Book a demo

Security & trust

Patient data, handled like it matters.

No badge wall, no vague reassurances — here is exactly how we handle PHI today, and what’s on the roadmap.

Our posture

Honest about where we are

We operate under Business Associate Agreements with every customer, and all protected health information is handled under HIPAA’s rules. Security is an engineering requirement in this product, not a marketing page — every feature that touches PHI is designed around least privilege, auditability, and the patient’s right to say no.

Independent compliance certifications are on our roadmap; ask us about our current security posture in your demo. We’d rather walk you through the real controls than print a logo we haven’t earned.

In practice

The controls running today

Business Associate Agreements

A signed BAA with every customer before any PHI moves. It defines exactly what we may do with your data — and nothing else.

HIPAA-governed PHI handling

PHI is processed for treatment-adjacent operations under your direction. Access is limited to the people and systems that need it to do the job.

Encryption in transit

Data moving between your systems, our platform, and our infrastructure travels over encrypted connections.

Role-based access control

Admin and user tiers scope what each person can see and change. Nobody gets more access than their role requires.

Audit logging

Changes to data and every outreach contact — calls, texts, outcomes — are logged with who, what, and when, so there’s always a trail.

De-identification by default

Demos and development use de-identified or illustrative data. Real PHI stays in production, where the controls are.

Instant opt-out

A patient who says stop is stopped — immediately, across voice and SMS, recorded on the patient’s record.

Outreach guardrails

Attempt caps and quiet hours are enforced by the system, not by policy documents. The agent physically can’t over-call a patient.

Infrastructure & secrets

We run on major cloud providers, with least-privilege handling of credentials and secrets across environments.

Outreach compliance

TCPA-aware by design

Automated calling and texting is regulated territory. We build the rules into the system so compliance doesn’t depend on anyone remembering them.

  • Consent context. Outreach runs against your patient relationships and consent records — you control who is contacted and why.
  • Opt-out, honored instantly. One “stop” ends contact across every channel, immediately and permanently until the patient says otherwise.
  • Calling windows. Quiet hours and business-hours windows are enforced in code, per time zone.
  • Attempt caps. Hard limits on contact attempts per patient per campaign — set with your team, enforced by the system.

We design for these rules as engineers, not as your lawyers — your compliance team always has the final word on outreach policy.

Every contact, accounted for

What the audit trail captures for each outreach attempt:

Channel · voice / SMS Timestamp + window check Attempt count vs cap Language used Full transcript Outcome logged to record ✓ Opt-out state respected

Data handling

Your data works for you. Only for you.

  • Portable by design. Your unified record lives on an open data model. It’s exportable — if you leave, it leaves with you.
  • Never sold. We don’t sell data, rent it, or trade it. Your patients’ information funds nothing but their care.
  • No ad trackers. No third-party advertising trackers on the application — or on this website.
  • Used for its purpose. PHI is processed to close care gaps and run your quality program under your BAA — not to build side businesses.

Responsible AI

Agents do scheduling. People do medicine.

  • Administrative scope only. Outreach agents remind, schedule, and answer logistical questions. They do not give medical advice and make no clinical decisions — autonomous or otherwise.
  • Human escalation. Complex, sensitive, or unexpected conversations route to your staff with full context attached.
  • Transcripts, reviewable. Every AI conversation is recorded to the patient record, so your team can review exactly what was said — and we do too.
  • Your approval first. Conversation flows go live measure by measure, after your team has approved them.

See it on your own data

Watch our AI call a patient.
Then imagine it calling thousands of yours.

A 30-minute demo: live AI outreach, your quality measures on a unified record, and an honest conversation about what we'd build for your workflows.

Book a demo Read the case study