Security & Compliance

Trust through
transparency

Healthcare data deserves the highest level of protection. We've built Santrix with security and privacy at the core, not as an afterthought.

HIPAA Compliant

Certified

Full compliance with HIPAA privacy and security rules

SOC 2 Type II

Certified

Independently audited security controls

HITRUST CSF

In Progress

Healthcare industry security framework

ISO 27001

Certified

Information security management

Enterprise-grade security

Built to meet the strictest healthcare security requirements

End-to-End Encryption

All PHI data encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your PHI is protected at every step.

TLS 1.3, AES-256-GCM, RSA-4096

Secure Infrastructure

Hosted on enterprise-grade cloud infrastructure with dedicated HIPAA-compliant setup. Multi-region redundancy ensures 99.99% uptime.

Enterprise hosting, Multi-AZ deployment

Access Controls

Role-based access control (RBAC), multi-factor authentication, and single sign-on (SSO) support for enterprise customers.

RBAC, MFA, SAML 2.0 SSO

Audit Logging

Comprehensive audit trails for all data access and modifications. Full transparency into who accessed what and when.

Immutable audit logs, 7-year retention

Data Residency

Your data stays in your region. We support US, EU, and custom data residency requirements for enterprise customers.

Regional data centers, GDPR compliant

Incident Response

24/7 security monitoring with automated threat detection. Dedicated security team responds to incidents within 15 minutes.

24/7 SOC, <15min response time

Privacy by design

We believe privacy is a fundamental right. Here's how we protect yours.

Zero Data Retention

We don't use your clinical data for model training. Period.

You Own Your Data

Export your data anytime. Delete it anytime. No questions asked.

Minimal Data Collection

We only collect what's necessary to provide the service. Nothing more.

No Third-Party Sharing

Your data is never sold, shared, or used for advertising.

HIPAA Compliance

What it means and how we ensure it

Business Associate Agreement (BAA)

We sign a BAA with every customer, making us legally accountable for protecting your PHI. This is not optional, it's automatic for all accounts.

Administrative Safeguards

Comprehensive security policies, regular risk assessments, workforce training, and documented incident response procedures.

Physical Safeguards

Data centers with 24/7 security, biometric access controls, video surveillance, and environmental monitoring.

Technical Safeguards

Encryption, access controls, audit logs, automatic logoff, and regular security testing and monitoring.

Questions about security?

Our security team is here to help. We're happy to discuss our practices, complete security questionnaires, or schedule a technical review.