Security

Companion is designed to operate inside regulated care environments. Security is treated as an architectural property of the system, not a marketing position.

Architecture

• — Encryption at rest and in transit
• — Private-by-design data handling; data is not sold or shared
• — Role-based access controls on operational systems
• — Audit logging on sensitive operations
• — Human-in-the-loop escalation for behavioral signals and crisis pathways
• — Hosting on infrastructure with industry-standard physical and platform security

Compliance Readiness

Companion is built with HIPAA-readiness architecture and is advancing toward formal compliance attestations as deployment surface expands. Counterparty diligence packages — including security questionnaires, BAA terms, and architecture documentation — are provided to qualified facility, health system, and partner counterparties under standard review.

Reporting a Vulnerability

Responsible disclosure is welcomed. Please email security@companion-care.ai with details. We acknowledge reports promptly and engage directly with researchers acting in good faith.

This page describes our current posture and is updated as certifications and controls advance. For audit-grade documentation, contact contact@companion-care.ai.