
Security
No audio stored
No audio is stored after transcription. Willow processes your voice, writes the text, then discards the recording.
No transcripts logged
Your transcripts are not logged server-side or retained by default after the dictation is complete.
Not used to train AI models
Your voice and text are not used to improve AI models without your consent.
Consent stays in your control
Privacy mode and data permissions can be changed anytime by your team.
No third-party sharing
Willow never sells or shares your data with third parties for advertising or resale.
SSO support
Securely connect Willow to your organization’s identity provider, making team access easier to manage.
Data deletion honored
When your account is deleted, retained account data is deleted according to your privacy settings.
Built for security
SOC 2 Type II, HIPAA, zero data retention, and end-to-end encryption support secure team use.
Compliance
Third-party auditors have verified our controls. Your security team can request the full report at any time.

SOC 2 Type II
Willow’s security controls are independently audited to help protect customer data across security, availability, and confidentiality.
HIPAA Compliant
Willow supports HIPAA-regulated teams with enterprise controls, privacy safeguards, and Business Associate Agreements.
Zero Data Retention
Customer content is processed without retention by Willow or our applicable AI subprocessors, with contractual controls in place for enterprise teams.
End-to-End Encrypted
Audio, text, and customer content are protected using industry-standard encryption while being transmitted and stored.
Do you store my voice recordings or transcripts?
Willow does not store your voice recordings. Your audio is processed to generate text, then discarded. For transcripts and dictation data, you control retention through Privacy Mode. Privacy Mode is enabled by default. With Privacy Mode, Willow keeps nothing from your dictation sessions: no audio, no transcripts, and no edits. When Privacy Mode is off, limited dictation data may be used to improve product quality, reliability, and transcription accuracy, but it is never sold. Enterprise admins can enforce Privacy Mode across their entire organization. When enforced, individual users cannot turn it off. This gives teams a consistent privacy posture across all employees, ensuring dictation data is not retained for users under the enterprise workspace.
What security certifications do you have?
Willow is built with enterprise-grade security controls, including encryption, access controls, audit logging, and privacy-by-design data handling. We are SOC 2 compliant and support HIPAA-ready workflows through a Business Associate Agreement where applicable. Enterprise customers can request our security documentation, compliance report, and subprocessor details during review.
How is data processed?
Willow runs on secure cloud infrastructure in the United States. All data is encrypted in transit and at rest. Access is limited to authorized personnel and systems only. For Enterprise customers, Willow Sales team can provide additional details on infrastructure, subprocessors, and data handling as part of security review.
