Built for Regulated Environments

Enterprise-Grade Security

Medical AI carries the highest stakes. DeepCog is architected from the ground up for HIPAA compliance, SOC 2 Type II, ISO 27001, and FedRAMP-ready deployment — with zero compromise on performance.

Request Security Brief → Platform Overview
Certifications & Compliance

The compliance baseline clinical AI demands

🛡️
HIPAA BAA
Business Associate Agreement available for all plans
SOC 2 Type II
Annual third-party audit. Report available on request
🌐
ISO 27001
Information security management system certified
🏛️
FedRAMP Ready
Authorization in progress for federal healthcare agencies
🇪🇺
GDPR
EU data residency options with SCCs and DPA
💊
21 CFR Part 11
Audit trails for FDA-regulated clinical trial environments
🔒
NIST CSF
Aligned to NIST Cybersecurity Framework 2.0
📋
HITRUST CSF
Certification in progress for healthcare network members
Data Protection

Your data stays yours — always

DeepCog operates on a strict zero-training-on-customer-data policy. Your clinical data is never used to train shared models, never stored beyond your configured retention period, and never shared with any third party.

  • AES-256 encryption at rest; TLS 1.3 in transit — always on, no opt-out
  • Customer-managed encryption keys (CMEK) on Enterprise plans
  • Private VPC deployment with no shared infrastructure for sensitive workloads
  • Zero retention mode: data deleted immediately after inference
  • Immutable audit logs for every model call, export, and admin action
  • Automated PHI detection and masking before any logging
Download Security Whitepaper →
// DEEPCOG SECURITY ARCHITECTURE
[ Perimeter Layer ]
  DDoS Protection · WAF · Rate Limiting
  mTLS Client Authentication

[ Identity & Access ]
  RBAC · SCIM Provisioning · SAML 2.0
  OIDC / OAuth 2.0 · MFA Enforced

[ Data Layer ]
  AES-256 at rest · TLS 1.3 in transit
  CMEK · Tokenization · PHI Auto-Masking

[ Inference Layer ]
  Isolated tenant namespaces · No cross-tenant
  Zero-retention mode · Audit log every call

[ Compliance Layer ]
  HIPAA BAA · SOC 2 II · ISO 27001
  FedRAMP Ready · GDPR · 21 CFR 11
Security Features

Defense-in-depth across every layer

🔑

Identity & Access Management

SAML 2.0 and OIDC SSO for seamless integration with Okta, Azure AD, and Ping Identity. SCIM for automated user provisioning. Fine-grained RBAC with attribute-based policies.

🕵️

Comprehensive Audit Trails

Every model inference, data export, admin action, and permission change is logged to an immutable, tamper-evident audit store — exportable to your SIEM in real time.

🌐

Network Isolation

Dedicated VPC, private endpoints, and PrivateLink support for AWS, Azure, and GCP. No traffic traverses the public internet on private-cloud deployments.

🤖

AI Safety & Guardrails

Built-in output filtering for clinical safety — hallucination detection, confidence thresholding, and automatic escalation flags when the model uncertainty exceeds configurable thresholds.

🔁

Disaster Recovery & BCP

RPO < 1 hour, RTO < 4 hours. Active-active multi-region deployments available. Automated daily backups with point-in-time recovery up to 35 days.

🔬

Vulnerability Management

Continuous SAST/DAST scanning, quarterly third-party penetration testing, and a bug bounty program via HackerOne. Critical patches deployed within 24 hours.

Deployment Comparison

Choose the right deployment model

Security Feature
Description
Availability
HIPAA BAA
Business Associate Agreement for PHI workloads
All Plans
SOC 2 Type II Report
Annual third-party audit report, available on request
All Plans
Data Encryption (AES-256)
At-rest and in-transit encryption for all data
All Plans
MFA Enforcement
Multi-factor authentication for all user accounts
All Plans
SSO (SAML / OIDC)
Enterprise identity provider integration
Professional+
Customer-Managed Keys
Bring-your-own KMS key for data encryption
Enterprise
Private VPC Deployment
Isolated cloud infrastructure, no shared tenancy
Enterprise
On-Premise Deployment
Air-gapped or on-premise bare-metal install
Enterprise
Zero Retention Mode
PHI purged immediately post-inference, no logging
Enterprise
Dedicated Security Review
Security questionnaire response & architecture review
Enterprise
Security Questions?

We welcome your security review

Our security team is available to complete your vendor questionnaire, provide penetration test reports, and walk through our architecture with your CISO and compliance team.

Contact Security Team → Platform Overview