Security is our foundation.
We safeguard patient data with defense-in-depth architecture, rigorous compliance, and zero-trust principles.
HIPAA Compliant
We execute a Business Associate Agreement (BAA) with every covered entity. PHI is processed strictly in accordance with Privacy and Security Rules.
SOC 2 Type II
Audited annually by independent third-party firms to ensure our controls for security, availability, and confidentiality are effective.
Zero Trust
Strict Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), and least-privilege access policies for all employees.
Infrastructure
Cloud Isolation: sycana AI runs on isolated Virtual Private Clouds (VPC). Patient data databases are not accessible from the public internet.
Encryption: All data is encrypted at rest using AES-256. Data in transit is secured via TLS 1.3. Encryption keys are managed via Cloud KMS.
Resilience: Automated daily backups and multi-zone redundancy ensure High Availability (HA) and rapid disaster recovery.
App Security
Audit Logging: Every action—viewing a record, editing a triage score, or downloading a PDF—is immutably logged for compliance review.
SSO Integration: Enterprise plans support SAML 2.0 / OIDC integration with Okta, Azure AD, and Active Directory.
Penetration Testing: We conduct regular third-party penetration tests and static code analysis to identify and patch vulnerabilities.
AI Safety
Data Privacy: Your PHI is never used to train public models. We use zero-retention policies on inference endpoints.
Human-in-the-loop: Our "Glass Box" interface ensures every AI suggestion is verifiable. We provide citations linking back to the source document, preventing hallucination risks in clinical settings.
Need our SOC 2 Report?
Our compliance team can provide our full security packet, including SOC 2 Type II report, penetration test summary, and standard BAA.