Compliance & Data Security
An overview of our commitment to data protection and security best practices.
Compliance Framework
While using this platform does not automatically make your organization HIPAA compliant, we provide tools and features to help you meet your compliance obligations.
HIPAA-Minded Design
Our platform is designed with principles that align with HIPAA security standards, including access controls, audit logging, and data encryption.
Data Encryption
All data, both in transit and at rest, is encrypted using industry-standard protocols. Enterprise plans offer customer-managed encryption keys (CMEK).
Immutable Audit Logs
Comprehensive, write-only audit logs are maintained for all significant events, including user logins, data access, analysis runs, and exports. Logs are retained for a minimum of 6 years.
Data Isolation & Residency
Strict multi-tenant data isolation is enforced at every level. Data residency controls are available to meet regional compliance requirements.