Loading agency dashboard…

Sign In Required

Please sign in to manage your agency.

Admin Access Required

This dashboard is for agency administrators only.

—

— · Status: —

Sign your agency's BAA to activate

Inviting members, adjusting seats, and enabling domain auto-join all require a signed Business Associate Agreement first.

Invite clinicians

Add team members one at a time, or paste a list of emails for a bulk invite. Each invitee gets an email with a link to accept and activate their seat.

Adding their name lets us greet them properly in the app on day 1. Clinicians can use the product; Admins also get full agency-management access.

Up to 200 per batch. All invited as Clinicians — to promote to Admin, use Single.

Team Members

Loading…

Current Seats

Base Seats

0 / 0

$59/seat/mo

Voice Seats

0 / 0

$99/seat/mo

Billing

—

Adjust Seats

Add or remove seats anytime. Stripe will prorate the change automatically — increases bill the difference for the rest of the cycle, decreases credit your next invoice.

Base seats

currently 0

Voice seats

currently 0

Billing Cycle

Switch between monthly and annual billing. Annual saves 17%. Stripe will prorate the change automatically.

Currently: —

Billing Portal & Invoices

Manage your card on file, download past invoices, or update billing details via Stripe's secure portal.

Business Associate Agreement

Sign your BAA below. It covers every clinician on your agency plan. The signed PDF will be available for download anytime.

BAA Signed by — on —.

Forward to your bookkeeper or compliance file.

Signature on file

Read the full Business Associate Agreement (v2.0)

Important: As a healthcare provider, you are required to have a Business Associate Agreement with any service that handles Protected Health Information (PHI) on your behalf.

1. Agreement Overview

This Business Associate Agreement ("BAA") is between your agency (the "Covered Entity") and SOAP Note Buddy (the "Business Associate"). We provide AI-powered clinical documentation services via the SOAP Note Buddy Chrome extension, Safari extension, iOS app, and web Voice Scribe. By signing this BAA, you accept it on behalf of your agency and bind every clinician you add to your Agency Plan.

2. How We Handle Your Data

Local Storage. Clinical automation data is stored locally on each clinician's device using IndexedDB.

Cloud Storage (Google Cloud Firestore). The following is stored in Google Cloud Firestore with encryption at rest and in transit:

Account information (email, name, discipline, subscription and billing status)
Patient names, identifiers, and eval summaries (for cross-device sync)
Voice note transcripts and AI-generated SOAP summaries (from Voice Scribe)
Token usage and purchase history

AI Processing (Chrome / Safari extensions). When generating clinical notes:

Clinical context (which may include PHI) is sent to Google Cloud's HIPAA-compliant Vertex AI for note generation
A manual PHI scrubbing tool is available when adding patient data to help remove identifiers (names, DOB, phone, email, addresses)
Vertex AI does not retain your data after processing; however, patient data you store (eval summaries, note history) persists in Firestore until you delete it
AI requests use Google's global Vertex AI endpoint for reliable availability, which means individual requests may be processed in Google Cloud regions outside the United States under Google's HIPAA BAA
All data transmission uses TLS 1.3 encryption

Voice Processing. When using Voice Scribe:

Voice recordings are transmitted to Google Cloud for transcription, then immediately deleted
Voice recordings may contain PHI (e.g., patient names spoken aloud); this data is processed on HIPAA-compliant infrastructure with BAA coverage
The resulting transcript and AI-generated summary are stored in Firestore and accessible until you delete them

3. Our Security Commitments

HIPAA-Compliant Infrastructure: All cloud services (Google Cloud Platform) have signed Business Associate Agreements
Encryption: AES-256 at rest, TLS 1.3 in transit
Manual PHI Scrubbing Tool: A built-in tool is available to help remove key HIPAA identifiers
Minimal Data Retention: Extension AI processing is stateless; voice transcripts and summaries are stored until you delete them
Access Controls: Limited personnel access, audit logging
Breach Notification: We will notify you within 24 hours of any security incident

4. Your Responsibilities

Review AI Content: Each clinician must review all AI-generated documentation for accuracy before use in patient records
Device Security: Each clinician keeps their device secure with password/biometric protection
Professional Judgment: Clinicians retain full clinical responsibility for all patient care decisions
Appropriate Use: Only use this service for your own patients within your scope of practice
Member Onboarding: As agency admin, you are responsible for ensuring your clinicians are aware of and comply with this BAA

5. Subcontractors

We use the following HIPAA-compliant subcontractors:

Google Cloud Platform: Infrastructure, AI services (Vertex AI), database (Firestore), Speech-to-Text — BAA in place
Stripe: Payment processing only (no PHI transmitted)
Amazon Web Services (SES): Transactional email delivery only (no PHI transmitted)

6. Data Rights

You have the right to:

Access your data (stored locally on each clinician's device and in our cloud infrastructure)
Export your data
Delete your data (contact [email protected] for cloud data deletion)
Request an accounting of disclosures (contact [email protected])

7. Breach Notification

In the event of a breach of unsecured PHI, we will:

Notify you within 24 hours of discovery
Provide details of the breach and affected individuals
Describe steps taken to mitigate harm
Cooperate fully in breach investigation and response

8. Termination

This agreement:

Becomes effective when you sign and click "Sign BAA"
Remains in effect as long as your Agency Plan subscription is active
Terminates when you request deletion of your cloud data (contact [email protected])
Can be terminated by either party with 30 days notice for material breach

9. Limitations

No Warranty: We provide AI-assisted tools only. We make no warranties regarding accuracy, completeness, or clinical suitability of generated content. Each clinician is solely responsible for clinical accuracy.

Service Changes: We may update security measures and this agreement to maintain HIPAA compliance. You'll be notified of material changes.

10. Contact Information

Email: [email protected]
Privacy Policy: soapnotebuddy.com/privacy

Your Acceptance

By signing below, you acknowledge that:

You are an authorized representative of a healthcare provider or organization subject to HIPAA
You have read and understand this Business Associate Agreement (v2.0)
You agree to be legally bound by its terms on behalf of your agency
You understand each clinician's responsibility to review all AI-generated content
You understand this service uses HIPAA-compliant infrastructure

Your full legal name

Sign below (use mouse or finger)

Agency Name

Domain Auto-Join

Anyone signing up with one of these email domains is automatically added to your agency. Add as many as you need — useful for staffing agencies bridging multiple clients, multi-location practices with different domains per site, or parent companies with subsidiaries. Common consumer providers (gmail.com, yahoo.com, etc.) are blocked.

Suggested: we noticed your team uses —. Enable auto-join for them?

Paste a domain like yourpractice.com — we'll strip http://, www., or @ if you include them.

Auto-Add Seats

When ON, a new clinician signing up via domain auto-join automatically gets a seat added to your plan if you're at capacity. Stripe bills the prorated difference immediately. When OFF, clinicians who try to join when full are marked as Blocked in your members list — you can add a seat manually and re-invite them.

Off You'll be emailed each time a seat is auto-added.