Skip to content
Start for Free
Practice Management

Compliance that doesn't need your attention.

HIPAA, PHIPA, PIPEDA, GDPR — mePro is compliant out of the box. End-to-end encryption, full audit logging, role-based access controls, BAAs available. You focus on therapy; compliance handles itself.

Start for FreeView Live Demo
Compliance posture
All controls active
HIPAA
United States
PHIPA
Ontario
PIPEDA
Canada
GDPR-ready
EU clients
Last audit run✓ Pass

Compliance by default

Standards baked into the infrastructure. You don't have to configure anything special to be compliant.

Audit-ready

Every access, edit, and export is logged. Audit, supervision review, malpractice protection — covered.

Designed for therapy

We're not a generic SaaS retrofitted for healthcare. Therapy is what we built for.

What's inside

Every detail, designed for therapy.

Every capability inside this feature, ready to fold into your practice from day one.

01

HIPAA-compliant infrastructure

Encrypted at rest and in transit. BAAs available for all plans. SOC 2 Type II audited.

02

PHIPA + PIPEDA (Canada)

Canadian privacy frameworks supported. Data residency options for Canadian practices.

03

GDPR-ready

EU client data handled per GDPR — right to erasure, data portability, consent management.

04

Role-based access

Therapists see only their clients (unless permission granted). Admins see what's needed for billing. Audit-logged.

05

Audit logging

Every record access, edit, export, share is logged with timestamp, user, action. 7-year retention.

06

Encryption everywhere

AES-256 at rest. TLS 1.3 in transit. End-to-end for messaging and video.

How it works

Three steps from sign-up to value.

1

Sign up

Your practice is compliant from day one. No configuration needed for HIPAA, PHIPA, or PIPEDA baseline.

2

Sign the BAA

Available in your settings. One signature, applies to all client data going forward.

3

Trust the audit log

Every action is logged. If you ever need to prove compliance — audit, supervision, malpractice — the trail is there.

In your practice

See it inside the product.

Every feature folds into the calendar you already check, the client chart you already open, the inbox you already manage. No new tab to remember.

Your week
A calendar that breathes.
Live
S
M
T
W
T
F
S
9 AMOlivia M.
10 AMLiam A.
11 AMNoah P.
1 PMAva T.
MePro AI · between sessions
Your clients, supported 24/7.
Online
Can't sleep. Anxiety spiking.
Let's do the wind-down we practiced. 3 min HRV breathing together?
StartJournalReach therapist
MePro AI is typing
AI Notetaker · just finished
Session notes, ready to sign.
Auto-saved
SReports continued sleep-onset insomnia driven by nighttime rumination.
OCalm affect. 5-6 hr sleep avg. PHQ-9: 14.
AInsomnia maintained by pre-bed phone use + guilt around rest.
PWind-down routine, no screens 30 min before bed. Review next week.
Drafted in 14 seconds
47 reminders sent this week12 mobile app clients active19 AI notes drafted today
In your workflow

Built so you don't have to be the security expert.

Therapists shouldn't have to think about encryption keys, access policies, or audit retention. mePro handles that so you don't have to.

  • SOC 2 Type II audited
  • HIPAA, PHIPA, PIPEDA out of the box
  • GDPR-ready for international practices
  • Per-employee role-based access in group practices
Try it free
Audit log · last 24h· immutable
Dr. Emma Wilson
Viewed chart · Alex Davis
0:14 ago
Dr. Emma Wilson
Signed note · Alex Davis
Today 11:08
Sarah · admin
Generated superbill · 4 clients
Today 9:42
Dr. Mark Chen
Exported PDF · Liam A.
Yesterday 16:22
7-year retention · exportable on demand
FAQ

Questions, answered.

Still curious? Reach out to info@mepro.ai or book a 30-minute walkthrough.

Is mePro really HIPAA-compliant?

Yes. SOC 2 Type II audited, BAAs available for all plans, full audit logging, encrypted at rest and in transit. Compliance documentation available for your records on request.

What about Canadian privacy law (PHIPA/PIPEDA)?

Fully supported. Canadian data can be stored in Canadian data centers. PHIPA documentation available for Ontario practices.

Where is my data stored?

US-based AWS data centers by default. Canadian data residency available on Group/Clinic plans for Canadian practices.

What's the data retention policy if I cancel?

Your data is yours. Cancel and we hold for 60 days (in case you change your mind), then provide an export and delete on request. We don't keep data we don't need to keep.

What's the process if there's a security breach?

We notify affected practices within 24 hours of detection, conduct a forensic investigation, and provide affected-individual notification templates per HIPAA breach notification rules (60-day window). Practices retain control of client notification.

Can the BAA be modified for my legal team's review?

On Group/Clinic plans, yes — common modifications (additional indemnification, custom audit rights, specific data residency) are negotiable. On Solo Practice plans, the standard BAA terms apply as written.
See it in action

Compliance that fades into the background.

Start for FreeView Live Demo

Not sure about how it works?

Book a demo to see mePro in action, ask questions, and explore how the platform can support your practice at every stage.

Start for Free

One connected, AI-powered platform for care, engagement, and growth.

Platform

Solutions

Resources

Company

©2026 mePro. All rights reserved.

TermsPrivacy PolicyCookie PolicyCookie PreferencesStatus