Excellence in Security & Compliance
Welcome to the Security & Trust Center, your source for clear insights into our security protocols, privacy practices, and compliance certifications. We prioritize safeguarding healthcare data above all. Our commitment to top security and compliance standards is shown through rigorous processes, ongoing audits, and real-time transparency, ensuring your information stays protected and confidential as you use our AI-driven diagnostic solutions.
Cybersecurity Policies
Security
Subprocessors
Grafana
An analytics and interactive visualization platform used for monitoring application performance, tracking logs, and analyzing system metrics.
Slack integration
A business communication platform used for internal team collaboration, real-time messaging, and receiving automated notifications.
Azure devops
A suite of development services from Microsoft used to plan, develop, test, and deliver software, including CI/CD pipelines and project tracking.
Sonar Cloud
A cloud-based code quality and security service that automatically analyzes source code to detect bugs and vulnerabilities.
CloudFlare
A web infrastructure and security company providing Content Delivery Network (CDN) services, DNS, and DDoS mitigation to keep the platform fast and secure.
Twilio
A communication platform used for programmatic SMS, messaging services, and voice calls within the application.
GCP
A suite of cloud computing services from Google that provides hosting, storage, and other infrastructure needed to run applications.
BitBucket
A Git-based source code repository hosting service used for version control and code collaboration among the development team.
SendGrid
A cloud-based email delivery service that handles transactional and marketing emails, ensuring reliable delivery for application-generated messages.
Eset
A cybersecurity company that provides endpoint security solutions, including antivirus software, to protect company devices and servers from threats.
Coalition Inc.
A cyber insurance and security company that provides cybersecurity tools and insurance coverage to protect against and recover from cyber incidents.
B2B Rocket
A sales and marketing intelligence platform used for lead generation and gathering contact information for business development.
Go High Level
An all-in-one sales and marketing platform that provides CRM, funnel building, and marketing automation services.
Nvidia GPUs
Graphics Processing Units (GPUs) that provide the necessary computational power for training and running artificial intelligence and machine learning models.
Trivi
n open-source security scanner used to find vulnerabilities in container images and other artifacts, helping to secure the software supply chain.
Frequently asked questions
Is SaveLife.ai HIPAA compliant?
Yes. We undergo annual independent HIPAA audits and adhere to strict data protection protocols for all PHI.
Where is my data stored?
Secure cloud hosting. Data is stored on US-based Google Cloud Platform (GCP) servers, with encryption at rest and in transit.
How does SaveLife.ai ensure its systems are secure against threats?
We operate a multi-layered security program that includes annual third-party penetration testing, continuous vulnerability scanning, and automated threat monitoring. Our internal security team also performs grey-box and black-box testing to simulate real-world attack scenarios. All findings are reviewed and remediated through structured patch and change management processes.
Who are your subprocessors?
Trusted vendors only. See our Subprocessors list (e.g., GCP, Twilio, Cloudflare). All comply with our security standards.
What encryption standards do you use?
AES-256 for data at rest and TLS 1.3+ for data in transit. We also enforce strict key management policies.
How is access to sensitive data controlled?
Role-based access control (RBAC), multi-factor authentication (MFA), and audit logs. Employees undergo background checks and security training.
Do you support compliance with HITRUST?
Yes. We are HITRUST i1 validated (2025). Documentation for HITRUST assessment can be requested.
What happens during a security incident?
Immediate response. We follow a documented Incident Response Plan aligned with NIST guidelines. Incidents are triaged immediately upon detection, contained within defined SLAs, and affected stakeholders are notified. A root-cause analysis and corrective actions are shared post-incident.
Can I request a security audit report?
Yes. Contact [email protected] for executive summaries of third-party audits.
How do you handle data backups?
Daily encrypted backups with 7-day retention. Backup integrity is tested quarterly.
