Why Conjoin never stores your session audio
The recording you make with Conjoin is transcribed in real time and discarded the moment your session ends. Here’s what that means technically, legally, and for your clients.
Published
What “not stored” actually means
When you tap Record in Conjoin, audio is captured on your iPhone and streamed over an encrypted TLS 1.3 connection to our transcription service. As audio arrives, text is produced and streamed back to your device. The audio itself is held in a short rolling buffer in memory — never written to a disk, never copied to long-term storage, never backed up.
When you tap Stop, the buffer is flushed and the in-memory bytes are released. What remains is the text transcript, which is encrypted at rest under a per-tenant key and scoped to your user account through row-level security in our database.
Why we designed it this way
HIPAA's breach-notification rules key off what data a vendor holds. Every minute a session recording sits on a server is a minute that recording is part of your potential breach surface. A transcript is already high-risk PHI; adding raw audio — which contains voice, tone, and identifying vocal characteristics — makes a breach materially worse.
Transcribe in-stream. Discard audio at session end. Encrypt transcripts at rest. Keep the blast radius as small as the product allows.
Retain raw audio for 30 or 90 days “for quality improvement” or “in case of re-transcription requests.” Every day those files exist is a day they can leak.
What you can tell your clients
Clients often ask, reasonably, what happens to the recording. The short, honest answer: we don't keep one. A transcript is produced so the clinician can draft a progress note, and then the audio is gone. The transcript is under the clinician's control and follows the same retention rules as any other clinical record in your practice.
If a client withdraws consent mid-session or asks for the recording to be deleted afterward, there is nothing to delete on our end — the audio was never retained. You can also delete the transcript from Conjoin at any time from the session detail screen.
How this interacts with state recording laws
Most U.S. states require either one-party or two-party consent to record a conversation. Conjoin does not change that obligation — you still get consent from every party in the room before recording begins. The recording indicator on iOS (the orange dot) is always visible when Conjoin is listening, which supports the transparency requirement in two-party states.
Because the audio is not retained, there is no downstream “recording” to subpoena, produce, or share. The transcript is discoverable like any other clinical note and should be treated as part of your medical record for retention purposes.
What this does not mean
- It does not mean the transcript is anonymous — transcripts contain PHI and are protected accordingly.
- It does not mean you shouldn't get consent — always get recording consent from your clients.
- It does not mean there is no audit trail — every access to a transcript is logged for six years.
- It does not mean the AI provider sees unredacted names — Conjoin uses pseudonyms in prompts.