Trust Center
Healthcare-grade security buyers approve in days, not quarters
Healthcare buyers trust QuickIntell for SOC 2 Type II certified, HIPAA compliant infrastructure
Procurement TLDR
Trusted by healthcare organizations nationwide
† No HIPAA breach reports filed. See the SOC 2 Type II attestation cover page (available under NDA).
Certifications & Compliance
QuickIntell maintains industry-leading security certifications and compliance standards to protect your healthcare data. All certifications are independently audited and verified.
SOC 2 Type II
2024Annual audit completed with zero exceptions. Comprehensive security, availability, processing integrity, confidentiality, and privacy controls verified.
HIPAA
Business Associate Agreements (BAA) available for all covered entities. Full compliance with HIPAA Privacy and Security Rules.
ISO 27001:2022
2024Information Security Management System certification. Demonstrates commitment to highest standards of information security including confidentiality, integrity, and availability of data.
NVIDIA Inception
AI startup accelerator program
Microsoft for Startups
Enterprise-grade cloud infrastructure
Business Associate Agreement (BAA) Available
QuickIntell is ready to execute a Business Associate Agreement with all covered entities. Request your BAA in minutes with our streamlined process.
Information Security & Compliance Overview
At QuickIntell, protecting healthcare and customer data is our top priority. Our Managing Director personally leads security initiatives, ensuring that data protection is prioritized across all teams and embedded into every process we follow.

ISO 27001:2022 Certification
QuickIntell is ISO 27001:2022 certified, reflecting our commitment to the highest standards of information security, including confidentiality, integrity, and availability of data. Our certification is available upon request for clients and partners seeking verification.
Board-Level Commitment
Top-down security leadership ensures data protection is embedded in every process.
Continuous Improvement
Regular audits and assessments ensure our security posture evolves with emerging threats.
Healthcare-Focused
Designed specifically for healthcare organizations with HIPAA and SOC 2 compliance.
Customer Data Protection & Privacy
QuickIntell implements comprehensive data protection measures to safeguard Protected Health Information (PHI) and customer data in compliance with HIPAA and healthcare privacy obligations.
Data Storage & Compliance
Secure Cloud Storage
PHI for U.S. healthcare customers is stored in U.S.-based cloud services (AWS, Azure, GCP) with enterprise-grade security protocols. Tenant, workload, and agreement controls govern non-PHI business data residency.
HIPAA-Aligned Privacy Controls
QuickRCM supports HIPAA-aligned handling with Business Associate Agreements (BAA) available for covered entities. Privacy requests are handled through contract, retention, and healthcare compliance workflows.
Flexible Data Retention
Configurable record retention periods give clients control over regulated data lifecycles, including 90-day unpinned AI Assistant thread purge and 7-year audit evidence retention where applicable.

Data Security Measures & Encryption
Multi-layered security controls protect your healthcare data at every stage of processing, storage, and transmission.
Encryption
- Data in transit: TLS 1.3 with perfect forward secrecy
- Data at rest: AES-256 encryption
- Key management: AWS KMS and Azure Key Vault
- Database encryption: Transparent Data Encryption (TDE)
Authentication
- Email verification and strong passwords
- Multi-factor authentication (MFA) required
- SAML Single Sign-On (SSO) for enterprise
- SCIM 2.0 for user provisioning
Access Controls
- Role-based access control (RBAC)
- Just-in-time access provisioning
- Regular access reviews and certifications
- Logged and monitored for audit
Built-In Product Security Controls
Beyond infrastructure and policy, QuickIntell ships hard guardrails inside the product itself — so PHI handling, agent autonomy, and outbound voice stay safe by default, not by checklist.
7-Year Audit Retention
Sensitive actions, permission changes, exports, configuration edits, and automation decisions are written to append-only audit logs retained for at least 7 years by default for compliance evidence.
organizationId Tenant Isolation
Every operational record carries an organizationId, and queries filter by that tenant boundary so cross-organization access is blocked at the data layer.
Semantic Recall Disabled
Agent memory remains organization scoped, unpinned threads purge after 90 days, and semantic recall over old messages is disabled to prevent PHI from being retrieved by inference.
