Trust is not a feature. It's the foundation.

Regenemm builds with privacy-first defaults, least-privilege access, encryption posture, and auditable workflow principles. Security and governance are architectural, not add-ons.

Request demo Privacy policy Clinical safety

Healthcare trust posture

Clinical data handling

Patient-identifiable content belongs only in approved clinical storage, clinician UI, approved exports, and consented sharing flows. It is not a telemetry, analytics, URL, metric-label, or marketing-data input.

Human review gates

Material clinical outputs remain draft until reviewed through the appropriate clinical workflow. AI can assist with drafting, retrieval, summarisation, and verification, but clinical responsibility remains with authorised humans.

Least-privilege access

Hub APIs are tenant-scoped, spoke-identified, and request-correlated. Spokes are bounded workflow surfaces; durable clinical state and audit records return to the Hub.

Audit and provenance

Governed actions are designed to leave an audit trail with source references, actor context, request identifiers, state transitions, and release history rather than relying on operational logs as clinical evidence.

Consent-aware sharing

Outbound sharing is scoped by purpose, recipient, authority, expiry, and patient control where appropriate. Release pathways are designed to be explicit rather than improvised.

Public disclosure posture

Security and clinical governance updates are described publicly at a safe level. Detailed release evidence, infrastructure topology, exploit mechanics, and clinical safety sign-off remain internal.

Core principles

Privacy-first defaults: no data collection without explicit purpose
End-to-end encryption for data in transit and at rest
Least-privilege access: users see only what they need
Audit trails for every clinical action and data access
No PHI in telemetry or analytics without consent
Regular security audits and penetration testing
SOC 2 Type II compliance program active
HIPAA compliance posture with BAA support
GDPR-aligned data handling and subject rights
ISO 27001 information security management framework
ISO/IEC 42001 AI governance alignment
Incident response plan with defined SLAs

Operational security model

Encrypt and isolate

Use encryption in transit and at rest, tenant boundaries, least-privilege access, and region-aware hosting posture.

Fail closed

If consent, identity, audit, release, or verification controls cannot be satisfied, the governed action should not proceed silently.

Log carefully

Record operational metadata, request IDs, state changes, and decision context without placing PHI into logs, traces, URLs, or metrics labels.

Review before release

Patient-facing, external, billing, medicolegal, and clinically relied-upon outputs require appropriate review and release gates.

Audit readiness timeline

Regenemm has been building toward formal certifications since November 2024. ISO 27001, SOC 2, HIPAA compliance, GDPR alignment, and ISO 42001 audits are entering final stages. Formal attestations and certifications will be published as audits complete.

We do not claim certified status until audits are complete. Current posture reflects readiness work in progress.

For security reviews or audit documentation requests, contact security@regenemm.com

Trust is not a feature. It's the foundation.

Healthcare trust posture

Core principles

Operational security model

Audit readiness timeline

FAQ

Trust is not a feature. It's the foundation.

Healthcare trust posture

Core principles

Operational security model

Audit readiness timeline

FAQ

Trust is not a feature. It's the foundation.

Where is patient data stored?

Who can access my clinical data?

How does Regenemm handle AI model training?

What happens if there's a security incident?

Can I export my data?

What certifications does Regenemm have?

How do you handle data deletion?

Do you have a Business Associate Agreement (BAA)?

Trust is not a feature. It's the foundation.

Where is patient data stored?

Who can access my clinical data?

How does Regenemm handle AI model training?

What happens if there's a security incident?

Can I export my data?

What certifications does Regenemm have?

How do you handle data deletion?

Do you have a Business Associate Agreement (BAA)?