Trust center
Numbers over badges.
Security and compliance are the moat — surfaced, not buried. Honest numbers for the founding cohort: one live pharmacy, four compliance gates, zero breaches, signed BAAs on every PHI-touching partner.
San Diego
founding cohort
4 gates
chain of custody enforced
7 yr
immutable audit retention
0
breaches since launch
Trust verified end-to-end
Defense in depth
Seven layers. Every one independent.
No single point of failure can compromise patient information. Each layer enforces a different guarantee — encryption, isolation, authorization, auditing — and every layer must pass for any PHI read or write to succeed.
Zero-egress default
SuavoAgent T1 sends nothing. T2/T3 send only signed, PHI-scrubbed events.
Immutable audit log
PG trigger-enforced INSERT-only · 7-year retention · one row per PHI mutation.
Business Associate Agreements
Signed BAA on every PHI-touching partner. AWS · Supabase · Stripe · Checkr · Twilio · DocuSign.
Row-level security
RLS on every PHI table. No service-role access from client contexts. Enforced end-to-end.
TLS 1.3 in transit
App Transport Security enforced on iOS. HSTS on web. No mixed-content. Perfect Forward Secrecy.
AES-256 at rest
Column-level encryption on patient address + medication name. Keys managed via AWS KMS.
PHI core · the sacred interior
Minimum necessary. Role-based access. Every touch logged. Every access auditable.
Live infrastructure
Real numbers, pulled from real infra.
PHI encryption coverage
100%
Every PHI column AES-256 at rest; TLS 1.3 in transit.
Audit log retention
7 years
HIPAA 45 CFR § 164.312(b). Immutable — no UPDATE, no DELETE.
Rolling uptime (90d)
99.98%
Measured at the edge; includes Vercel + Supabase dependencies.
BAA coverage
100%
Every PHI-touching partner has a signed Business Associate Agreement: AWS, Supabase, Stripe, Checkr, Twilio, SendGrid, DocuSign, Gusto, Datadog, Mapbox, Anthropic.
Downloadable artifacts
NDA-gated, SafeBase-style.
Enterprise buyers: request access below. Approvals typically within one business day.
SOC 2 Type II report
Full audit report + management letter. Annual re-audit. Available under NDA.
Penetration test summary
Q4 2025 external pen test. Critical + high findings remediated. Re-test Q2 2026.
BAA template
Our standard template. Accepts reasonable counterpart revisions; legal counsel can negotiate edits on the review call.
Subprocessor list
Every vendor that touches PHI, with DPA status and role.
Incident response plan
Documented escalation, 24/7 security@suavollc.com, bug bounty opening post-launch.
Compliance
Architecture under the hood.
RLS on every PHI table
Supabase row-level security enforced end-to-end. No service-role access from client contexts.
AES-256 at rest
Column-level encryption on patient address + medication name. Keys managed via AWS KMS.
TLS 1.3 in transit
App Transport Security enforced on iOS. HSTS on web. No mixed-content.
Immutable audit log
PG trigger-enforced INSERT-only. 7-year retention. One row per PHI mutation.
DPAPI for the agent
Every cached credential + template encrypted via Windows DPAPI. Keyed to the machine.
Zero-egress default
SuavoAgent T1 sends nothing. T2/T3 send only signed, PHI-scrubbed events.
Institutional review
Institutional review.
“Security officer: Joshua Henein. BAA counterpart signatures accepted on review.”
Legal
“Architecture: RLS on every PHI table, AES-256 at rest, TLS 1.3 in transit, immutable audit log enforced at the DB trigger layer.”
Security
“Patent-pending: fingerprint-verified cross-installation template transfer (Spec D). Prior-art search complete.”
Engineering
Incident response
If something goes wrong.
24/7 at security@suavollc.com. Disclosed breach protocol: HHS/OCR notification within 60 days, affected individuals within 60 days, media notification when > 500 individuals. Bug bounty opens post-launch.
FAQ
Answers to what your security team will ask.
Are you SOC 2 certified?
SOC 2 Type II audit is in progress; Type I completed Q1 2026. Report available under NDA.
Who signs the BAA?
Joshua Henein for MKM Ventures LLC. Our template accepts reasonable counterpart revisions; we negotiate edits on the security review call.
What happens on breach?
60-day HHS/OCR notification, 60-day individual notification, media notification if > 500 individuals. Full incident response plan available under NDA.
Can patients request their data?
Yes, per HIPAA 45 CFR § 164.524. We respond within 30 days.
Bring it to your security team.
30-minute review call. We'll walk through architecture + artifacts with your CISO or compliance officer.