Compliance & Security
We apply privacy-by-design principles across our products
All patient data is handled in accordance with applicable data-protection laws, including GDPR and HIPAA-aligned standards
Data is encrypted in transit and at rest using industry-standard cryptography
Access to data is strictly role-based and logged
Enterprise deployments run on secure, compliant cloud infrastructure
Zero-trust access controls, audit logging, and continuous monitoring are enforced
Regular penetration testing and security reviews are conducted
Secrets and encryption keys are managed using hardware-backed key management services (HSMs)
We support regional data residency requirements
Deployments can be configured as single-tenant or logically isolated multi-tenant environments
No customer data is used to train foundation models. Clear separation between clinical data, system telemetry, and analytics.
Model-agnostic architecture .
We believe trust is earned, not claimed.
Detailed security documentation, architecture diagrams, and compliance questionnaires are available under NDA for enterprise and government partners.