Trust & Safety Center
Our commitment to transparency, clinical integrity, and data security is backed by real engineering safeguards.
Data Privacy & Encryption
All PII/PHI is encrypted in transit using TLS 1.2+ and at rest using AES-256 via Google-managed KMS. The database has zero public internet exposure, running entirely inside a secure private VPC network.
HIPAA & SOC2 Alignment
We design with HIPAA and SOC2 compliance controls from day one. This includes append-only log tables, cryptographic sanitization of child profiles before processing, and fully auditable access tracking.
Verified Sub-processors
| Partner | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Secure application hosting & regional database | Canada (Montreal) |
| Google Gemini | AI strategy translation (with child names cryptographically redacted before processing) | United States |
| Stripe | Compliant subscription processing | United States |
| Resend | Transaction & authentication emails | United States |
| New Relic | Application performance monitoring & structured logs | United States |
Need a SOC2 Report or DPA?
We sign Data Processing Agreements (DPAs) for clinic accounts; Business Associate Agreements (BAAs) are available on request after review. For custom enterprise requests, please reach out to our team.
Contact Support & Trust Lead