Privacy and security at Practicepicnic

If you have any questions about the following, please contact support@practicepicnic.com.

Table of contents

At Practicepicnic, privacy and security are at the core of what we do. You trust us with sensitive client information, and we take that responsibility seriously. We're a small business, not a massive corporation, and that means we're personally invested in keeping your data safe.

We're fully HIPAA compliant

We follow strict HIPAA guidelines to ensure your data is always protected. Every part of our platform—client records, telehealth, AI-generated notes—is built with security in mind. We don't take shortcuts when it comes to compliance.

Your data stays in the U.S.

All Practicepicnic data is stored in the U.S. We don't send client data overseas, and we don't share data unnecessarily. To provide essential services like SMS notifications, emails, and AI-assisted note-taking (if enabled), we work with trusted U.S. third-party providers. These providers meet strict security and compliance requirements, and we only share the minimum amount of data necessary to keep things running smoothly.

We use Amazon AWS to host our servers

We host our platform on Amazon Web Services (AWS)—a trusted cloud provider known for its security. AWS powers hospitals, financial institutions, and government agencies, providing:

  • Encryption to keep data private
  • Secure access controls to prevent unauthorized access
  • Continuous monitoring to detect threats
  • Backup and disaster recovery to ensure data isn't lost

HIPAA-compliant telehealth

Our telehealth platform is fully HIPAA compliant. Video calls and messages are encrypted, ensuring that only you and your client have access. We don't store session recordings, and any data handled by third-party services (such as SMS reminders) is secured and used solely for its intended purpose.

End-to-end encryption

All data—whether at rest or in transit—is encrypted. If anyone tried to intercept it, they'd get unreadable data. This ensures client information stays private and secure at all times.

Regular backups

We back up data regularly to prevent loss. If a technical issue occurs, we can restore your information quickly, so you never have to worry about losing client records or progress notes.

Ongoing security monitoring

We don't just set up security once and forget about it. We run regular vulnerability scans to identify risks before they become problems. We also conduct penetration testing, where security professionals attempt to breach our systems to make sure they hold up against real-world threats.

AI features: optional, secure, and HIPAA compliant

Our AI-powered progress note feature is off by default. If you choose to enable it, we use Microsoft's HIPAA-compliant AI to help generate notes. Microsoft follows strict security measures, ensuring:

  • Data is encrypted using industry standard encryption to protect your information
  • AI only processes data to generate notes—it doesn't store or use it for training
  • Recordings and transcriptions are deleted after note generation
  • You have full control over AI-generated notes before saving them
  • Only documents you sign off on become part of the client's chart
  • Our AI service is secure and HIPAA compliant

The AI service is used only when you enable it, and your data stays protected at every step.

For more details on how our AI feature works, see this article.

Security you can rely on

We built Practicepicnic to make clinicians' lives easier, and security is a non-negotiable part of that. We take privacy and trust seriously, and if you ever have questions about security, we're here to answer them.

Security reflects our values

Security and privacy aren't just features—they reflect who we are as a company. At Practicepicnic, we believe in transparency, trust, and putting clinicians first. These values shape everything we build, from secure data storage to AI features that respect your control over your information.

We know that privacy isn't just about compliance—it's about doing the right thing. That's why we take a no-nonsense approach to security, only sharing data when absolutely necessary to deliver our service and always ensuring that you remain in control.

If you'd like to learn more about what drives us, check out our values page to see how we think about our role in supporting clinicians and their clients.