AAgentic
Security & compliance

How Agentic protects your customers.

HIPAA-ready, SOC 2 audit-track, and verifiable from your account.

Live attestation · BAA · KMS · PHI redactor
What we commit to

Six commitments, plain English.

Each commitment maps to a control in our SOC 2 audit and to a clause in our standard BAA. Click any tile for the technical detail.

  • Encryption at rest

    Customer data is encrypted with Fernet (AES-128 + HMAC-SHA256) keys held outside the application image. Keys rotate quarterly.

  • Encryption in transit

    TLS 1.2+ enforced on every public endpoint. HTTP requests redirect to HTTPS at the edge; HSTS is on.

  • Cloud KMS

    AWS KMS-managed envelope keys for customers on the clinic plan. The KMS key ARN is auditable on request.

  • Business Associate Agreement

    BAAs sign through DocuSign / HelloSign with a 2026.05.01 template. We retain only the SHA-256 of the counter-signed PDF; the full document lives in the e-signature provider's vault.

  • PHI redaction

    Deterministic, one-way redactor at every storage / export boundary. Reverse only via the two-person break-glass workflow with full audit trail.

  • Sub-processor inventory

    Published on /trust. Reviewed at least every 12 months; covered entities can subscribe to change notifications.

Live attestation
Run it yourself

Live encryption attestation

The clinic-tier attestation runs every check fromserver/compliance/encryption_attestation.pyand records an audit-log event. Only signed-in customers on the clinic plan can view the live report.

Open the security dashboard

Click Run attestation to verify the live controls. You'll need to be signed in.

For the full sub-processor list and SOC 2 stance, visit /trust. Report a security issue at security.txt.