> ## Documentation Index
> Fetch the complete documentation index at: https://superwhisper-docs-cloud-model-rate-limits.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance & Trust

> Access Superwhisper's Trust Center, sign a DPA or BAA, and review our security and compliance documentation.

Superwhisper supports teams operating under HIPAA, GDPR, SOC 2, and other regulated frameworks. Here's where to find our documentation and how to sign the right agreements.

## Trust Center

Our Trust Center hosts security documentation, certifications, and our sub-processor list.

<Card title="Visit the Superwhisper Trust Center" icon="shield-check" href="https://trust.mycroft.io/superwhisper">
  Browse certifications, policies, security questionnaires, and sub-processors.
</Card>

Request access to SOC 2, penetration test reports, and other gated documents through the Trust Center.

## Sign a DPA or BAA

Most enterprise customers sign a Data Processing Addendum (DPA) at contract time. Healthcare customers handling PHI also sign a Business Associate Agreement (BAA).

<Card title="Sign your DPA or BAA" icon="file-signature" href="https://docuseal.com/d/ehxSh1xq5RTGHh">
  Self-serve signing for Superwhisper's DPA and BAA.
</Card>

The DPA contains the full list of sub-processors Superwhisper uses.

## HIPAA

Configure Superwhisper for HIPAA-aligned workflows. The path depends on which models you use:

* **Local-only setup:** No audio or transcripts leave the device. No BAA required with Superwhisper for those models.
* **Superwhisper cloud models:** Sign Superwhisper's BAA. Superwhisper's API integrations with upstream providers include zero-data-retention terms.
* **Bring Your Own Keys (BYOK):** Sign a BAA directly with the upstream provider (Anthropic, OpenAI, etc). Superwhisper acts as a client to your provider account.

See [Sensitive Data Best Practices](/security/sensitive-data) for how data flows through each stage and which models fit each path.

## SOC 2

Our latest SOC 2 report is available through the [Trust Center](https://trust.mycroft.io/superwhisper) under NDA.

## GDPR

Superwhisper processes personal data on behalf of customers under the terms of the [DPA](https://docuseal.com/d/ehxSh1xq5RTGHh). For data subject requests or account deletion, see [Account & Data Deletion](/security/account-deletion).

## Telemetry & Analytics

Enterprise admins can review exactly what metadata Superwhisper collects when usage analytics is enabled. See [Usage Analytics](/enterprise/usage-analytics) for the full data inventory and how to disable collection.

## Questions

Email [enterprise@superwhisper.com](mailto:enterprise@superwhisper.com) for security reviews, custom DPAs, or other compliance questions.
