Security & Compliance

Built for healthcare, secured by design

Your patients trust you with their care. Whether it’s REVA handling calls or custom AI automating workflows, we take that responsibility seriously with enterprise-grade security and compliance-ready infrastructure.

SOC 2 Type II
Planned • 2026
HIPAA
BAA Available • Enterprise
Built on Azure
Enterprise Infrastructure

Data Residency

Your patient data stays in your country. No exceptions. Canadian clinics have data stored in Canada. US clinics have data stored in the United States.

  • Canadian data stays in Canada
  • US data stays in the United States
  • No cross-border data mixing
  • Separate infrastructure per region

Voice Processing

Real-time voice calls are processed using HIPAA-compliant infrastructure under a Business Associate Agreement.

  • Zero data retention
  • Audio processed and immediately discarded
  • Never used for training
  • BAA covered processing

Data Minimization

We collect only what's necessary. By default, REVA stores call metadata (duration, intent, outcome) without audio recordings. You control what's retained.

  • No audio retention by default
  • Configurable retention windows (7-90 days)
  • Automatic data purging
  • Export before deletion options

Access Control

Role-based permissions ensure staff only see what they need. Every action is logged for complete auditability.

  • Role-based access control (RBAC)
  • Audit logs for all actions
  • Least-privilege by default
  • SSO integration (Enterprise)

Infrastructure Security

Built on enterprise-grade cloud infrastructure with encryption at rest and in transit. Your data never leaves trusted boundaries.

  • Built on Azure's enterprise infrastructure
  • Encryption at rest and in transit
  • BAA available for enterprise customers
  • TLS 1.3 + AES-256 encryption

Compliance Ready

Designed with healthcare compliance in mind. We provide the tools and documentation you need for your compliance program.

  • HIPAA-aware workflows
  • Designed for PHIPA compliance
  • BAA available for Enterprise
  • Full audit trail exports
  • Configurable PHI handling

Our security commitment

  • 1.We don't train on your data. Your clinic's information is never used to improve third-party AI models.
  • 2.You control retention. Set how long data is kept, export when needed, and delete on demand.
  • 3.We're transparent. Ask us anything about our security practices. We'll share documentation, not marketing speak.

Need more details?

Request our security documentation or schedule a call with our team.

Request security packet