HIPAA Compliant
Full compliance with HIPAA Privacy Rule and Security Rule requirements. Annual third-party audits verify our controls and procedures.
TRUST & SECURITY
Security is foundational, not optional.
We handle sensitive health information every day. That responsibility shapes every decision we make — from infrastructure choices to access controls to how we communicate with clients.
COMPLIANCE
Compliance & Certifications
Encryption Everywhere
All data encrypted at rest (AES-256) and in transit (TLS 1.3). We never store unencrypted PHI.
Access Controls
Role-based access, SSO support, and audit logging. Staff access to PHI is strictly limited and monitored.
INFRASTRUCTURE PARTNERS
Infrastructure Partners
Google Cloud Platform
HIPAA-eligible services with BAA coverage for AI processing.
Aptible HIPAA Hosting
Dedicated HIPAA-compliant infrastructure with SOC 2 Type II attestation.
Stripe Payments
PCI DSS Level 1 certified payment processing.
DATA HANDLING
Data Handling
- We process billing artifacts only — never clinical notes or therapy content.
- Insurance card images are OCR’d and deleted immediately.
- Raw superbill files are deleted after the claim lifecycle closes.
- Structured claim data is retained per HIPAA minimum necessary requirements.
PHI BOUNDARIES
PHI Boundaries
- No PHI in support channels — our support tools are designed to help without exposing sensitive data.
- No advertising pixels or third-party tracking inside the authenticated application.
- Marketing site (this site) contains no PHI and no authenticated content.
recoup what matters.