Enable HIPAA support and Zero Data Retention (ZDR) in Wispr Flow

Last updated: April 28, 2026

Available on: Mac, Windows, iOS. Android supports Privacy Mode only — no BAA signing or ZDR enterprise settings.

If you dictate medical notes or anything containing patient information, Wispr Flow can operate in a HIPAA-compliant mode. Sign a Business Associate Agreement (BAA) to permanently enable Zero Data Retention (ZDR) and keep PHI protected.

What it is

A Business Associate Agreement (BAA) is a HIPAA-required contract that allows Wispr Flow to handle Protected Health Information (PHI) on your behalf. If you are a healthcare provider, signing a BAA ensures your data is handled in a compliant, secure way.

Zero Data Retention (ZDR) means none of your dictation data is stored or used for model training by Wispr or any third party. When you sign a BAA, Privacy Mode (ZDR) is permanently enabled for your account.

Warning: Signing the BAA is irreversible. Once signed, Privacy Mode is permanently enabled for your account and cannot be turned off.

When to use it

Sign a BAA when you want to:

  • Dictate medical notes, prescriptions, or documentation containing patient information

  • Ensure HIPAA compliance for your practice, clinic, or healthcare organization

  • Guarantee that no voice or text data is stored after transcription

How it works in Flow

Key behaviors

  • Privacy Mode lock: After signing a BAA, Privacy Mode is permanently enabled and cannot be toggled off.

  • Zero Data Retention: No voice or text data is stored or used for model training by Wispr or any third party.

  • Enterprise enforcement: Admins can enforce ZDR organization-wide through the admin portal.

  • Plan requirement: ZDR enforcement is available on Enterprise (Business) plans only. Team plans do not support ZDR enforcement, local data deletion policies, or enforced SSO.

  • Lock reason tooltips: When Privacy Mode is locked, a tooltip explains why — for example, "Privacy mode is locked on because you have signed the HIPAA BAA" or "Privacy mode is locked on because your organization has enforced zero data retention."

  • Scratchpad disabled on desktop: For HIPAA/BAA users on Mac and Windows, Scratchpad (Notes) is hidden from the sidebar, its keyboard shortcut is inactive, and the Notes page redirects to Home.

Local data storage

Any user can control how transcripts and polish history are stored locally via Settings → Data and Privacy → Local data storage. The available options are:

  • Store data locally (default)

  • Auto-delete local data every 24 hours

  • Never store data locally — immediately deletes all existing transcripts and polish history and prevents future storage

Note: "Never store data locally" provides ZDR-like local behavior without a BAA, but does not constitute a HIPAA agreement with Wispr.

For enterprise users, the Local data storage dropdown may be locked by an organization admin. When locked, the dropdown is disabled and a tooltip indicates it is managed by the organization. Admins can also restrict which storage options are available without fully locking the setting — in this case, users see "Some options are restricted by your organization" and only the allowed options appear.

When local data storage is set to "Never store data locally," the History page shows a message explaining why no history is available — distinguishing between an organization-enforced restriction and a user-chosen setting. Users on "Auto-delete local data every 24 hours" still see history items from the past 24 hours.

iOS notes features and HIPAA

On iOS, several notes features are disabled for HIPAA and data-restricted users to protect patient privacy:

  • Note syncing: Notes are not synced to Wispr's servers.

  • AI summary: The AI button that generates a summary of a note is hidden.

  • Spotlight search: Notes are not indexed in iOS Spotlight, so note content does not appear in system search results.

  • Siri donations: Proactive Siri suggestions based on note activity are suppressed. Siri Shortcuts (e.g., "Create note with Flow") remain available — only automatic suggestion behavior is disabled.

Important: These restrictions apply to all data-restricted users on iOS, including users who have manually enabled Privacy Mode — not just HIPAA BAA signers.

ZDR fail-safe on iOS

On iOS, Flow defaults to a secure state if it cannot verify your organization's settings during a server check. The app conservatively assumes ZDR enforcement and locks Privacy Mode on until the connection is restored.

  • Automatic protection: If the enterprise API fails, Privacy Mode is automatically enabled and locked until the connection is restored.

  • Background retry: The app retries connecting up to 2 times with increasing delays (2 seconds, then 4 seconds).

  • If retries are exhausted: Privacy Mode remains locked. The app attempts a fresh enterprise data fetch on the next full preferences reload (approximately every hour), on sign-in, or on a force-refresh.

  • Automatic restoration: Once the connection is restored, normal privacy toggle behavior resumes based on your organization's ZDR settings.

Tip: A temporary server or connectivity issue never leaves your data in an unprotected state — Flow always defaults to the most secure setting.

How to sign the BAA

Individual users (Mac, Windows, iOS)

To sign a BAA for your individual account:

  1. Open Settings → Data and Privacy.

  2. Click "View and accept" next to "Enable HIPAA."

  3. Review the BAA document.

  4. Enter your legal name and click "I agree."

The signing dialog includes a link to preview the BAA and displays the warning: "This action cannot be undone and will enforce privacy mode for you."

After signing, the label changes to "HIPAA enabled" with a "View" button to review the agreement. Privacy Mode is permanently locked on.

Note: On iOS, the BAA document is displayed inline within the app. On Mac and Windows, it opens in your default web browser.

