
Argent Forensics handles Protected Health Information on behalf of forensic practitioners. We take that responsibility seriously. This page explains precisely how your data is protected from the moment you upload a record to the moment it is permanently deleted.
HIPPA GUIDELINES
There is no federal body that certifies organizations as HIPAA compliant the way there are certifications for other industries or standards. Compliance is based on whether an organization's practices, policies, technical architecture, and legal agreements meet the requirements of the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.
Argent's HIPAA compliance rests on four pillars: technical safeguards, administrative safeguards, physical safeguards, and legal agreements.
HIPAA's technical safeguard requirements address how electronic Protected Health Information is stored, transmitted, and accessed. Argent maintains written policies governing PHI handling, access controls, breach response, and subcontractor management. These policies are reviewed and updated as the platform evolves and as HIPAA guidance develops. Argent's data is hosted on cloud infrastructure whose data centers meet industry-standard physical security requirements — including perimeter security, access controls, environmental monitoring, and equipment disposal procedures consistent with HIPAA physical safeguard requirements.
Every organization receives a BAA. No exceptions, Under HIPAA, when a covered entity — a licensed healthcare provider, which includes forensic psychologists who handle PHI — shares Protected Health Information with a service provider, that service provider is a Business Associate. Business Associates are required to enter into a Business Associate Agreement with the covered entity that governs how PHI is handled. The BAA is not an optional add-on for enterprise accounts. It is a standard component of every Argent engagement.
The BAA establishes the legal framework for Argent's handling of your PHI — defining permitted uses, security obligations, breach notification requirements, and the terms under which the agreement can be terminated. It is the contractual foundation of the compliance relationship between you and Argent.
Using Argent does not transfer your HIPAA obligations to us. You remain responsible for your own compliance as a Covered Entity — including obtaining appropriate authorization before uploading a client's records to any platform, maintaining your own breach notification procedures, and ensuring that your use of Argent is consistent with the terms of any relevant Notice of Privacy Practices you have provided to your clients. The BAA governs Argent's obligations to you — it does not govern your obligations to your clients.
Court-ordered forensic evaluations frequently involve records obtained under judicial authority rather than patient authorization. The applicability of HIPAA to court-ordered forensic evaluations is a nuanced legal question that varies by jurisdiction and context. Argent's HIPAA compliance architecture protects data once it is in the platform regardless of the legal basis for its collection.
Encryption — AES-256 encryption at rest and TLS 1.3 encryption in transit. See the Privacy & Encryption page for full details.
Access Controls — Case file data is isolated to individual user accounts. Access by Argent personnel is restricted, requires authentication, and is logged. No user can access another user's case files at the data level.
Audit Controls — The platform maintains logs of access to Protected Health Information — when it was accessed, by whom, and for what purpose. These logs are maintained for a defined period and are available to support breach investigation and compliance reporting.
Automatic Logoff — The platform enforces session timeout controls to reduce the risk of unauthorized access from unattended sessions.
Integrity Controls — Argent maintains mechanisms to verify that case file data has not been altered or destroyed in an unauthorized manner.
AT-REST ENCRYPTION
Every file stored on the Argent platform — your uploaded records, your AI-generated artifacts, your case file metadata, your account information — is encrypted at rest using AES-256 encryption. AES-256 is the encryption standard used by the United States government for classified information and is the current industry benchmark for data security at rest.
Encryption at rest means that if the physical storage infrastructure were ever compromised — through unauthorized access, hardware theft, or any other breach scenario — the data stored on it would be unreadable without the decryption keys. Those keys are managed separately from the data they protect, using industry-standard key management practices.
Your case files are stored in isolated, account-specific environments. No other Argent user can access your data. No Argent employee accesses your case files in the normal course of operations. Access to case file data by Argent personnel is restricted to specific, documented scenarios — such as responding to a verified technical support request — which is logged.


IN-TRANSIT ENCRYPTION
Every data transfer between your device and the Argent platform — uploads, downloads, queries, responses — is encrypted in transit using TLS 1.3, the current standard for secure data transmission over the internet. TLS 1.3 is the same protocol used by financial institutions, healthcare systems, and government agencies for secure data transmission.
