Internal Personnel Security

All Simcha AI employees are required to:

• • Undergo background checks before being hired.
• • Complete annual security awareness training on HIPAA, privacy, and information classification.

Compliance

Simcha AI conducts regular risk assessments to ensure policies remain up-to-date and relevant.

Secure Development Lifecycle

• • All software changes are reviewed for compliance.
• • Simcha AI practices infrastructure-as-code. All infrastructure changes are reviewed before deployment.
• • All engineers complete secure development practices training.

Cloud Hosting and Availability

• • All hosting services and data are stored and processed within Google & Microsoft's Azure secure data centers.
• • Simcha AI has a HIPAA Business Associate Agreement with Google & Microsoft.
• • Simcha AI leverages Google & Azure's high-availability infrastructure to ensure the data is always accessible.

Confidentiality and Data Encryption

All data is encrypted at-rest and in-transit using standard encryption schemes.

Vendor Management

• • All Vendors who may process patient information are required to be HIPAA compliant and sign BAAs with Simcha AI.
• • Simcha AI regularly reviews vendor security practices to ensure continued high standards.

Artificial Intelligence

• • All AI models are HIPAA compliant and don't retain data.
• • Protected health information is never used for AI training purposes.

Patient Information

• • Client information is encrypted at-rest and in-transit.
• • Client notes can be manually deleted at any time.