Skip to main content
Superwhisper supports teams operating under HIPAA, GDPR, SOC 2, and other regulated frameworks. Here’s where to find our documentation and how to sign the right agreements.

Trust Center

Our Trust Center hosts security documentation, certifications, and our sub-processor list.

Visit the Superwhisper Trust Center

Browse certifications, policies, security questionnaires, and sub-processors.
Request access to SOC 2, penetration test reports, and other gated documents through the Trust Center.

Sign a DPA or BAA

Most enterprise customers sign a Data Processing Addendum (DPA) at contract time. Healthcare customers handling PHI also sign a Business Associate Agreement (BAA).

Sign your DPA or BAA

Self-serve signing for Superwhisper’s DPA and BAA.
The DPA contains the full list of sub-processors Superwhisper uses.

HIPAA

Configure Superwhisper for HIPAA-aligned workflows. The path depends on which models you use:
  • Local-only setup: No audio or transcripts leave the device. No BAA required with Superwhisper for those models.
  • Superwhisper cloud models: Sign Superwhisper’s BAA. Superwhisper’s API integrations with upstream providers include zero-data-retention terms.
  • Bring Your Own Keys (BYOK): Sign a BAA directly with the upstream provider (Anthropic, OpenAI, etc). Superwhisper acts as a client to your provider account.
See Sensitive Data Best Practices for how data flows through each stage and which models fit each path.

SOC 2

Our latest SOC 2 report is available through the Trust Center under NDA.

GDPR

Superwhisper processes personal data on behalf of customers under the terms of the DPA. For data subject requests or account deletion, see Account & Data Deletion.

Telemetry & Analytics

Enterprise admins can review exactly what metadata Superwhisper collects when usage analytics is enabled. See Usage Analytics for the full data inventory and how to disable collection.

Questions

Email enterprise@superwhisper.com for security reviews, custom DPAs, or other compliance questions.