Security & Compliance

Built for healthcare, secured by design

Your patients trust you with their care. We take that responsibility seriously with enterprise-grade security and compliance-ready infrastructure.

SOC 2 Type II
In Progress • 2026
HIPAA
BAA Available • Enterprise
Azure Security
Certified • Current

Data Minimization

We collect only what's necessary. By default, REVA stores call metadata (duration, intent, outcome) without audio recordings. You control what's retained.

  • No audio retention by default
  • Configurable retention windows (7-90 days)
  • Automatic data purging
  • Export before deletion options

Access Control

Role-based permissions ensure staff only see what they need. Every action is logged for complete auditability.

  • Role-based access control (RBAC)
  • Audit logs for all actions
  • Least-privilege by default
  • SSO integration available

Infrastructure Security

Built on Azure's enterprise-grade infrastructure with encryption at rest and in transit. Your data never leaves trusted boundaries.

  • Azure-only vendor boundary
  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • SOC 2 Type II (in progress)

Compliance Ready

Designed with healthcare compliance in mind. We provide the tools and documentation you need for your compliance program.

  • HIPAA-aware workflows
  • BAA available for Enterprise
  • Full audit trail exports
  • Configurable PHI handling

Our security commitment

  • 1.We don't train on your data. Your clinic's information is never used to improve third-party AI models.
  • 2.You control retention. Set how long data is kept, export when needed, and delete on demand.
  • 3.We're transparent. Ask us anything about our security practices. We'll share documentation, not marketing speak.

Need more details?

Request our security documentation or schedule a call with our team.

Request security packetTalk to our team