Privacy and Security

Privacy, patient consent, security and compliance are at the heart of everything we do.

Built-in privacy

Mute the microphone with a quick tap and swivel the Robin Assistant to cover the camera at any time.

Patient consent

Patients give permission to use Robin before seeing their doctor. Over 98% consent to both audio and video.


Under the SOC 2 certification program, Robin follows rigorous auditing procedures and best practices. We ensure robust data protection with military-grade, 256-bit encryption both at rest and in transit, fully in compliance with HIPAA.


Our infrastructure is designed to withstand system failures and malicious attacks and to scale to meet your clinic's needs—from solo practitioners to large hospital systems. Each clinic’s data lives in an isolated environment, partitioning risk from system failure or attack. We permanently delete all recordings with protected health information (PHI) after a quality assurance period of up to 30 days. All partners are covered under a Business Associates Agreement (BAA).

Information security

Our security protocols ensure all PHI is secure across every aspect of the business. Robin engineers have specific domain expertise in cybersecurity and PCI compliance at large multinational organizations and deep understanding of enterprise-level key management and device certifications. Every team member must complete HIPAA training and a background check.

Device and app management

Robin maintains a secure device management system. We enforce policies for encrypted hard drives, minimum password requirements, remote wiping, IP-designated access, device certifications and two-factor authentication for all users and systems. Robin uses an encrypted user password store and maintains centralized auditing capability for all users and devices. We also ensure the security of our Robin Assistant, applications and infrastructure through annual multiple third-party penetration tests.

Zero Trust security restricts access via device certificates, key management, and IP-designated access in addition to Multi-Factor User Authentication.