Security

The design is the security story

DirectScribe is shaped so the sensitive data has nowhere unexpected to go. There is no DirectScribe server, no account, and no analytics. This page states what the app does — and, just as plainly, what it does not.

Framed for Canada: your obligations sit under PIPEDA and your province's health-privacy law (in Ontario, PHIPA). We do not market this product against US HIPAA.

Seven design choices

  • Only the physician's voice is ever recorded. DirectScribe records the physician for dictation. It is not an ambient scribe; the patient is never recorded, and there is no microphone open on the room.
  • PHI never touches DirectScribe servers — there are none. Your recordings and notes go from your Mac straight to the vendors you chose. We operate no service that receives, stores, or sees your patients' data.
  • API keys live in the macOS Keychain. Your vendor keys are stored by the system Keychain, protected by your login and FileVault — never written to plain configuration files and never sent to us.
  • The app is sandboxed. DirectScribe runs in the macOS App Sandbox with least-privilege access, so it can reach only what it needs to do its job.
  • Deletion runs on your schedule. A session-end action plus 7/30/90-day sweeps remove recordings, transcripts, and notes without you having to remember.
  • The audit log is tamper-evident. Every transmission and deletion is hash-chained and sequence-checkpointed, and it is PHI-free by design.
  • Licensing is offline. A license key is validated on your Mac. No account is created, and no server is contacted to let you work.

What runs where

"Local-first" is easy to overstate, so here is the precise version. Your recordings, templates, API keys, saved notes, and the audit log live on your Mac. Two steps use the internet, and only to the vendors you pick:

The path of a note, at launch
StepWhere it runsWhat is sent
RecordYour MacNothing leaves yet — audio is captured locally.
TranscribeYour chosen cloud STT vendorThe physician's audio, over TLS, to that vendor only.
Shape to templateYour chosen intelligence vendor — or fully local with LM StudioThe transcript text, to that vendor. With LM Studio it stays on your Mac.
Review & pasteYour Mac → your EMRYou copy the finished note into your EMR by hand.

At launch, every transcription path is cloud. There is no fully on-device speech-to-text option yet. The only step that can run entirely on your Mac today is note-shaping, via LM Studio. We would rather say this than let a trust-sensitive buyer assume otherwise.

Deletion, stated honestly

When DirectScribe deletes an artifact, it is deleted from the file system on your schedule; FileVault protects residual storage; backups you configure may retain copies. We will not tell you it is gone from every disk, because that would not be true — and you deserve the accurate version.

Why the care? macOS uses the APFS file system, which is copy-on-write on modern SSDs. There is no per-file secure-erase, so deleting a file frees its blocks but can leave residue until those blocks are reused. The compensating control is FileVault: any residue stays as encrypted ciphertext. DirectScribe also marks its data directories to be excluded from Time Machine, but APFS local snapshots and any backup you run yourself can still hold copies the app cannot reach.

So the audit log proves the deletion action — not the absence of every copy. Keeping FileVault on and being deliberate about backups (see the clinic checklist) is what closes the gap.

The audit log — and what it is not

DirectScribe keeps an append-only, PHI-free log. Each entry records that a transmission or a deletion happened — the vendor, the timestamp, the artifact type, and an opaque identifier. It never records note content, filenames, template names, or file paths. The chain is verified in the app, and a sequence checkpoint in the Keychain catches casual truncation.

What this log is

A transmission-and-deletion transparency record you can show a privacy reviewer to demonstrate where data went and when it was removed.

Tamper-evidence, scoped. The hash chain detects an in-place edit to any past entry. The Keychain sequence checkpoint additionally detects casual tail-truncation. It does not make the log indelible — someone with full disk access could still delete a whole month's file. We do not use external anchoring or Merkle trees; that would be over-engineering for this product, and claiming indestructibility would be dishonest.

The one network call the app makes on its own

So that "no telemetry" is a claim you can verify with a network monitor rather than a promise you have to trust, here it is in full. Once a week, DirectScribe performs an update check: an HTTPS request to directscribe.ca/version.json to see whether a newer version exists. It compares version numbers and, if there is one, links this site's download page. It does not download anything automatically, does not follow any URL supplied by that file, and does not render any text from it.

That is the only request the app initiates by itself. There is no telemetry, no analytics, no crash reporting, no usage tracking, no phone-home. The update check has an off switch in Settings. Every other network request is one you triggered — a transcription or a note-shaping call — to a vendor you chose.

Licensing is honesty enforcement, not DRM

The license check is deliberately simple. It verifies a cryptographic signature offline and unlocks dictation; viewing, search, export, and deletion always work, even unlicensed or expired. We do not obfuscate the binary, add anti-debugging, or scatter secret checks — those are wrong for physicians and would not stop a determined bypass anyway. The real integrity control on the download itself is Apple notarization (see the download page).

Limits we disclose

  • Cloud transcription. At launch, speech-to-text always uses a cloud vendor. Choose one whose privacy terms you accept — the vendor guides lay out what each offers.
  • APFS residue and backups. As above — deletion frees blocks but FileVault and backup discipline do the rest.
  • LM Studio on localhost is unauthenticated between processes. If you run a local model, any process on your Mac could, in principle, bind the same local port. The app checks the server's response shape, and we recommend enabling LM Studio's optional bearer token. We disclose this rather than pretend the local path has no trade-offs.