Skip to main content
Call
Enterprise-Grade Security & Compliance

Trust Center

Healthcare-grade security buyers approve in days, not quarters

Healthcare buyers trust QuickIntell for SOC 2 Type II certified, HIPAA compliant infrastructure

Trusted by healthcare organizations nationwide

Zero reportable breaches
99.9% Uptime SLA
24/7 Security Monitoring

No HIPAA breach reports filed. See the SOC 2 Type II attestation cover page (available under NDA).

Industry-Leading Certifications

Certifications & Compliance

QuickIntell maintains industry-leading security certifications and compliance standards to protect your healthcare data. All certifications are independently audited and verified.

SOC 2 Type II

2024
Certified

Annual audit completed with zero exceptions. Comprehensive security, availability, processing integrity, confidentiality, and privacy controls verified.

HIPAA

Compliant

Business Associate Agreements (BAA) available for all covered entities. Full compliance with HIPAA Privacy and Security Rules.

ISO 27001:2022

2024
Certified

Information Security Management System certification. Demonstrates commitment to highest standards of information security including confidentiality, integrity, and availability of data.

NVIDIA Inception

Member

AI startup accelerator program

Microsoft for Startups

Partner

Enterprise-grade cloud infrastructure

Business Associate Agreement (BAA) Available

QuickIntell is ready to execute a Business Associate Agreement with all covered entities. Request your BAA in minutes with our streamlined process.

Board-Level Security Commitment

Information Security & Compliance Overview

At QuickIntell, protecting healthcare and customer data is our top priority. Our Managing Director personally leads security initiatives, ensuring that data protection is prioritized across all teams and embedded into every process we follow.

Editorial illustration of layered information-security safeguards representing QuickIntell's ISO 27001:2022 certified information-security program

ISO 27001:2022 Certification

QuickIntell is ISO 27001:2022 certified, reflecting our commitment to the highest standards of information security, including confidentiality, integrity, and availability of data. Our certification is available upon request for clients and partners seeking verification.

Board-Level Commitment

Top-down security leadership ensures data protection is embedded in every process.

Continuous Improvement

Regular audits and assessments ensure our security posture evolves with emerging threats.

Healthcare-Focused

Designed specifically for healthcare organizations with HIPAA and SOC 2 compliance.

Healthcare Data Protection

Customer Data Protection & Privacy

QuickIntell implements comprehensive data protection measures to safeguard Protected Health Information (PHI) and customer data in compliance with HIPAA and healthcare privacy obligations.

Data Storage & Compliance

Secure Cloud Storage

PHI for U.S. healthcare customers is stored in U.S.-based cloud services (AWS, Azure, GCP) with enterprise-grade security protocols. Tenant, workload, and agreement controls govern non-PHI business data residency.

HIPAA-Aligned Privacy Controls

QuickRCM supports HIPAA-aligned handling with Business Associate Agreements (BAA) available for covered entities. Privacy requests are handled through contract, retention, and healthcare compliance workflows.

Flexible Data Retention

Configurable record retention periods give clients control over regulated data lifecycles, including 90-day unpinned AI Assistant thread purge and 7-year audit evidence retention where applicable.

Abstract visualization of encrypted healthcare records with tenant-scoped storage, retention controls, and HIPAA privacy safeguards
Enterprise-Grade Security

Data Security Measures & Encryption

Multi-layered security controls protect your healthcare data at every stage of processing, storage, and transmission.

Encryption

  • Data in transit: TLS 1.3 with perfect forward secrecy
  • Data at rest: AES-256 encryption
  • Key management: AWS KMS and Azure Key Vault
  • Database encryption: Transparent Data Encryption (TDE)

Authentication

  • Email verification and strong passwords
  • Multi-factor authentication (MFA) required
  • SAML Single Sign-On (SSO) for enterprise
  • SCIM 2.0 for user provisioning

Access Controls

  • Role-based access control (RBAC)
  • Just-in-time access provisioning
  • Regular access reviews and certifications
  • Logged and monitored for audit
Controls Shipped In The Product

Built-In Product Security Controls

Beyond infrastructure and policy, QuickIntell ships hard guardrails inside the product itself — so PHI handling, agent autonomy, and outbound voice stay safe by default, not by checklist.

7-Year Audit Retention

Sensitive actions, permission changes, exports, configuration edits, and automation decisions are written to append-only audit logs retained for at least 7 years by default for compliance evidence.

organizationId Tenant Isolation

Every operational record carries an organizationId, and queries filter by that tenant boundary so cross-organization access is blocked at the data layer.

