Security and privacy
Security is at the heart of what we do—helping our customers improve their security and compliance posture starts with our own.
Security compliance with third-party auditors.
Carebound’s establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.
01
Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
02
Security controls should be implemented and layered according to the principle of defense-in-depth. Another well-structured sentence here.
03
Security controls should be applied consistently across all areas of the enterprise, maintaining SOC 2 Type II compliance and HIPAA attestation.
04
The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness.
Security and Compliance at Carebound
The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.
Data protection & privacy
Building a great solution starts with understanding the problem. Our AI for healthcare drives efficiencies and revenue growth by getting to the heart of the issue.
Data at rest
All datastores are encrypted at rest. Furthermore, client data is segregated into dedicated environments.
Data in transit
Carebound uses TLS/SSL or higher everywhere data is transmitted over potentially insecure networks.
Secret management
Encryption keys are managed via Doppler, a SOC-II compliant DevOps provider that protects your sensitive data with AES-256-GCM encryption throughout the entire data lifecycle.