Enterprise users (Mac, Windows)

To sign a BAA for your entire organization:

  1. Open Settings → Data and Privacy.

  2. Click "Open admin portal" next to "Enable HIPAA."

  3. Sign the BAA for the organization through the admin portal.

Once the enterprise BAA is signed, the ZDR enforcement toggle is locked in the ON position and cannot be disabled by admins. Privacy Mode is permanently enforced for all organization members. The "Open admin portal" button is replaced with a "View" button that opens the BAA template PDF — to access the admin portal after signing, go directly to the portal URL.

Note: Enterprise BAA signing must be done from the desktop app or admin portal. On iOS, enterprise users see the same HIPAA row as individual users — there is no "Open admin portal" button. If ZDR is enabled without signing the enterprise BAA, an admin can still toggle it off; once the BAA is signed, the ZDR toggle is locked.

FAQs

Do I need a BAA to use Flow for medical notes?

Yes. If you are handling PHI and need HIPAA compliance, you must sign a BAA.

Is HIPAA available for individual users?

Yes. HIPAA support is available for individual users, clinics, and larger teams.

Is any of my voice or text stored when HIPAA and ZDR are enabled?

No. When Privacy Mode is enabled — whether through signing a HIPAA BAA, enterprise ZDR enforcement, or manual toggle — none of your dictation data is stored or used for model training by Wispr or any third party.

Note: "ZDR" (Zero Data Retention) is the enterprise admin setting that enforces Privacy Mode for all organization members. For individual users, this is simply called Privacy Mode.

What is the difference between "Never store data locally" and enterprise ZDR?

"Never store data locally" controls local storage only — it deletes your transcripts and polish history from your device and prevents future local storage. Enterprise ZDR, enabled through a signed BAA or by an admin, additionally ensures no data is stored or used for model training at the server level. "Never store data locally" does not constitute a HIPAA agreement and does not replace a signed BAA for compliance.

Why can't I change the Local data storage setting?

If the Local data storage dropdown in Settings → Data and Privacy is disabled, your organization's admin has locked this setting. A tooltip on the dropdown confirms it is managed by your organization. Contact your admin if you need a change.

Why can't I see the AI summary button or search my notes in Spotlight?

If you are a HIPAA or data-restricted user on iOS (including users who have manually enabled Privacy Mode), the AI summary button and Spotlight indexing for notes are disabled to protect patient privacy.

Why is Scratchpad missing from the sidebar on desktop?

If you have signed a HIPAA BAA — or your organization has signed an enterprise BAA — Scratchpad (Notes) is disabled on Mac and Windows. It is hidden from the sidebar, its keyboard shortcut is inactive, and the Notes page redirects to Home. This applies to all HIPAA/BAA users and cannot be changed individually.

Can I share HIPAA compliance information with my IT or security team?

Yes. You can share our Trust Center with full compliance documentation, including SOC 2 and HIPAA.

Why is my Privacy Mode locked on?

Privacy Mode can be locked on for several reasons:

  • You signed a HIPAA BAA: This permanently locks Privacy Mode.

  • Organization enforcement: Your organization has enforced Zero Data Retention (ZDR).

  • iOS connectivity (temporary): The app cannot reach your organization's servers — Privacy Mode is locked as a safety precaution until connectivity is restored.

If none of these apply, contact support.

Where can I find the signing details for our BAA?

Enterprise users on Mac and Windows can access the admin portal via Settings → Data and Privacy → "Open admin portal" (visible before the BAA is signed). After signing, all users see a "View" button that opens the standard BAA template. In the enterprise admin portal, the BAA section displays "BAA signed by [name] on [date]" once signed.

Note: On iOS, enterprise users see the same HIPAA row as individual users. The "View" button opens the BAA template, not a personalized signed copy.

Limitations and notes

  • HIPAA BAA signing is available on Mac, Windows, and iOS. Android supports Privacy Mode but does not have BAA signing UI or ZDR enterprise settings.

  • Signing the BAA is irreversible — Privacy Mode cannot be turned off after signing.

  • ZDR enforcement is available on Enterprise (Business) plans only. Team plans do not support ZDR enforcement, local data deletion policies, or enforced SSO.

  • Enterprise admins on the Enterprise (Business) plan can enable a local data deletion policy that enforces restricted local data storage for all organization members.

  • When switching to "Auto-delete local data every 24 hours" or "Never store data locally," a confirmation dialog warns that existing data will be deleted before the change is applied.

  • On iOS, enabling Privacy Mode manually (without signing a BAA) also disables note syncing, AI summary, and Spotlight indexing for notes.

  • On Mac and Windows, Scratchpad (Notes) is disabled for all HIPAA/BAA users — both individual signers and enterprise members covered by an enterprise BAA.

  • For more about data controls, visit wisprflow.ai/data-usage (also linked from Settings → Data and Privacy).

Still need help?

Reach out to our support team if:

  • You need help setting up a BAA for your practice, clinic, or enterprise account

  • You cannot find HIPAA or ZDR settings in your account

  • Your IT or security team needs help reviewing compliance documentation

In the Flow desktop app, click the ? icon, then select Talk to support. Include your platform, plan type (individual or enterprise), and whether you've already signed a BAA so we can route your request quickly.