Semantic Recall Disabled

Agent memory remains organization scoped, unpinned threads purge after 90 days, and semantic recall over old messages is disabled to prevent PHI from being retrieved by inference.

AWS Secrets Manager Credentials

Portal and EHR credentials are encrypted at rest in AWS Secrets Manager, scoped to the customer organization, and fetched only into ephemeral session memory when an authorized task runs.

Approval-Gated Write Actions

Write actions and customer-configured high-impact automations use approval gates before changes are committed. QuickVoice contact workflows can run automatic, semi-automatic, or approval-backed based on customer policy, with execution metadata logged without PHI values.

VOICE_CALL Export Permission

QuickVoice recordings and transcripts stay encrypted and tenant scoped. Listening requires voice access, while transcript export requires the separate VOICE_CALL: EXPORT permission.

DNC, TCPA, and FDCPA Enforcement

Outbound voice and collections workflows check DNC opt-outs, TCPA quiet hours in the patient's local time, FDCPA Reg F frequency limits, and state restrictions before contact attempts are allowed.

Cloud operations scene representing multi-cloud hosting, redundancy, automated backups, and disaster recovery controls
High Availability Infrastructure

Infrastructure & Availability

Cloud Hosting

Hosted on AWS, Microsoft Azure, and Google Cloud Platform for high availability, redundancy, and global CDN distribution.

Reliability & Performance

99.9% uptime SLA with auto-scaling, continuous functional monitoring, and automated backup systems for business continuity.

Physical & Operational Security

Data centers maintain physical security, key management, redundancy, and disaster recovery procedures.

Comprehensive Security Resources

Security Documentation Hub

Access comprehensive security documentation, compliance reports, and legal agreements. Enterprise customers can request NDA-protected documents including SOC 2 reports and penetration testing results.

SOC 2 Type II Report

NDA Required

Complete audit report covering security, availability, processing integrity, confidentiality, and privacy controls.

HIPAA Compliance Documentation

Summary of HIPAA compliance measures, administrative safeguards, physical safeguards, and technical safeguards.

Business Associate Agreement (BAA)

NDA Required

Standard BAA template available for covered entities. One-click request for custom BAA execution.

Data Processing Agreement (DPA)

GDPR-compliant DPA for international prospects. Standard template available for review and execution.

Contact for Details

Security Whitepaper

Comprehensive overview of encryption standards (at rest/in transit), access controls, audit trails, and incident response procedures.

Penetration Testing Results

NDA Required

Annual third-party penetration testing summary. Latest assessment completed with remediation tracking.

Data Residency Information

Detailed information about where data is stored, which cloud providers are used, and data sovereignty options.

Contact for Details

Sub-processor List

Complete list of third-party sub-processors, their locations, and data processing activities.

Data Residency & Cloud Infrastructure

QuickIntell maintains data in secure, compliant cloud regions with full transparency about data location and processing activities.

Primary Regions

  • United States (US East, US West)
  • Data stored in AWS and Azure regions
  • Configurable data residency options available

Cloud Providers

  • Amazon Web Services (AWS) - SOC 2, HIPAA compliant
  • Microsoft Azure - SOC 2, HIPAA compliant
  • Google Cloud Platform (GCP) - ISO 27001 certified
Enterprise Security Standards

Security Posture & Practices

Comprehensive security controls and continuous monitoring to protect your healthcare data. All security measures are independently audited and continuously monitored.

Encryption Standards

  • Data in transit: TLS 1.3 with perfect forward secrecy
  • Data at rest: AES-256 encryption
  • Key management: AWS KMS and Azure Key Vault
  • Database encryption: Transparent Data Encryption (TDE)

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) required
  • Single Sign-On (SSO) via SAML 2.0
  • SCIM 2.0 for user provisioning
  • Just-in-time access provisioning
  • Regular access reviews and certifications

Audit Trails

  • Comprehensive logging of all system access
  • Immutable audit logs with tamper detection
  • Real-time security event monitoring
  • 90-day log retention (extendable)
  • Automated anomaly detection
  • Regular security log reviews

Incident Response

  • 24/7 security operations center (SOC)
  • Incident response plan (IRP) documented
  • Automated threat detection and response
  • Regular incident response drills
  • Customer notification within 72 hours
  • Post-incident review and remediation
Enterprise Trust Portal

Real-Time Security Posture

QuickIntell continuously monitors compliance status and security controls. Enterprise customers get exclusive access to our trust portal powered by industry-leading compliance automation platforms.

