Are you HIPAA certified?
There is no such thing as HIPAA certification — HIPAA has no official certifying body, and any vendor claiming to be "HIPAA certified" is overstating what exists. What is real: we operate under a signed AWS Business Associate Agreement for the cloud path, and identifiable data is processed on-site and offline so it never enters that path in the first place.
There is no such thing as HIPAA certification — HIPAA has no official certifying body, and any vendor claiming to be "HIPAA certified" is overstating what exists. What is real: we operate under a signed AWS Business Associate Agreement for the cloud path, and identifiable data is processed on-site and offline so it never enters that path in the first place.
Do you have SOC 2 or ISO 27001?
We are not making those claims on this page, and we would rather under-promise. Our guarantees rest on architecture and signed vendor agreements you can read, not on a badge. If a formal audit becomes relevant to working together, we will talk about it plainly rather than imply a certification we do not hold.
We are not making those claims on this page, and we would rather under-promise. Our guarantees rest on architecture and signed vendor agreements you can read, not on a badge. If a formal audit becomes relevant to working together, we will talk about it plainly rather than imply a certification we do not hold.
Does the model provider ever see customer data?
No. Cloud processing happens inside an AWS environment under a signed BAA in which AWS contractually does not train on customer data and never shares it with the model provider. And only de-identified data ever reaches that environment.
No. Cloud processing happens inside an AWS environment under a signed BAA in which AWS contractually does not train on customer data and never shares it with the model provider. And only de-identified data ever reaches that environment.
What if your cloud connection is down?
Identifiable data is processed on-site and offline, so the parts that touch a person do not depend on the network being up. The cloud path handles de-identified data only.
Identifiable data is processed on-site and offline, so the parts that touch a person do not depend on the network being up. The cloud path handles de-identified data only.
Could you re-identify data if you were compelled to?
We do not hold the re-identification key — it stays with the client. We cannot produce a mapping we were never given. This is a property of where the key lives, not a policy we could quietly change.
We do not hold the re-identification key — it stays with the client. We cannot produce a mapping we were never given. This is a property of where the key lives, not a policy we could quietly change.