AWS Secrets Manager Credentials
Portal and EHR credentials are encrypted at rest in AWS Secrets Manager, scoped to the customer organization, and fetched only into ephemeral session memory when an authorized task runs.
Approval-Gated Write Actions
Write actions and customer-configured high-impact automations use approval gates before changes are committed. QuickVoice contact workflows can run automatic, semi-automatic, or approval-backed based on customer policy, with execution metadata logged without PHI values.
VOICE_CALL Export Permission
QuickVoice recordings and transcripts stay encrypted and tenant scoped. Listening requires voice access, while transcript export requires the separate VOICE_CALL: EXPORT permission.
DNC, TCPA, and FDCPA Enforcement
Outbound voice and collections workflows check DNC opt-outs, TCPA quiet hours in the patient's local time, FDCPA Reg F frequency limits, and state restrictions before contact attempts are allowed.

Infrastructure & Availability
Cloud Hosting
Hosted on AWS, Microsoft Azure, and Google Cloud Platform for high availability, redundancy, and global CDN distribution.
Reliability & Performance
99.9% uptime SLA with auto-scaling, continuous functional monitoring, and automated backup systems for business continuity.
Physical & Operational Security
Data centers maintain physical security, key management, redundancy, and disaster recovery procedures.
Security Documentation Hub
Access comprehensive security documentation, compliance reports, and legal agreements. Enterprise customers can request NDA-protected documents including SOC 2 reports and penetration testing results.
SOC 2 Type II Report
NDA RequiredComplete audit report covering security, availability, processing integrity, confidentiality, and privacy controls.
HIPAA Compliance Documentation
Summary of HIPAA compliance measures, administrative safeguards, physical safeguards, and technical safeguards.
Business Associate Agreement (BAA)
NDA RequiredStandard BAA template available for covered entities. One-click request for custom BAA execution.
Data Processing Agreement (DPA)
GDPR-compliant DPA for international prospects. Standard template available for review and execution.
Contact for DetailsSecurity Whitepaper
Comprehensive overview of encryption standards (at rest/in transit), access controls, audit trails, and incident response procedures.
Penetration Testing Results
NDA RequiredAnnual third-party penetration testing summary. Latest assessment completed with remediation tracking.
Data Residency Information
Detailed information about where data is stored, which cloud providers are used, and data sovereignty options.
Contact for DetailsSub-processor List
Complete list of third-party sub-processors, their locations, and data processing activities.
Data Residency & Cloud Infrastructure
QuickIntell maintains data in secure, compliant cloud regions with full transparency about data location and processing activities.
Primary Regions
- United States (US East, US West)
- Data stored in AWS and Azure regions
- Configurable data residency options available
Cloud Providers
- Amazon Web Services (AWS) - SOC 2, HIPAA compliant
- Microsoft Azure - SOC 2, HIPAA compliant
- Google Cloud Platform (GCP) - ISO 27001 certified
Security Posture & Practices
Comprehensive security controls and continuous monitoring to protect your healthcare data. All security measures are independently audited and continuously monitored.
Encryption Standards
- Data in transit: TLS 1.3 with perfect forward secrecy
- Data at rest: AES-256 encryption
- Key management: AWS KMS and Azure Key Vault
- Database encryption: Transparent Data Encryption (TDE)
Access Controls
- Role-based access control (RBAC)
- Multi-factor authentication (MFA) required
- Single Sign-On (SSO) via SAML 2.0
- SCIM 2.0 for user provisioning
- Just-in-time access provisioning
- Regular access reviews and certifications
Audit Trails
- Comprehensive logging of all system access
- Immutable audit logs with tamper detection
- Real-time security event monitoring
- 90-day log retention (extendable)
- Automated anomaly detection
- Regular security log reviews
Incident Response
- 24/7 security operations center (SOC)
- Incident response plan (IRP) documented
- Automated threat detection and response
- Regular incident response drills
- Customer notification within 72 hours
- Post-incident review and remediation
Real-Time Security Posture
QuickIntell continuously monitors compliance status and security controls. Enterprise customers get exclusive access to our trust portal powered by industry-leading compliance automation platforms.