Current Compliance Status

Real-time dashboard showing SOC 2 and HIPAA compliance status

Continuous Monitoring

24/7 security monitoring results, vulnerability assessments, and threat detection

Sub-Processor List

Up-to-date list of all third-party sub-processors with locations and data processing activities

Security Questionnaire

Automated completion of security questionnaires (SIG, CAIQ, VSA) for faster procurement

Trust Portal Powered By:

Vanta
Drata
Secureframe

Automated Updates

Compliance status and security metrics updated in real-time, no manual refresh needed.

Secure Access

SSO-enabled portal with role-based access controls for your security team.

Faster Procurement

Pre-filled security questionnaires reduce procurement time by up to 80%.

Third-Party Sub-Processors

Third-Party Sub-Processors

We partner with selected sub-processors to enhance product functionality while maintaining high security standards. All sub-processors are contractually required to meet our security and compliance requirements.

QuickIntell sub-processors with processing scope, activity, and data type. PHI is processed only in U.S.-based infrastructure.
Sub-processorProcessing ScopeActivityData Type
Google CloudU.S. region for PHIHosting/storageInfrastructure & storage
Amazon Web Services (AWS)U.S. East, U.S. WestHosting/storageInfrastructure & storage
Microsoft AzureU.S. East, U.S. WestHosting/storageInfrastructure & storage
Customer.ioNon-PHI communicationsEmail marketingCommunication data
HubspotNon-PHI CRMCRM/emailCustomer data
MailerSendNon-PHI transactional emailTransactional emailCommunication data
ChameleonNon-PHI in-app guidanceIn-app guidesUser interaction data
TelnyxContracted QuickVoice telephonyCall routing and phone servicesTelephony metadata and audio transport
StripePayment data onlyPayment processingFinancial data

Sub-processors that handle PHI

Protected Health Information stays on U.S.-based infrastructure: AWS (U.S. East/West), Microsoft Azure (U.S. East/West), and Google Cloud (U.S. region). QuickRCM records, QuickVoice recordings and transcripts, and AI Assistant threads are encrypted and tenant scoped under those residency controls. Stripe processes billing/financial data only and does not receive PHI.

Marketing & comms only — no PHI

Customer.io, Hubspot, MailerSend, and Chameleonreceive only product, marketing, and in-app guidance data (work email, account, usage events). They are never sent Protected Health Information from the QuickIntell application.

For the full residency policy and product control details, see the data-residency FAQ entry below.

AI-Powered Healthcare Solutions

AI Usage & Data Handling

AI Applications

Powers speech-to-text recognition, medical transcription, clinical documentation, and content summarization in our healthcare AI solutions.

Secure Data Storage

All data is stored on US-based servers (AWS, Azure, GCP) under enterprise-grade security protocols with encryption at rest and in transit.

Privacy Assurance

No customer data or PHI is used to train AI models, ensuring full confidentiality and compliance with healthcare privacy regulations.

AI workflow interface representing tenant-scoped processing, human review safeguards, and no customer-data model training
Coordinated Vulnerability Disclosure

Vulnerability Disclosure

We welcome reports from security researchers and the broader community. Responsible disclosure helps us protect the healthcare organizations and patients who rely on QuickIntell. We follow the guidance set out in RFC 9116 for publishing security contact information.

Report a Vulnerability

Email our security team with reproduction steps, affected endpoints, and any supporting evidence. We aim to acknowledge reports within two business days.

security@quickintell.com

security.txt

Our machine-readable security contact file is published at the well-known URI defined by RFC 9116.

View /.well-known/security.txt

PGP / GPG Encryption

PGP key publication is in progress. Until a verified public key and fingerprint are published, send sensitive disclosures to security@quickintell.com and avoid including PHI, credentials, or unnecessary exploit details in the initial report.

PGP Key Status

Not yet published. We will mirror the public key and verified fingerprint here and in our security.txt file before asking researchers to encrypt with PGP.

Safe Harbor

Researchers who act in good faith, avoid privacy violations, and follow coordinated disclosure timelines will not be subject to legal action by QuickIntell. Please do not access, modify, or exfiltrate Protected Health Information (PHI) while testing.

Common Security Questions

Frequently Asked Questions

Find answers to common questions about QuickIntell's security practices, compliance certifications, and data protection measures.

Ready to Experience Secure Healthcare Solutions?

Join healthcare organizations that trust QuickIntell with their sensitive data and security requirements. Get started with a free demo today.

Direct review links: BAA, SOC 2 report, Sub-processors, Incident response, AI data handling, Vulnerability disclosure. Security researchers and assurance teams can also review our /.well-known/security.txt contact file or check our real-time status dashboard.