Trust Center

Security, Privacy & Compliance

Your patients trust you with their health. We take that trust just as seriously by building HIPAA-aligned infrastructure from the ground up — protecting every byte of clinical data that flows through VoiceProtocol™.

AES-256 EncryptionFull Audit LoggingBAA AvailableZero PHI in AI TrainingSOC 2 Aligned

Platform Classification

How VoiceProtocol™ is designated under healthcare regulations

Designations

  • AI-powered clinical decision support software
  • Practitioner-assistive protocol generation software
  • Functional medicine workflow optimization software
  • Lab interpretation assistance software
  • Patient education and protocol organization software

This Platform Does NOT

  • Independently diagnose patients
  • Replace licensed medical judgment
  • Prescribe medications autonomously
  • Create provider-patient relationships
  • Guarantee outcomes
  • Claim to cure or treat disease

Security Framework

Multi-layered technical and organizational controls protecting your clinical data at every level.

Authentication

Strong Password RequirementsActive
Session ExpirationActive
IP LoggingActive
Multi-Factor Authentication (MFA)Roadmap
Device RecognitionRoadmap
Suspicious Login DetectionRoadmap

Access Control

Role-Based Access Control (RBAC)Active
Practitioner Data IsolationActive
API Route ProtectionActive
Patient Portal PermissionsRoadmap

Encryption

Encryption at RestActive
Encryption in TransitActive
Secure API CommunicationActive
Encrypted Cloud StorageActive
Encrypted DatabaseActive

Audit Logging

Backup & Recovery

Automated BackupsActive
Secure Cloud StorageActive
Disaster RecoveryActive

PHI Safeguards

How we protect Protected Health Information across the platform.

Protection Measures

  • PHI is never exposed publicly or shared across practitioner accounts
  • PHI is never used for public AI model training without explicit opt-in consent
  • Practitioner databases are logically segregated — no cross-training between accounts
  • Internal staff access requires authorization and is audit-logged
  • All AI processing occurs in isolated, encrypted environments
  • De-identification workflows available upon request for research use

AI & Data Rules

  • Patient data and PHI are NEVER used for public AI model training
  • Customer data remains isolated between practices
  • AI outputs from one clinic never influence another clinic's protocols
  • Dedicated enterprise instances available for maximum isolation
  • All AI suggestions require practitioner review and approval

Data Ownership

Clear delineation of who owns what — you always own your clinical data.

Practitioner Owns

  • Patient charts and demographics
  • Uploaded files (labs, imaging, intake forms)
  • Clinical notes and documentation
  • Protocol outputs and recommendations
  • Audio recordings and transcriptions
  • Formulary and package configurations
  • Branding and white-label assets

Platform Retains

  • Software platform and user interface
  • AI orchestration logic and algorithms
  • Clinical knowledge base architecture
  • Prompt engineering systems
  • Non-identifiable aggregate analytics
  • System architecture and infrastructure

Business Associate Agreement

Self-serve BAA acceptance with full audit trail — or contact us for enterprise-customized terms.

BAA v1.0

Available

Effective May 1, 2026. Our standard BAA covers all practitioners using VoiceProtocol™ to process PHI. It includes provisions for breach notification within 24 hours, data ownership guarantees, AI training restrictions, and subprocessor accountability.

Breach notification within 24 hours
PHI returned or destroyed on termination
Zero PHI used for AI model training
All subprocessors covered by their own BAAs
Data ownership always with practitioner
Annual compliance review commitment

Accept the BAA

Self-serve BAA acceptance is available at signup or from your Compliance settings panel.

Enterprise or custom BAA terms?

Contact us →

Subprocessor Transparency

Every third-party that processes data on our behalf, with BAA coverage status.

SubprocessorPurposeData AccessBAA Status
Abacus.AIAI infrastructure, hosting, and computeePHI (encrypted)Active
Amazon Web Services (AWS)Cloud infrastructure, S3 storage, and encryption servicesePHI (encrypted at rest and in transit)Active
StripePayment processing and subscription managementBilling data only (no PHI)N/A — No PHI

Enterprise Roadmap

Our compliance and certification journey — building toward SOC 2, HITRUST, and HL7/FHIR.

SOC 2 Type II CertificationIn Progress
HITRUST CSF AssessmentPlanned
Enterprise Healthcare Organization SupportPlanned
Multi-Location Clinic SystemsPlanned
Secure HL7/FHIR WorkflowsPlanned
EMR/EHR IntegrationsPlanned
SSO Support (SAML/OpenID)Planned
Dedicated Infrastructure InstancesAvailable
Enterprise Audit ExportAvailable

Standard AI Disclaimer

This disclaimer accompanies all AI-generated content on VoiceProtocol™

VoiceProtocol.ai is a clinical decision-support platform intended to assist licensed healthcare practitioners. All protocols, recommendations, interpretations, and suggestions generated by the platform must be reviewed and approved by a qualified licensed healthcare provider before implementation. VoiceProtocol.ai does not independently diagnose, prescribe, or establish provider-patient relationships.

Common Questions

Quick answers to the most-asked security and compliance questions.

n

Enterprise & Custom Deployments

Need a custom BAA, dedicated infrastructure, SOC 2 attestation letters, or a private deployment? Our enterprise team is ready to help.

[email protected]
Support Chat