Trust Center
Security, by design
Evidence-first workflows deserve enterprise-grade safeguards. Here’s what’s live now and what’s next.
HIPAA/BAA posture
Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256)
Audit logging & least privilege
Data minimization by default
Controls we operate
Aligned to industry practice; documentation and mappings available under NDA.
Customer Data Protection
- Logical tenant separation
- Key management & rotation
- PII/PHI scoped retention
Infrastructure Security
- Hosted on Google Cloud (HIPAA-eligible services)
- Network segmentation & perimeter controls
- Backups & restore testing
Application Protection
- Web application firewall
- Vulnerability scanning
- Annual penetration testing
Privacy & Compliance
- HIPAA/BAA
- DPA & SCCs on request
- Vendor risk management
Org Security
- Security awareness training
- 24/7 monitoring & incident response
- Business continuity planning
Account Protection
- SSO (SAML/OIDC) & MFA
- SCIM user lifecycle (roadmap)
- Real-time activity (audit) log
Compliance roadmap
- In ProgressSOC 2 Type IQ3 2025
- In ProgressSOC 2 Type IIQ4 2025
- In ProgressHITRUST CSF EvaluationTBD
*Milestones may evolve as we scale. Request our security packet for detailed mappings and policies.