Customer Trust Center

Security and compliance status

EncounterReady enforces tenant-scoped API auth, signed webhooks with replay controls, and immutable audit evidence across integration workflows.

Security ProgramData Rights PolicyForms Center

TRUST-AC-01

Tenant-scoped authorization boundaries

Framework: OWASP API Security / ASVS

Status: IMPLEMENTED

Request authentication + tenant header binding + scope checks on public API routes.

TRUST-WH-02

Webhook signing and replay prevention

Framework: OWASP API8:2023

Status: IMPLEMENTED

HMAC-SHA256 signatures, idempotency replay ledger, retry/backoff delivery logs.

TRUST-AI-03

AI governance and safety controls

Framework: NIST AI RMF 1.0 + GenAI Profile

Status: MONITORING

Human oversight and non-PHI telemetry guardrails documented for AI-assisted workflows.

TRUST-DR-04

Data portability and deletion workflow

Framework: NIST Privacy Framework

Status: IMPLEMENTED

Tenant self-service request lifecycle with immutable audit evidence.

Uptime summary

Last 30 days

Availability 99.97% (SLA target 99.9%)

Incidents: 1

Single partial degradation in non-clinical reporting path.

Last 90 days

Availability 99.95% (SLA target 99.9%)

Incidents: 2

No data integrity incidents and no tenant boundary violations.

Subprocessors

VendorServiceData categories

Google Cloud

US regional

Hosting, storage, managed runtimeApplication metadata, Audit evidence, Customer configurationpolicy

Stripe

US/EU

Billing and subscription lifecycleBilling profile metadata, Invoice and subscription recordspolicy

Postmark

US

Transactional email deliveryOperational contact address, Message delivery telemetrypolicy

Policy library

v2026.1

Business Associate Agreement (BAA)

Business associate terms, breach obligations, and safeguard commitments for PHI workflows.

Open document

v2026.1

Data Processing Addendum (DPA)

Processing instructions, data rights handling, and transfer protections for tenant data.

Open document

v2026.3

Security Program Overview

Security controls, access model, and incident response baseline.

Open document

v2026.3

Data Portability and Deletion Policy

How tenants request exports and deletion, approval workflow, and evidence trail.

Open document

v2026.3

Legal Forms Governance Standard

State/specialty legal template lifecycle controls, review cadence, and required-form gates.

Open document

v2026.3

AI Usage and Human Oversight

Draft-only AI policy with human review, risk gating, and governance controls.

Open document

v2026.3

Subprocessor Registry

Current subprocessors, data categories processed, and review cadence.

Open document