Trust & Security

Every claim, protected
before it reaches a model.

Tenant-isolated infrastructure, US-only hosting, de-identification before any AI call. This is PHI, not just data, and it's treated that way.

View the full document
At a glance
Deployment
Multi-tenant, isolated
Hosting
AWS, US-only
Sub-processors
3
Incidents
None
Compliance
HIPAAProgram in place
SOC 2 Type IIn progress — Q3 2026
How we operate today

Four areas, tap any to see the specifics.

Infrastructure

  • Tenant isolation, three layers deep. Row-level security, per-tenant encryption keys, and tenant-scoped IAM roles. A fully dedicated environment is available on request.
  • US-only. AWS us-east-1 (Virginia) or us-west-2 (Oregon). Data never leaves the country.
  • AWS foundation. Physical security and hardware inherit AWS's SOC 1/2/3 and ISO 27001 certifications.
  • Backed up. Automated backups, AWS-managed, across availability zones.

Data

  • BAA before data. A Business Associate Agreement is signed with you before a single record moves.
  • Encrypted always. TLS in transit, AWS KMS at rest.
  • Minimal footprint. A claims/remittance export is all we need: HST, SIS, NextGen, Tebra, or plain Excel/835 files. No EHR integration, no standing API access, no credentials to your systems.
  • Familiar intake. Send the export the way your team already works: secure email or a Drive link.
  • 72-hour breach notification. Well inside HIPAA's own 60-day maximum, if it ever happens.

Access

  • SSO everywhere. Your team signs in with your existing Google or Microsoft identity; MFA follows your org's policy. Our internal systems: SSO with MFA, no exceptions.
  • One named role. Only the CTO can access customer data, and only in de-identified form.
  • Break-glass by design. If identified data were ever needed, access is time-boxed, second-person approved, fully logged, and disclosed to you.

AI

  • De-identified before any model. Microsoft Presidio strips patient identifiers before any record reaches a model, primary or fallback.
  • Never trained on. No model, ours or any provider's, trains on your data.
  • Human sign-off. Nothing reaches a payer without your team's review and approval. Incerto does not submit autonomously.

Sub-processors

5 vendors — what they touch, what governs it

Every vendor in our stack, one format: what it's for, whether it touches claims data, and what governs it if so. Everything else — observability, databases, image registries — is AWS, covered above. Any future vendor addition is disclosed here before it sees anything.

VendorRoleTouches claims data?Standard / agreement
AWSInfrastructure + Bedrock (primary model, runs Claude — no direct Anthropic API in use, no prompts shared with Anthropic, no training on customer data)Yes — identified dataBAA executed
Google WorkspaceClaims intake (secure email / Drive link)Yes — identified dataBAA executed
Google CloudVertex AI (fallback model, runs Gemini only if Bedrock is unavailable)Yes — de-identified data onlyNot relied on — this path receives no identifiable data by design
GitHubSource code and CI/CDNo
SlackInternal communicationNo

Documents available on request

BAA, risk assessment, incident response policy, and more

Business Associate Agreement (ours with you)Available
Security risk assessmentAvailable
Incident response policyAvailable
Information security policyAvailable
SOC 2 reportAfter Q3 2026 engagement

References

8 source docs for every claim above

Security questions or concerns

Have a security questionnaire?

Send it and we'll fill it in, we'd rather do the work than make your reviewer dig. Routed directly to the founding team.

See also our Privacy Policy.