Skip to content

Last updated: March 14, 2026

HIPAA Notice

Overview

This notice explains how TangoSpeak's architecture relates to the Health Insurance Portability and Accountability Act (HIPAA) and why it is compliant with HIPAA requirements for the protection of Protected Health Information (PHI). TangoSpeak's design eliminates the data handling risks that HIPAA regulates by ensuring no PHI is ever created, received, maintained, or transmitted by the application or its developer.

TangoSpeak Does Not Collect PHI

TangoSpeak does not collect, store, transmit, or have access to any Protected Health Information.

The App's architecture is designed so that all speech recognition, translation, and text-to-speech processing occurs entirely on your device. No audio recordings, transcriptions, translations, or any other data leave your device at any time.

On-Device Architecture

TangoSpeak is built entirely on Apple's native on-device processing capabilities. All speech recognition, translation, and text-to-speech synthesis run locally on the device using Apple's built-in frameworks. No audio or text data is sent to any external server, including Apple's servers or any third-party service.

The App does not include any third-party SDKs, analytics tools, crash reporters, or network-dependent services. There are no API calls, no telemetry, and no data leaving the device at any point during use.

Ephemeral Session Data

All data generated during a TangoSpeak session exists only in the device's volatile memory (RAM) while the session is active. When a session ends:

  • Audio input is discarded immediately after recognition.
  • Transcribed text is discarded after translation.
  • Translated text is discarded after speech synthesis.
  • No session logs, recordings, or transcripts are saved to disk.

There is no persistent storage of any patient-related data within the App.

Regulatory Basis: Why No BAA Is Required

Under 45 CFR § 160.103, a "business associate" is defined as a person or entity that, on behalf of a covered entity, creates, receives, maintains, or transmits protected health information. A Business Associate Agreement (BAA) is required only when this relationship exists.

TangoSpeak falls outside this definition because it:

  • Does not create PHI on behalf of the provider. All speech recognition and translation is performed by the provider's own device, not by TangoSpeak's systems.
  • Does not receive PHI. No data is transmitted from the device to I Tango, LLC or any third party. There is no cloud backend, no API, and no server.
  • Does not maintain PHI. All session data exists only in volatile memory (RAM) and is discarded when the session ends.
  • Does not transmit PHI. The application makes zero network requests during a session. It functions fully in airplane mode.

Because none of the four conditions of 45 CFR § 160.103 are met, no business associate relationship exists between TangoSpeak and any healthcare provider. No BAA is required or offered.

This is analogous to how HIPAA treats other provider-owned clinical tools (stethoscopes, otoscopes, ultrasound machines): the tool itself does not trigger HIPAA obligations because no PHI passes through a third party. The provider's use of the tool on their own device is governed by their existing HIPAA compliance program.

Not a Covered Entity

Under 45 CFR § 160.103, a "covered entity" is defined as a health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically in connection with standard transactions. I Tango, LLC is none of these. TangoSpeak does not bill insurers, process claims, or transmit health information electronically. It is a software tool that runs on the provider's own device.

Provider Responsibility

Healthcare providers who use TangoSpeak are responsible for their own HIPAA compliance. The use of TangoSpeak within a clinical practice is governed by the provider's own HIPAA compliance program, institutional policies, and professional judgment.

Providers should consider the following when integrating TangoSpeak into their workflow:

  • TangoSpeak should be used on provider-controlled devices that comply with your organization's security policies.
  • The physical environment where TangoSpeak is used should be appropriate for patient conversations (e.g., private examination rooms).
  • Providers remain responsible for documenting encounters and clinical decisions in their own medical record systems.

No Third-Party Data Access

TangoSpeak contains no third-party SDKs, analytics tools, crash reporters, or advertising frameworks. There are no third parties that receive any data from the App. The only external relationship is with Apple for App Store distribution and subscription billing, which does not involve any clinical or patient data.

Contact

If you have questions about TangoSpeak's relationship to HIPAA or about our on-device architecture, please contact us:

Email: [email protected]
Website: itango.com

TangoSpeak is operated by I Tango, LLC, based in Texas, United States.