Encryption in transit means that data moving between your device and our servers cannot be intercepted or read by a third party — not your internet service provider, not a malicious actor on a shared network, not anyone without authorized access to both endpoints of the connection.
Argent does not support unencrypted connections. Every connection to the platform requires TLS 1.3 — there is no configuration in which your data travels unencrypted.
SUBPROCESSORS
Argent uses a limited set of third-party services to deliver the platform — cloud infrastructure providers, AI model providers, and payment processors. Each of these services touches your data in some capacity and each is governed by a Business Associate Agreement or equivalent data processing agreement that binds them to the same data protection standards that apply to Argent directly.
We do not use third-party services for advertising, analytics that involve your case data, or any purpose unrelated to delivering the platform to you. The full list of subprocessors — the third-party services that have access to any portion of your data — is documented in our Privacy Policy and updated when subprocessors change.
When you sign a BAA with Argent, that agreement extends to our subprocessors. You are not entering into separate agreements with each service provider. Argent assumes responsibility for their compliance with the data protection standards your BAA requires.
AI PROCESSING
Understanding what happens with records.
Argent uses a limited set of third-party services to deliver the platform — cloud infrastructure providers, AI model providers, and payment processors. Each of these services touches your data in some capacity and each is governed by a Business Associate Agreement or equivalent data processing agreement that binds them to the same data protection standards that apply to Argent directly.
We do not use third-party services for advertising, analytics that involve your case data, or any purpose unrelated to delivering the platform to you. The full list of subprocessors — the third-party services that have access to any portion of your data — is documented in our Privacy Policy and updated when subprocessors change.
When you sign a BAA with Argent, that agreement extends to our subprocessors. You are not entering into separate agreements with each service provider. Argent assumes responsibility for their compliance with the data protection standards your BAA requires. When interacting with the AI assistant or generating AI-Assisted Artifacts, your case file data is transmitted to the AI model provider for processing as part of the RAG architecture — this is necessary to generate responses. That transmission is governed by our BAA with the provider, which prohibits use of your data for any purpose beyond processing the specific request. The provider does not retain your data after processing is complete and does not use it for model training. The best analogy for this is that if a public model, like standard ChatGPT, is an open library full of data, Argent-protected records stay in a locked room within that library that no one else can access.
Understanding where the data goes (and doesn't go) leads to an important conversation regarding the accuracy and reliability of the outputs. First, no AI tool is infallible. Argent's citation architecture is designed to make errors detectable and correctable before they affect your work product — and it is designed to minimize errors through prompting and programming adjustments that specify forensic values around precision, accuracy, and objectivity. But it does not prevent some errors from occurring.
A lot is made of "error rates" for AI models. You will notice that reporting about this is not part of our technical specifications, which is intentional. When testifying or presenting your methodology to a trier of fact or retaining party, quoting a general-purpose AI benchmark as justification for tool selection is like comparing apples to oranges. Making a claim like, "this model was chosen because it has an industry-low x% error rate" is not only mathematically meaningless—it is potentially misleading. In general-purpose AI, a "hallucination" is a byproduct of the model trying to generate information from its closed-book, pre-trained memory. In Argent’s closed-loop, human-in-the-loop RAG architecture, the system is not allowed to generate facts from its own memory. In this sense, Argent's AI architecture is less like an eyewitness confabulating details when memory fails (the model's "hallucination rate"), and more like a forensic document clerk who is not allowed to guess; it is programmed to pull the physical file, highlight the exact page, and hand it directly to you for final verification.
Mistakes still happen, and we take output accuracy seriously. When errors occur, we want to know about them. If you identify an inaccuracy in an Argent output, we encourage you to report it through the Report an Issue function. Every reported error is reviewed. You will receive a response explaining what we found and what we are doing about it. We maintain transparent internal tracking of error rates by output type and use that data to drive improvements to the platform.
