What Does MentalNote Do With Patient Data? Nothing, Because We Don’t Have It

Written By Seth Baker

3/20/2025

Privacy and security are the foundation of MentalNote's design. As mental health professionals, you handle sensitive patient information daily, and our commitment is ensuring that data stays protected - by never having access to it in the first place.

Local Processing: Your Data Never Leaves Your Device

MentalNote operates fundamentally differently from most cloud-based applications. When you record a therapy session or dictate notes, everything happens locally on your computer:

  1. Audio processing occurs on-device - Your recordings never travel to external servers

  2. Transcription happens in real-time locally - We use on-device language models

  3. Redaction is performed before saving - Names, dates, locations, and other PHI are identified and removed on your machine

  4. Files are saved automatically to your desktop folders - Transcripts are systematically organized in dedicated directories on your computer

This architecture means MentalNote physically cannot access your session content - we've intentionally built it this way to provide maximum security and peace of mind.

Zero Data Retention Policy: What's Not Stored Can't Be Breached

Our zero data retention policy means exactly what it says:

  • No session recordings are stored - Once the application closes, all temporary audio data is permanently destroyed

  • No transcripts are saved in the cloud - All files are saved locally in designated folders on your desktop

  • No patient information is transmitted - The application operates independently without needing to send data externally

The only exception is basic account information needed to verify your subscription. We never have access to your clinical content or patient information.

Our Zero Data Retention Agreement with OpenAI

For our note generation feature, we do send completely anonymized transcripts to OpenAI after they've gone through our comprehensive three-layer redaction process. However, we exclusively use OpenAI's zero retention endpoints, which means:

  • OpenAI doesn't review the anonymized content

  • OpenAI doesn't store the transcripts

  • OpenAI can't access any identifying information

  • The data is immediately deleted after processing

This arrangement gives you the benefits of powerful AI-assisted note generation while maintaining the highest standards of privacy and confidentiality.

Multiple Layers of Protection

Security isn't just about where data is stored - it's also about how it's handled. MentalNote implements:

  • Three-layer redaction process - Automatically identifies and removes PHI through pattern matching and natural language processing

  • User-maintained redaction dictionary - You control additional terms specific to your practice

  • Non-diarized transcripts - By design, we don't identify speakers, further protecting confidentiality

  • Automatic session destruction - When the application closes, all temporary data is erased

Complete Control Over Your Documentation

This security-first design gives you complete ownership of your documentation process:

  • You decide what information to include in your dictations

  • You maintain and update your redaction dictionary

  • You determine how to transfer content to your EHR system

Beyond HIPAA Compliance

While many applications claim HIPAA compliance, we've gone further by eliminating the possibility of a data breach at its source. If we don't have your data, it can't be compromised.

Our approach follows the principle of "privacy by design" - rather than treating security as an add-on feature, we've built the entire application around protecting your patients' information.

The Ultimate Peace of Mind

Mental health professionals have enough to worry about without adding data security concerns. MentalNote's local processing and zero data retention policy provide the ultimate peace of mind:

  • No risk of cloud storage breaches

  • No concerns about third-party access

  • No need for additional BAAs with multiple vendors

  • No uncertainty about where your sensitive information lives

This is why we can confidently say: What does MentalNote do with your session data? Nothing, because we don't have it - and that's exactly how we designed it.

Seth Baker
Next

Can I Dictate a Session Instead of Recording It?