Trust & Security

The AI Validation Hosting Service is built for HIPAA, NIST AI RMF, and ISO/IEC 42001 from the ground up. Protected Health Information never leaves the platform's BAA-covered perimeter, every release is cryptographically attested, and every customer-impacting event is logged to an immutable audit trail with seven-year retention.

Compliance posture

Independent third-party attestations are listed first; self-attested frameworks are noted as such. Full evidence packages are available to procurement teams under NDA — email trust@ai-heart.org to request the latest packet.

HIPAA

Covered Entity BAA in place; Security Rule §164.308-§164.312 controls implemented

SOC 2 Type II

Audit window open; first opinion letter expected within 12 months

ISO/IEC 42001

Annex A gap analysis published with per-control remediation owners

NIST AI RMF 1.0

Mapped to all 4 functions (Govern, Map, Measure, Manage)

FDA GMLP

Self-attested against the 10 FDA Good Machine Learning Practice principles

Sub-processors

Vendors with access to PHI carry a signed Business Associate Agreement. Vendors without PHI access are listed for transparency but do not require a BAA.

Service	Purpose	BAA
Google Cloud	Compute, storage, KMS, IAM, audit logs	Signed
Auth0	Identity provider, SSO, MFA	Signed
Stripe	Payments, subscription billing	Signed
SendGrid	Transactional email (BAA-covered tier)	Signed
PagerDuty	On-call alerting and incident response	Signed
Notion	Internal documentation (no PHI)	N/A
GitHub	Source code hosting (no PHI)	N/A

Security controls

Highlights of the technical controls audited under the SOC 2 Type II window and mapped against HIPAA Security Rule §164.308-§164.312.

Data protection

Customer-Managed Encryption Keys (CMEK) for every data-at-rest service (GCS, BigQuery, Pub/Sub, Vertex AI)
Cloud KMS automatic 90-day key rotation; manual rotation drilled quarterly
Audit log bucket with 7-year retention lock enforced via GCS bucket-lock policy
TLS 1.3 with HSTS preloading; A+ on Qualys SSL Labs

Network and runtime isolation

VPC Service Controls perimeter enforced on Storage, BigQuery, Vertex AI, Secret Manager
gVisor sandboxed runtime for tenant pods running untrusted model code
Per-tenant Kubernetes namespace + NetworkPolicy + ResourceQuota
Cloud Armor adaptive Layer-7 DDoS protection on all internet-facing endpoints

Identity and access

Auth0 OIDC for human users with mandatory MFA for administrators
Workload Identity Federation for all CI/CD (zero long-lived service-account keys)
API key rotation supported per tenant via the inference proxy
Least-privilege IAM bindings audited weekly by automated evidence collector

Software supply chain

Binary Authorization in enforce-and-audit-log mode; only Cloud Build attested images deploy
All container images scanned by Artifact Analysis (Trivy + Google Cloud's vulnerability scanner)
Cryptographically signed validation certificates via Cloud KMS asymmetric signing key
SBOM generated and published with every release

Continuous evidence collection

Automated connectors feed our SOC 2 Type II audit window with real-time evidence — no manual screenshotting, no quarterly fire drills.

Connector inventory will be published when the SOC 2 audit window opens.

Vulnerability disclosure

Researchers who responsibly disclose vulnerabilities are credited in the platform's security advisory feed and, beginning Q3, may be eligible for a bug bounty under our HackerOne program (scope mirrors the public penetration-test scope document).

Email security@ai-heart.org with a proof-of-concept and proposed CVSS v3.1 scoring. We acknowledge within 2 business days and target an initial triage response within 5 business days.

Page generated at build time from compliance/ artifacts. For the full evidence packet, request from trust@ai-heart.org.