All application data is secured using AES-256 encryption at rest. Data in transit is protected via TLS 1.2 or higher. We employ strict measures to ensure that sensitive information remains confidential and integral throughout its lifecycle within our systems.
Our platform is designed to align with HIPAA standards for the protection of electronic Protected Health Information (ePHI). We offer Business Associate Agreements (BAA) to all enterprise clients to formalize our commitment to data stewardship and regulatory compliance.
We operate in alignment with SOC 2 benchmarks and are currently maintaining SOC 2 readiness. Our internal controls regarding security, availability, and confidentiality are regularly reviewed to meet industry-standard service organization reporting requirements.
We maintain a strict policy regarding the usage of clinical data. Your data, including transcripts, reports, and client details, is never used to train, fine-tune, or improve our foundational models or any third-party AI systems. Your information remains isolated to your specific case context.
Access to sensitive data is governed by role-based access controls (RBAC), ensuring only authorized personnel can access specific information. We maintain comprehensive audit logs that record system activities, offering traceability and accountability for all significant data interactions.