Last Updated: 2025-07-30

Protection Policies for Private Health Information

This document outlines the measures our company takes to protect private health information (PHI). Our commitment to securing PHI not only complies with legal standards but also ensures trust in our services. Protecting our users' information is paramount to maintaining confidentiality, integrity, and availability of data. These policies apply to all employees, contractors, and partners who have access to PHI within our systems and networks.

Process

Data Encryption In Transit and At Rest

• All PHI transmitted over public networks is encrypted using secure protocols such as TLS (Transport Layer Security). This ensures that any data exchanged between clients and our servers cannot be intercepted or read by unauthorized parties. PHI stored in our databases, files, and storage solutions is encrypted at rest using strong encryption standards. This includes data stored on physical drives, cloud storage, and backups.
• Our application uses end-to-end encryption methods to safeguard data as it moves from one point to another. Regular audits are conducted to ensure compliance with the latest encryption standards. Utilizes industry-standard encryption algorithms to encode data, making it unreadable without the correct decryption keys. Access to these keys is strictly controlled.

Users can Authenticate via Single Sign-On (SSO)

• Our company strongly encourages Single Sign-On (SSO) as the primary method for user authentication. SSO enables users to access multiple applications and services with one set of login credentials, improving security and user experience.
• SSO simplifies your login process, reducing password fatigue and the risk of weak passwords. By consolidating authentication through a single, secure method, we enhance security, ensuring that access to PHI is tightly controlled and monitored.

Compliance and Monitoring

• We conduct regular training for staff on the importance of PHI protection and adherence to these policies.
• We have continuous monitoring of our systems and networks to detect and respond to potential security incidents.
• Compliance with relevant health information privacy laws and regulations, ensuring our practices meet or exceed legal requirements.

Data Storage

• All customer data is stored in secure, HIPAA-compliant data centers in the United States.

Data Deletion Requests

• If you’d like to request removal of your data (audio files, transcripts, medical charts, etc), please send a message from the email address associated with your Eluve account to one of the following:
  • [email protected]
  • [email protected]

SOC2 Compliance

We are targeting to complete our SOC2 Type I audit in 2025Q3. We will follow up and complete our SOC2 Type audit by 2026H1.