HIPAA-grade vault

Soft on top. Iron underneath.

The HIPAA-grade vault that doesn't make compliance officers feel like punishment. Submit-to-fulfill DSAR in days. Merkle-anchored audit receipts. Customer-managed encryption. Live in a browser; auditable in Sigstore.

Request a demo Read the trust portal

Three pillars. No marketing tax.

We name mechanisms because vibes cannot be audited. Every pillar maps to a control your auditor already understands.

Encryption you control.

AES-256-GCM per record. Bring-your-own-key. Crypto-shred satisfies GDPR Article 17. Post-quantum hybrid wrap is on the roadmap.

Live DSAR fulfilment.

Submit through fulfilment in days, not quarters. HIPAA §164.524, GDPR Article 15, and CCPA §1798.100 workflows ship in the box.

Audit you can show an auditor.

Per-tenant Merkle tree. Sigstore Rekor receipts. Six-year retention. No TRUNCATE path. Ed25519-signed evidence packs.

Frameworks we map to

SOC 2
HIPAA
GDPR
CCPA
CPRA

Bring your auditor to the first call.

Most vendors hide behind NDAs. We publish the artifacts. Pull the BAA, the DPA, the sub-processor list, the Rekor anchor proof — read them before you book the meeting.

Request a demo Or dive into the trust portal