Aegle
Security First

The Trust Center:
Security & Privacy.

Built for healthcare teams that require verifiable controls. This page outlines what we enforce, how we validate it, and which artifacts are available during security review.

HIPAA Compliant Infrastructure

Every infrastructure component that handles PHI is covered by signed BAAs, including database and AI subprocessors. Vendor controls are reviewed before onboarding and reassessed on a recurring cadence.

Evidence: BAA package • subprocessor register • control review cadence

Security Control Baseline

Core production services run on SOC 2 Type II certified providers, aligned to Security, Availability, and Confidentiality criteria. Access is least-privilege and MFA-gated by default.

Evidence: SOC 2 reports • MFA enforcement • privileged access logs

Zero-Retention AI by Default

Patient prompts and AI outputs are processed in memory and immediately purged. PHI is not persisted in AI storage and is never used for model training or fine-tuning.

Evidence: zero-retain pipeline spec • purge controls • model boundary policy

BAA Coverage

Infrastructure and AI subprocessors

Primary Security Standard

SOC 2 Type II aligned stack

AI Data Handling

Zero-retention by default

Operational Logging

Timestamped RPM audit events

Control-to-Risk Mapping

Risk: Cross-tenant data exposure

Control: logical tenant isolation at the data layer. Verification: access-path review and tenant-scoped test coverage.

Risk: Unauthorized privileged access

Control: least-privilege IAM with MFA-required operational access. Verification: role review logs and privileged action traces.

Risk: Delayed detection of security events

Control: continuous vulnerability monitoring and intrusion-detection coverage. Verification: alert telemetry, escalation runbooks, and incident timelines.

Audit Artifact Readiness

BAA Coverage Matrix

AVAILABLE

SOC 2 Evidence Pack

READY

RPM Activity Audit Logs

TIMESTAMPED

Zero-Retention AI Spec

DOCUMENTED

During diligence, we can provide security questionnaire responses, BAA documentation, and technical architecture notes for compliance and procurement review.

Compliance Scope
HIPAA
SOC 2 TYPE II
MDDS-ALIGNED

Still have questions about data handling?

Our security team can provide detailed control documentation, BAA templates, and security review support.

Contact Security Team