processed, stored and shared.

The aim is simple: to give therapists the benefits of AI-assisted documentation without treating sensitive clinical material like ordinary software data.

The most sensitive source material is treated differently

A therapy recording contains far more than the information that eventually appears in a clinical note. It may capture names, pauses, emotion, uncertainty, personal history and the full texture of a private conversation.

AirNote therefore handles raw audio differently from the rest of the clinical record.

Session audio is recorded and transcribed directly on the therapist’s Mac. It is not uploaded to the cloud for transcription, and it is excluded from Cloud Sync. Once transcription has completed successfully, the raw recording is deleted under AirNote’s retention process.

The transcript can then be used to create notes and other documents, but AirNote is not designed to become a cloud archive of therapy-session recordings.

This distinction is deliberate. The information needed for continuity and documentation can be retained securely, while the most sensitive raw source material is kept out of cloud storage.

Encrypted Cloud Storage for ongoing records

The records therapists need to continue working with—including client information, transcripts, Clinical Notes, Process Notes, documents, formulations, Prior Context and Ask AirNote conversations—are protected through AirNote’s Cloud Storage architecture.

Information is encrypted while moving between AirNote and the cloud, as well as while it is stored. Access is tied to the therapist’s authenticated AirNote account and signed-in installations, with controls designed to prevent public or unauthorised access.

Raw audio is never included in Cloud Sync.

This creates a practical balance. Therapists can benefit from reliable synchronisation, continuity and recovery of their working records without turning therapy recordings themselves into cloud records.

AI processing happens when you request it

AirNote does not continuously send clinical material to an AI system.

Relevant text is processed only when the therapist initiates an AI-assisted task, such as generating:

• A Clinical Note or Process Note.

• Prior Context.

• A psychological formulation.

• Client homework or a session summary.

• A referral or progress letter.

• An Ask AirNote response.

Only the information needed for that task is sent for processing. Raw audio is not included.

The resulting content returns to AirNote as a draft. It is not automatically placed into an EHR, emailed to a client or shared with another professional. The therapist reviews, edits and decides what should become part of the formal record or be disclosed to anyone else.

This keeps the clinician in control of both the clinical decision and the flow of information.

Clinical data is not an advertising asset

AirNote’s business model does not depend on monetising client information.

AirNote does not sell personal data, use clinical material for advertising or use identifiable clinical content to train general-purpose AI models.

The same principle applies to product analytics. AirNote may need to understand whether a feature is working reliably or how often it is used, but that does not require knowing what a client said. Product analytics are therefore designed around technical and usage metadata rather than transcripts, notes, client names or other clinical free text.

Operational logs are similarly designed to exclude the substance of clinical requests and responses.

In practical terms, AirNote may record that a note-generation request succeeded. It is not designed to place the content of that note into an ordinary software log.

Security is built in layers

No single technical measure can protect sensitive information on its own. AirNote uses several layers of protection around clinical records and account activity.

These include encrypted network connections, encrypted cloud storage, authenticated access, secure credential handling, restricted system permissions and safeguards around AI requests. Cloud storage is not publicly accessible, and access to production systems is limited according to operational need.

AirNote also separates different kinds of information wherever practical. Raw audio, clinical records, account information, billing details and product analytics are not treated as one undifferentiated pool of data.

This layered approach reduces the amount of sensitive information available in any one part of the system and helps limit the effect of a failure or error.

Retention should be purposeful

Privacy is not only about preventing unauthorised access. It is also about avoiding unnecessary retention.

AirNote provides workflows for deleting records, managing synced data and exporting information when it is needed. Therapists can also create client data-access packs to support access and portability requests.

Deleting or exporting information remains a clinical and professional decision. Different therapists work under different legal, regulatory, insurance and professional-body requirements, so AirNote does not attempt to make those decisions on the therapist’s behalf.

Once information is copied, emailed, printed or exported from AirNote, the therapist controls its destination and onward security. AirNote is designed to make those actions deliberate rather than automatic.

GDPR and HIPAA compliance

AirNote is built and operated to meet the privacy and security requirements relevant to professional healthcare use.

AirNote is GDPR compliant, with its data practices designed around principles including transparency, purpose limitation, data minimisation, security, access, portability and deletion.

AirNote also provides a HIPAA-compliant service for eligible US healthcare customers, including Business Associate Agreement coverage where required. Its safeguards are designed to protect electronic protected health information during storage, transmission and authorised processing.

Compliance is supported by more than technical security. It also requires clear policies, appropriate contractual arrangements, defined retention processes and documented responsibilities.

Using compliant software does not automatically make every aspect of a therapy practice compliant. Therapists still need to manage matters such as client consent, professional record-keeping, device access, staff permissions and onward disclosure. AirNote’s responsibility is to provide a service that can be used within an appropriate GDPR- or HIPAA-compliant practice.

Consent and professional judgement remain essential

AirNote is a documentation assistant, not an autonomous clinical system.

Therapists remain responsible for obtaining any consent required for recording or AI processing, reviewing generated material and deciding what belongs in the client record. AI-generated notes, documents, formulations and answers should always be checked against the therapist’s own understanding and the underlying clinical material.

This is an important privacy protection in itself. Information is not automatically converted into a final clinical judgement or shared without human review.

The therapist remains the person who understands the client, the context and the consequences of what is recorded.

Privacy without unnecessary friction

Strong privacy should not make a product difficult to use. It should operate quietly in the background while leaving the important decisions visible to the therapist.

With AirNote:

• Raw session audio stays on the Mac for transcription and is excluded from Cloud Sync.

• Ongoing clinical records are protected through encrypted cloud storage and synchronisation.

• AI processing occurs only when the therapist requests it.

• Relevant text, rather than raw audio, is used for generation.

• Clinical content is not used for advertising or general AI training.

• Generated material remains a draft until the therapist reviews it.

• Sharing and disclosure remain under the therapist’s control.

Therapists should not have to choose between better documentation and responsible data protection.

AirNote is designed to make notes, reflection and continuity easier while respecting the privacy on which therapeutic work depends.