Data Protection
Security & Privacy
Overview of our data handling practices, security posture, and privacy considerations for partner evaluation.
Security Posture
Data Processing
- Data processed at inference time only
- No persistent storage of PHI in cloud deployments
- Edge deployment option for data residency requirements
- Processing location configurable per deployment
Encryption
- TLS 1.3 for data in transit
- AES-256 encryption at rest (where applicable)
- Encrypted audit logs
- Key management details available under NDA
Access Controls
- Role-based access control (RBAC)
- Multi-factor authentication support
- Audit logging of all access
- Session management and timeout policies
Audit & Compliance
- Comprehensive audit trails
- Decision rationale logging
- Configurable retention policies
- Export capabilities for compliance reporting
Compliance Status
Framework
Status
Notes
SOC 2 Type II
Roadmap
Targeting 2025
ISO 27001
Roadmap
Targeting 2025
HIPAA
Designed For
BAA available
GDPR
Designed For
DPA available
Privacy Considerations
De-identification Support
System can operate on de-identified data; no requirement for direct patient identifiers.
Minimal Data Principle
Only clinically necessary data processed; no collection of unnecessary information.
Data Residency Options
Edge deployment available for jurisdictions requiring local data processing.
Security Documentation
Detailed security documentation including architecture diagrams, penetration test summaries, and compliance attestations available under NDA.
Request Security Package