Security & Compliance
How we protect PHI
Sanolith is built for healthcare. That means PHI handling is the most load-bearing system we have. This page documents the controls (technical, contractual, and operational) that make Sanolith something your privacy officer can actually approve.
For our latest SOC 2, HIPAA Risk Assessment, or penetration-test reports under NDA, contact [email protected].
Certifications & assessments
HIPAA
CompliantBAA available on all paid tiers. Annual third-party HIPAA security risk assessment. Privacy & Security Officer designated. Workforce training on PHI handling required for every Sanolith employee with system access.
SOC 2 Type II
Audit in progressTrust Services Criteria for Security, Availability, and Confidentiality. Initial audit window opened Q1 2026. Report expected Q3 2026. Pre-audit Type I letter available under NDA on request.
HITRUST
RoadmapHITRUST r2 certification on roadmap for 2027 once SOC 2 lands. Customers requiring HITRUST today can request our HITRUST-aligned controls mapping.
Data protection
Encryption at every layer. Tenant isolation enforced at the database, network, and storage layers, not as a policy, as a permission system.
Encryption in transit
TLS 1.3 on all external endpoints. Certificate rotation managed via Let's Encrypt + cert-manager. Strict HSTS with preload. Cleartext HTTP disallowed at the load balancer.
Encryption at rest
AES-256 on all data at rest. Database storage (Postgres) encrypted via AWS EBS volume encryption. Object storage (S3) encrypted with SSE-KMS using customer-isolated keys per tenant on Enterprise tier.
Encryption of PHI in inference path
PHI is redacted BEFORE encryption; it never reaches the inference layer in plaintext. The model sees [REDACTED] placeholders. Even an attacker with full model-tier access cannot extract PHI that was never sent.
Tenant isolation
Postgres row-level security (RLS) on every table containing customer data. Object storage paths prefixed by tenant ID, IAM policies prevent cross-tenant reads. Per-tenant Postgres connection pools scoped to the tenant's session-GUC.
Network segmentation
Internal services communicate over a private VPC. Public ingress only via the load balancer with WAF rules. Egress restricted to allowlisted upstream model providers + identified clinical tool APIs (PubMed, DailyMed, RxNorm, FAERS).
Secrets management
All secrets in HashiCorp Vault. No long-lived credentials in environment variables or config files. Short-lived tokens issued via OIDC. Annual rotation enforced.
Audit trail
Every action on tenant data is logged. The ledger is append-only, tamper-evident, and exportable in 60 seconds.
Append-only ledger
Every prompt, redaction event, model call, tool call, and admin action lands on a Postgres append-only table. Row-level security scopes the ledger to the tenant. No DELETE or UPDATE permissions granted to application service accounts.
Hash-chained checkpoints
Hourly cron writes a Merkle-tree hash of the ledger to immutable S3 storage with object lock enabled. The chain is reproducible from checkpoints; any retroactive edit would invalidate every subsequent checkpoint. Survives subpoena.
Exportable on demand
Tenant admins can export the full ledger to CSV / JSONL via the in-app /admin/audit interface or via the public API. No vendor mediation required. Export captures all events; no field omissions.
Retention
Audit ledger retained for 7 years by default to satisfy CMS retention requirements. Customers on Enterprise can configure longer retention. On termination, ledger can be exported then purged within the BAA SLA.
Access control
Authentication
SSO via Keycloak (OIDC) on all paid tiers. SAML SSO + SCIM available on Enterprise. MFA required for all Sanolith employees. PKCE on all authorization flows.
Authorization
Role-based access (tenant-admin, tenant-member, tenant-readonly, sanolith-staff). Sanolith staff cannot access tenant data without explicit tenant-admin approval via a time-boxed support escalation. Every access is logged in the tenant's audit ledger.
Least privilege
Engineers do not have prod database access by default. Break-glass access is time-boxed, dual-approved, and audited. Customer Success teams use a separate read-only audit-shadow interface.
Workforce security
Background checks on all employees with PHI access. Annual HIPAA workforce training. Off-boarding revokes all access within 24 hours. Bring-your-own-device prohibited for engineers with production access.
Sub-processors
Sanolith uses a small, deliberately curated list of sub-processors. Each has a signed BAA where PHI is in scope. Customers receive 30-day notice before any new sub-processor is added.
| Sub-processor | Purpose | Region | BAA |
|---|---|---|---|
| AWS | Cloud infrastructure (compute, storage, networking) | us-east-1, us-west-2 | Yes |
| Anthropic | Frontier model inference (Claude, on customer opt-in) | AWS Bedrock (us regions) | Yes (via AWS Bedrock) |
| OpenAI | Frontier model inference (GPT, on customer opt-in) | Azure OpenAI (us regions) | Yes (via Azure) |
| HashiCorp Cloud Platform | Vault secrets storage | us regions | Yes |
| Datadog | Application + infrastructure monitoring (no PHI in logs) | us regions | Yes (log scrubbing for PHI) |
| Postmark | Transactional email (account, billing, alerts) | us regions | Yes |
Last updated: June 9, 2026. Subscribe to sub-processor change notifications.
Data lifecycle
From upload to deletion. Every step is logged. Every step happens inside your tenant boundary.
- 1
Ingestion
Customer documents uploaded over TLS. Chunked + embedded inside the tenant boundary. Embedding model never sees raw PHI (redacted first).
- 2
Active use
Data accessed via tenant-scoped session GUC enforced at the Postgres connection pool. No batch jobs cross tenant boundaries. Inference path encrypts en route, redacts before model boundary.
- 3
Backup
Encrypted daily snapshots retained for 35 days. Backups stored in separate AWS region for disaster recovery. Restore drills run quarterly.
- 4
Deletion
On customer termination, full export delivered within 30 days. All tenant data purged from production + backups within 60 days per BAA. Certified destruction report available on request. No 'soft delete' that retains data invisibly.
Incident response
What happens when something goes wrong. We treat incident preparedness as part of the product, not an emergency response.
- 60-minute initial assessment SLA for suspected security events
- 4-hour customer notification SLA for confirmed PHI breach
- Designated [email protected] contact monitored 24/7 on Enterprise
- Annual tabletop exercises with simulated breach scenarios
- Quarterly review of detection rules + alerting thresholds
- Documented runbook per incident class; reviewed quarterly
Report a vulnerability: [email protected]. PGP key on request. We acknowledge within 4 hours and post a public advisory once fixes are deployed (with reporter credit if requested).
Documents available on request
Send [email protected] from a company email and we'll share under NDA, typically within two business days.
- HIPAA Risk Assessment (most recent annual)
- SOC 2 Type I letter (Type II report when available)
- Penetration test executive summary
- Business Continuity & Disaster Recovery plan
- Vendor security questionnaire (SIG, CAIQ)
- Architecture diagram (data-flow + boundaries)
- Business Associate Agreement (template + signed)
- Sub-processor change-notification policy
Procurement-ready, today
We've answered the same 200-question security questionnaire enough times that we wrote it down. Most enterprise reviews close in under three weeks.