Security is the product.
Our compliance posture, the controls we run, and what is still in progress — stated plainly, without marketing varnish.
Controls implemented and documented. Audit engagement pending.
ISMS framework aligned. Formal certification targeted for Phase 3.
Technical safeguards for PHI in place. BAA and formal alignment in progress — not yet attested.
Platform is designed to help customers meet PCI segmentation requirements. Formal alignment planned.
Controls overview
Access control
RBAC, MFA enforcement, session management, API key rotation.
Encryption
AES-256 at rest, TLS 1.3 in transit, key management via KMS.
Logging
Immutable audit trails, 365-day retention, tamper detection.
Infrastructure
Network segmentation, vulnerability scanning, patch management.
People
Least-privilege access, security training, and access reviews as the team grows.
Incident response
Documented IR plan, notification SLA, post-mortem process.
Need the full picture?
Procurement and security teams can request our complete security program documentation, architecture diagrams, and control evidence — no NDA required for the initial review.
Request security review