Trust & status

Built to be auditable, not just marketable.

This page is the plain-language source of truth for how PHIGuard talks about status, assessments, and responsible disclosure.

System status

PHIGuard does not publish a standalone public status page yet. If a service disruption or security event materially affects customers, affected accounts are notified directly.

Assessments

HIPAA Security Rule self-assessment is in progress. SOC 2 Type II and annual penetration testing remain planned, without premature certification logos.

Disclosure policy

Security reports should go to security@phiguard.app. We acknowledge reports within one business day and provide substantive follow-up within five business days.

Retention posture

Task and audit data are retained for at least six years, with a post-termination export window before secure deletion.