Compliance

Compliant by construction.

We treat SOC 2, HIPAA, and HITRUST as the starting line, not a finish-line scramble. Compliance is built into the framework and the model layer, so every product inherits our posture instead of earning it from scratch.

Compliance

Compliant by construction.

Every product in the suite stands on the same foundation. The hard parts — SOC 2, HIPAA, HITRUST — are inherited, so PHI is safe before you write a line of code.

SOC 2

Audited controls for security, availability, and confidentiality.

HIPAA

PHI handled safely across the entire stack, end to end.

HITRUST

A certifiable framework you inherit — not one you rebuild.

PHI-native

Data protection wired in from the very first request.

How we keep PHI safe

A guardrail around every request.

The benchmark system verifies the machinery described here. The guardrail, the Praetorian Guard, is a symmetric pipeline around inference: detect and tokenize on the way in, re-identify under scope on the way out, with tool I/O passing through the same pipeline in both directions.

On the way in
  1. 01

    Detect

    Recognizers flag clinical and insurance PHI and PII: names, MRNs, member and policy numbers, provider NPIs, and custom patterns. In deployments these are built on Microsoft Presidio, tuned for the domain.

  2. 02

    Policy gate

    Role, purpose, and confidence checks decide whether the request proceeds, escalates, or is denied. Low confidence escalates rather than passes.

  3. 03

    Tokenize

    Detected values are replaced with format-preserving tokens, and the PHI-to-token map is written to the encrypted De-identification Vault.

  4. 04

    Forward

    Only the de-identified text plus the system and policy prompt is forwarded downstream to the router and model.

On the way out
  1. 01

    Re-identification gate

    Only callers holding the explicit re-identification scope may detokenize. Everyone else receives the tokenized form.

  2. 02

    Identity scrub

    A stream-safe filter enforces the served-identity policy across both response modes, handling banned terms split across SSE chunk boundaries.

  3. 03

    PHI-safe logging

    Only redacted or tokenized content is ever logged. Raw PHI stays inside the vault.

  4. 04

    Evidence Ledger

    An append-only, hash-chained record captures request ID, tenant, model, data class, tool calls, output digest, and timestamps, with content digests instead of content.

Every request carries an effective data class, the more sensitive of the caller's declaration and the guardrail's own classification, so declaring down does not work. Backends declare which classes they are certified to receive, and the router refuses rather than degrades. The code-execution pack accepts only non-PHI classes, so no prompt-engineering path can move PHI into a sandbox.

The full spec

Read the guardrail in depth.

The complete PHI guardrail, the de-identification vault, and the evidence ledger are documented in our Theo Arca technical report.

Read the report