HIPAA Compliant & SOC 2 Certified

Enterprise-Grade Security

Your patient data is protected by the same security standards used by the largest healthcare organizations in the world.

Certifications & Compliance

HIPAA Compliance

Full compliance with the Health Insurance Portability and Accountability Act. We sign Business Associate Agreements (BAAs) with all customers.

  • Administrative safeguards in place
  • Physical safeguards maintained
  • Technical safeguards implemented
  • BAA available for all customers

SOC 2 Type II

Certified compliance with Service Organization Control 2 standards, verified by independent third-party auditors.

  • Security controls verified
  • Availability commitments met
  • Processing integrity confirmed
  • Confidentiality maintained

How We Protect Your Data

Data Encryption

All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Your patient information is never stored in plain text.

Access Controls

Role-based access controls ensure only authorized personnel can access sensitive data. All access is logged and auditable.

Audit Logging

Comprehensive audit logs track all system access and data modifications. Logs are retained and available for compliance review.

Data Retention

We follow healthcare industry best practices for data retention. Data is securely deleted when no longer needed, per your requirements.

Infrastructure Security

Hosted on enterprise-grade cloud infrastructure with redundancy, automated backups, and 99.9% uptime guarantee.

Incident Response

Documented incident response procedures ensure rapid detection and response to any security events. You're notified promptly of any issues.

Data Privacy Commitment

What We Access

We only access the minimum data necessary to provide our service: appointment schedules, patient contact information, and waitlist preferences. We never access clinical notes, diagnoses, or treatment information.

How We Use It

Patient data is used solely for the purpose of filling cancelled appointments. We do not sell, share, or use your data for any other purpose. Period.

Your Control

You maintain full control over your data. Request exports, deletions, or modifications at any time. We respond to all requests within 24 hours.

Security Questions?

Our security team is happy to answer questions and provide documentation for your compliance review.

Contact Security TeamPrivacy Policy