Security

Trellova signs a Business Associate Agreement with every customer before a single byte of PHI moves. Our sub-processors all hold a BAA with us: WorkOS (auth), Anthropic (LLM), Deepgram (speech-to-text), LiveKit (media), Twilio (SMS), Postmark (email), AWS (infrastructure), and Datadog (observability).

At rest: Every tenant gets their own AES-256-GCM data-encryption key, wrapped by an AWS KMS Customer Master Key. The application layer never sees an unencrypted key — KMS unwraps on a short-lived basis and the unencrypted DEK is held only in request-scoped memory. One tenant's key cannot decrypt another tenant's data.

In transit: TLS 1.3 throughout. Ambient audio uses WebRTC over secure WebSockets. The browser extension uses HMAC-signed bearer tokens (no static API keys live on a clinician's laptop).

Postgres Row-Level Security is enforced on every PHI table. Inside each request, we set a per-tenant GUC and switch to a limited database role that has no UPDATE or DELETE access on append-only audit, prior-auth, criteria-evidence, or encounter-version tables. An application-level bug cannot bypass either layer.

Every PHI access produces an append-only audit row with the before-image hashed (so we capture mutation evidence without storing the PHI itself again). Database triggers raise on UPDATE or DELETE of audit tables — the storage layer enforces append-only, not just the application.

Every Anthropic call goes through a PHI-scrub layer that drops named PHI keys from the request before transmission. Anthropic holds a BAA with us; this is defense in depth above that contractual commitment.

We do not use customer data to train any model. Per-tenant data stays within that tenant's encryption boundary.

Right-to-be-forgotten: When a patient or authorized representative requests deletion under CCPA / state privacy laws, we scrub demographic identifiers and delete contact-method records. The clinical record itself is preserved under an opaque UUID per HIPAA's 6-year retention requirement (45 CFR §164.524). Every forget request goes into an append-only ledger for compliance audits.

TCPA opt-out: STOP / UNSUBSCRIBE / CANCEL / QUIT / END / REMOVE keywords are honored automatically by an append-only opt-out ledger. Patients who reply STOP receive no further SMS from that channel + address-hash combination until they explicitly reply START.

SOC 2 Type I report targeted for Q3 2026; SOC 2 Type II Q1 2027. HIPAA risk assessment runs annually. Penetration test scheduled quarterly once we're in production with customers.

If you've found a security issue, please email security@trellova.com. We respond within one business day. We don't operate a paid bug-bounty program yet but we credit reporters publicly with their permission.