Current Compliance Status
Real-time dashboard showing SOC 2 and HIPAA compliance status
Continuous Monitoring
24/7 security monitoring results, vulnerability assessments, and threat detection
Sub-Processor List
Up-to-date list of all third-party sub-processors with locations and data processing activities
Security Questionnaire
Automated completion of security questionnaires (SIG, CAIQ, VSA) for faster procurement
Trust Portal Powered By:
Automated Updates
Compliance status and security metrics updated in real-time, no manual refresh needed.
Secure Access
SSO-enabled portal with role-based access controls for your security team.
Faster Procurement
Pre-filled security questionnaires reduce procurement time by up to 80%.
Third-Party Sub-Processors
We partner with selected sub-processors to enhance product functionality while maintaining high security standards. All sub-processors are contractually required to meet our security and compliance requirements.
| Sub-processor | Processing Scope | Activity | Data Type |
|---|---|---|---|
| Google Cloud | U.S. region for PHI | Hosting/storage | Infrastructure & storage |
| Amazon Web Services (AWS) | U.S. East, U.S. West | Hosting/storage | Infrastructure & storage |
| Microsoft Azure | U.S. East, U.S. West | Hosting/storage | Infrastructure & storage |
| Customer.io | Non-PHI communications | Email marketing | Communication data |
| Hubspot | Non-PHI CRM | CRM/email | Customer data |
| MailerSend | Non-PHI transactional email | Transactional email | Communication data |
| Chameleon | Non-PHI in-app guidance | In-app guides | User interaction data |
| Telnyx | Contracted QuickVoice telephony | Call routing and phone services | Telephony metadata and audio transport |
| Stripe | Payment data only | Payment processing | Financial data |
Sub-processors that handle PHI
Protected Health Information stays on U.S.-based infrastructure: AWS (U.S. East/West), Microsoft Azure (U.S. East/West), and Google Cloud (U.S. region). QuickRCM records, QuickVoice recordings and transcripts, and AI Assistant threads are encrypted and tenant scoped under those residency controls. Stripe processes billing/financial data only and does not receive PHI.
Marketing & comms only — no PHI
Customer.io, Hubspot, MailerSend, and Chameleonreceive only product, marketing, and in-app guidance data (work email, account, usage events). They are never sent Protected Health Information from the QuickIntell application.
For the full residency policy and product control details, see the data-residency FAQ entry below.
AI Usage & Data Handling
AI Applications
Powers speech-to-text recognition, medical transcription, clinical documentation, and content summarization in our healthcare AI solutions.
Secure Data Storage
All data is stored on US-based servers (AWS, Azure, GCP) under enterprise-grade security protocols with encryption at rest and in transit.
Privacy Assurance
No customer data or PHI is used to train AI models, ensuring full confidentiality and compliance with healthcare privacy regulations.

Vulnerability Disclosure
We welcome reports from security researchers and the broader community. Responsible disclosure helps us protect the healthcare organizations and patients who rely on QuickIntell. We follow the guidance set out in RFC 9116 for publishing security contact information.
Report a Vulnerability
Email our security team with reproduction steps, affected endpoints, and any supporting evidence. We aim to acknowledge reports within two business days.
security@quickintell.comsecurity.txt
Our machine-readable security contact file is published at the well-known URI defined by RFC 9116.
View /.well-known/security.txtPGP / GPG Encryption
PGP key publication is in progress. Until a verified public key and fingerprint are published, send sensitive disclosures to security@quickintell.com and avoid including PHI, credentials, or unnecessary exploit details in the initial report.
PGP Key Status
Not yet published. We will mirror the public key and verified fingerprint here and in our security.txt file before asking researchers to encrypt with PGP.
Safe Harbor
Researchers who act in good faith, avoid privacy violations, and follow coordinated disclosure timelines will not be subject to legal action by QuickIntell. Please do not access, modify, or exfiltrate Protected Health Information (PHI) while testing.
Frequently Asked Questions
Find answers to common questions about QuickIntell's security practices, compliance certifications, and data protection measures.
Ready to Experience Secure Healthcare Solutions?
Join healthcare organizations that trust QuickIntell with their sensitive data and security requirements. Get started with a free demo today.
Direct review links: BAA, SOC 2 report, Sub-processors, Incident response, AI data handling, Vulnerability disclosure. Security researchers and assurance teams can also review our /.well-known/security.txt contact file or check our real-time status dashboard.