Security
Enterprise security baked into every patient interaction.
From the phone call to the SMS follow-up, every byte that touches Eva is encrypted, monitored, and logged. We combine HIPAA readiness with enterprise guardrails so your compliance team and your CTO can both sleep at night.
Secure by Design
Every service undergoes threat modeling, code review, and automated dependency scanning before it hits production.
Redundant Infrastructure
Multi-region deployments with automated failover keep Eva available even if a provider, region, or carrier goes down.
Granular Access Controls
SSO + MFA, SCIM provisioning, and field-level permissions ensure only the right people see sensitive data.
Continuous Monitoring
Security alerts, anomaly detection, and real-time call health dashboards keep your team ahead of issues.
Infrastructure
- SOC 2 Type II hosting with private networking and hardware security modules
- Isolated tenants per customer with dedicated encryption keys
- Automated backups every 15 minutes with 35-day retention
- DDoS protection, WAF rules, and rate-limiting on all public endpoints
Application
- Secret management via AWS KMS + Supabase Vault; no credentials in code
- Secure SDLC with static/dynamic analysis, dependency review, and signed releases
- Session management with short-lived tokens and refresh rotation
- Configurable audit logs exportable to your SIEM or compliance archive
Operational
- 24/7 on-call SRE rotation and incident response playbooks
- Quarterly tabletop exercises for ransomware, data exfiltration, and carrier outages
- Background checks for all employees with production access
- Security reviews for every vendor + annual penetration tests