Trust Center
Overview & Our Privacy & Security Promise
Overview
We are HIPAA and SOC 2 Type II audited and compliant. Your data stays in-country, is encrypted, access-controlled, and hosted on healthcare-compliant cloud infrastructure. We do not sell data and we notify and respond quickly if issues arise.
Our Privacy & Security Promise
We use independently audited, healthcare‑grade safeguards. Our promise is simple: You will always know how your data is used, who can access it, and what protections are in place.
We use data only for disclosed care and operations, and to improve service quality. We do not sell data, and we do not share it without clear disclosure and legal protections. We follow the law and our partners' contracts.
Certifications & Compliance
- HIPAA — Administrative, physical, and technical safeguards for PHI; minimum necessary access; BAAs with any vendor that handles PHI.
- SOC 2 Type II — Months of live operations independently tested for Security & Confidentiality (controls proven in practice).
These certifications and standards require continual monitoring, executive oversight, corrective actions, and independent reviews on a recurring basis.
Encryption, Access & Keys
- Encryption at rest and in transit.
- Least-privilege Role Based Access Control, Multi-Factor Authentication.
- Keys stored securely with separation of duties and rotation policies.
Monitoring & Secure Development
- 24/7 monitoring, alerting, intrusion detection.
- Secure Software Development Lifecycle, SAST/DAST, code review.
- Regular penetration-tests with tracked remediation SLAs.
Governance & Change Control
- Risk assessments; management review; policy attestation.
- Formal change management (peer review, approvals, rollback plans).
- Third-party/vendor reviews with BAAs; sub-processor transparency.
Frequently asked questions
Security & Privacy Contacts
Have questions? Reach our team at info@neuroglee.com or privacy@neuroglee.com.