Least privilege & just‑in‑time access

Access to systems and data is role‑based, time‑bound, and logged. Elevated access requires approval and MFA.

Minimum necessary & purpose limitation

We only use PHI/PII for the specific task authorized by our customers, and only the minimum data needed to do it.

Data minimization & retention

We collect the least data required, retain it only as long as necessary, then securely delete according to a published schedule.

De‑identification & aggregation by design.

Customer‑directed use of PHI

No use of PHI for product improvement, model training, or benchmarking without explicit customer approval and a signed DUA; de‑identified/synthetic data is used by default.

Encryption & key management

Data is encrypted in transit and at rest; keys are managed in a hardened KMS with strict separation of duties.

Environment segregation

No PHI in development or test environments. Strict data flow controls and secrets management across environments.

Data quality, lineage & cataloging

We track data provenance, transformations, and owners to ensure accuracy and accountability for every dataset.

Auditability & comprehensive logging

All access and changes are logged and monitored; customers can request access logs for their data.

Vendor & subprocessor governance

Vendors are risk‑rated, contractually bound to equivalent controls, and reviewed regularly; our current list is published.

Secure SDLC & change management

Security reviews, code scanning, dependency checks, and change approvals are built into every release.

Incident response & breach notification

Clear SLAs for triage, containment, customer notification, and post‑incident review are publicly documented.

Privacy by design & user rights

We integrate privacy impact assessments into features and honor applicable rights (HIPAA individual rights; GDPR where relevant).