Security
HIPAA & Compliance
How Ardela supports regulated firms handling protected health information.
Ardela is designed for professional services firms with strict confidentiality requirements, including firms handling protected health information (PHI).
Workspace controls
- Role-based access — limit who can create, view, and edit recordings
- Group visibility — control read access within teams; shared visibility is read-only
- Two-factor authentication — admins can require MFA for all members
- Session timeouts — automatic logout after inactivity
- Activity logging — audit trail for administrative actions
Configure these under Settings → Security, Permissions, and Groups.
Your firm's responsibilities
Using Ardela in a regulated context requires your firm to:
- Configure workspace access and permissions appropriately
- Avoid dictating PHI on unsecured networks or shared devices
- Follow your firm's retention, export, and deletion policies
- Train staff on approved workflows and device policies
- Execute appropriate agreements (such as a BAA) with vendors where required
Best practices
- Require MFA for all workspace members
- Use groups to limit recording visibility to relevant teams
- Review transcripts before sharing or exporting externally
- Sign out on shared workstations
- Do not share login credentials
Business associate agreements
Contact your workspace administrator or Ardela support for BAA and firm-specific compliance questions. Requirements vary by jurisdiction and practice type.