SOC 2 Type II Certified

Security & Compliance

Enterprise-grade security for healthcare AI governance

Certifications & Standards

SOC 2
Type II Certified
HIPAA
Compliant Architecture
BAAs
With All AI Providers
256-bit
End-to-End Encryption

Security Architecture

Multiple layers of protection for your data

Infrastructure

Cloud Security

Hosted on SOC 2 certified infrastructure with redundant systems, automated backups, and 99.9% uptime SLA.

Network

Network Protection

End-to-end TLS 1.3 encryption, DDoS protection, WAF, and intrusion detection systems.

Application

Application Security

Regular penetration testing, automated vulnerability scanning, secure development lifecycle, and code review processes.

Data

Data Protection

AES-256 encryption at rest, TLS in transit, automatic PHI detection and redaction, and immutable audit logs.

Access

Access Controls

SSO integration, role-based access, MFA enforcement, and session management with automatic timeout.

Monitoring

Continuous Monitoring

24/7 security monitoring, anomaly detection, automated alerting, and incident response procedures.

Compliance Framework

Built for regulated industries

HIPAA Compliance

HIPAA

Full compliance with HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. BAAs maintained with all AI model providers.

SOC 2 Type II

SOC 2

Annual third-party audit covering security, availability, and confidentiality trust service criteria.

Audit Readiness

Audit

Complete audit trails for every AI interaction. Export-ready compliance reports for OCR, SEC, FINRA, and internal auditors.

HIPAA Safeguards Alignment

How our platform maps to HIPAA security requirements

Administrative

Administrative Safeguards

Security management process, workforce security, information access management, security awareness training, security incident procedures, contingency planning.

Physical

Physical Safeguards

Facility access controls, workstation use policies, workstation security, device and media controls with encryption and secure disposal.

Technical

Technical Safeguards

Access controls with unique user IDs, automatic logoff, encryption. Audit controls with complete interaction logging. Integrity controls with PHI validation. Transmission security with TLS 1.3.

Organizational

Organizational Requirements

BAAs with all AI providers, group health plan documentation, policies and procedures documentation, documentation retention for 6+ years.

Data Handling & Vendor Security

Processing

Data Processing Flow

PHI is detected and de-identified locally before any external AI processing. Only de-identified data reaches AI models. Responses are re-hydrated with original PHI for the user.

Encryption

Encryption Standards

AES-256 encryption at rest, TLS 1.3 in transit, per-tenant encryption keys, hardware security modules for key management.

Vendors

Third-Party Vendor Security

BAAs with OpenAI, Anthropic, Google. Annual vendor security assessments. Data processing agreements. No vendor trains on customer data. Contractual deletion guarantees.

Incidents

Incident Response

Automated anomaly detection and alerting. Security team notification within 15 minutes. Customer notification within 24 hours per HIPAA breach notification requirements. Post-incident review and remediation.

Security Questions?

Our security team is available to discuss our architecture, certifications, and compliance capabilities.

Contact Security Team View Privacy Policy

Concerned about Shadow AI in your organization?

3 Minutes. 16 Questions. No Fluff.

Quick Online Risk Check