We will never ask you to simply trust the outputs. The citation architecture exists precisely because trust without verification is not a professional standard we accept in forensic work.

COMMON QUESTIONS
Argent uses a limited set of third-party services to deliver the platform — cloud infrastructure providers, AI model providers, and payment processors. Each of these services touches your data in some capacity and each is governed by a Business Associate Agreement or equivalent data processing agreement that binds them to the same data protection standards that apply to Argent directly.
We do not use third-party services for advertising, analytics that involve your case data, or any purpose unrelated to delivering the platform to you. The full list of subprocessors — the third-party services that have access to any portion of your data — is documented in our Privacy Policy and updated when subprocessors change.
When you sign a BAA with Argent, that agreement extends to our subprocessors. You are not entering into separate agreements with each service provider. Argent assumes responsibility for their compliance with the data protection standards your BAA requires.
Who at Argent can access my case files?
Access to case file data by Argent personnel is restricted and logged. In normal operations, no Argent employee views your case file contents. Access is permitted only in specific documented scenarios — such as responding to a verified technical support request that requires direct data access — and is subject to the same confidentiality obligations that govern all Argent data handling.
Is my data stored in the United States?
Yes. If that ever needs to change we will only use equivalent options. Data residency is managed at the platform level and will always be stored exclusively in HIPPA-compliant locations.
What encryption standard does Argent use?
AES-256 for data at rest. TLS 1.3 for data in transit. Both are current industry benchmarks and meet HIPAA technical safeguard requirements.
While your subscription is active, all case files — including uploaded records, AI-generated artifacts, metadata, and query history — are retained in your workbench indefinitely. There is no automatic deletion of active case files during an active subscription period.
You can delete individual cases manually at any time from within your workbench. Manual deletion initiates the permanent deletion process.
When a subscription is cancelled — or when a Project Pass expires — all case files transition automatically to a read-only archived state. This transition happens at the account level: no action is required on your part.
In the read-only archived state, your case files are retained for ten years following the date of cancellation or expiration. During this period, you retain full extraction rights — you can download your original documents, export your AI-generated artifacts with metadata, and produce a complete case file archive at any time. What you cannot do in the read-only state is upload new records, run new AI features, or modify existing case file contents.
The ten-year retention period is designed to align with the record retention requirements most commonly applicable to forensic psychologists under state licensing laws — typically ranging from five to seven years following case closure, with longer periods applying to cases involving minors. The ten-year window provides a meaningful buffer above the most common state requirements.
At the end of the ten-year retention period, Argent will contact you at your registered email address with advance notice of impending deletion. You will have a defined window to extract any remaining case file contents before permanent deletion proceeds. The advance notice period is specified in your subscription agreement.
Permanent deletion of case file data — whether initiated manually by you or triggered by the end of the ten-year retention period — follows a documented deletion protocol designed to ensure that data is irrecoverable after deletion is complete.
Deletion applies to all components of the case file: uploaded original documents, AI-generated artifacts, metadata, query history, and any associated account data. Deletion also propagates to backup systems within the backup retention cycle — meaning that deleted data is removed from backup storage as well as primary storage within the standard backup rotation period.
Argent does not retain deleted case file data for any purpose. Deletion is permanent and irrecoverable. We recommend downloading any case file contents you wish to retain before initiating manual deletion or allowing the retention period to expire.
What happens to my data if Argent ceases operations?
In the event that Argent Forensics ceases operations, we are committed to providing users with advance notice and a defined window to extract all case file contents before data is permanently deleted. The specific obligations in this scenario are detailed in your subscription agreement and our Terms of Service.
Does the ten-year retention period reset if I reactivate a cancelled subscription?
If you reactivate a subscription after cancellation, you do have the option to revert archived cases back to active status and the ten-year retention clock pauses. The retention period applies only during the post-cancellation archive phase.
Can I extend the retention period beyond ten years?
The standard retention period is ten years post-cancellation. If your professional obligations require longer retention — for example, in jurisdictions with extended retention requirements for cases involving minors — contact support (support@argentforensics.com) to discuss options before your retention period expires.
