Every claim, protected
before it reaches a model.
Tenant-isolated infrastructure, US-only hosting, de-identification before any AI call. This is PHI, not just data, and it's treated that way.
View the full documentAt a glance
- Deployment
- Multi-tenant, isolated
- Hosting
- AWS, US-only
- Sub-processors
- 3
- Incidents
- None
Compliance
HIPAAProgram in place
SOC 2 Type IIn progress — Q3 2026
How we operate today
Four areas, tap any to see the specifics.
Infrastructure
4 controls
Infrastructure
4 controls- •Tenant isolation, three layers deep. Row-level security, per-tenant encryption keys, and tenant-scoped IAM roles. A fully dedicated environment is available on request.
- •US-only. AWS us-east-1 (Virginia) or us-west-2 (Oregon). Data never leaves the country.
- •AWS foundation. Physical security and hardware inherit AWS's SOC 1/2/3 and ISO 27001 certifications.
- •Backed up. Automated backups, AWS-managed, across availability zones.
Data
5 controls
Data
5 controls- •BAA before data. A Business Associate Agreement is signed with you before a single record moves.
- •Encrypted always. TLS in transit, AWS KMS at rest.
- •Minimal footprint. A claims/remittance export is all we need: HST, SIS, NextGen, Tebra, or plain Excel/835 files. No EHR integration, no standing API access, no credentials to your systems.
- •Familiar intake. Send the export the way your team already works: secure email or a Drive link.
- •72-hour breach notification. Well inside HIPAA's own 60-day maximum, if it ever happens.
Access
3 controls
Access
3 controls- •SSO everywhere. Your team signs in with your existing Google or Microsoft identity; MFA follows your org's policy. Our internal systems: SSO with MFA, no exceptions.
- •One named role. Only the CTO can access customer data, and only in de-identified form.
- •Break-glass by design. If identified data were ever needed, access is time-boxed, second-person approved, fully logged, and disclosed to you.
AI
3 controls
AI
3 controls- •De-identified before any model. Microsoft Presidio strips patient identifiers before any record reaches a model, primary or fallback.
- •Never trained on. No model, ours or any provider's, trains on your data.
- •Human sign-off. Nothing reaches a payer without your team's review and approval. Incerto does not submit autonomously.
Sub-processors
5 vendors — what they touch, what governs it
Sub-processors
5 vendors — what they touch, what governs it
Every vendor in our stack, one format: what it's for, whether it touches claims data, and what governs it if so. Everything else — observability, databases, image registries — is AWS, covered above. Any future vendor addition is disclosed here before it sees anything.
| Vendor | Role | Touches claims data? | Standard / agreement |
|---|---|---|---|
| AWS | Infrastructure + Bedrock (primary model, runs Claude — no direct Anthropic API in use, no prompts shared with Anthropic, no training on customer data) | Yes — identified data | BAA executed |
| Google Workspace | Claims intake (secure email / Drive link) | Yes — identified data | BAA executed |
| Google Cloud | Vertex AI (fallback model, runs Gemini only if Bedrock is unavailable) | Yes — de-identified data only | Not relied on — this path receives no identifiable data by design |
| GitHub | Source code and CI/CD | No | — |
| Slack | Internal communication | No | — |
Documents available on request
BAA, risk assessment, incident response policy, and more
Documents available on request
BAA, risk assessment, incident response policy, and more
Business Associate Agreement (ours with you)Available
Security risk assessmentAvailable
Incident response policyAvailable
Information security policyAvailable
SOC 2 reportAfter Q3 2026 engagement
Security questions or concerns
Have a security questionnaire?
Send it and we'll fill it in, we'd rather do the work than make your reviewer dig. Routed directly to the founding team.
See also our Privacy Policy.