Trust center
Your homework on us, done for you.
Before you share PHI with any vendor, HIPAA obligates you to evaluate their safeguards. This page is that evaluation: what we store, where it lives, who touches it, and what happens when you leave.
How we protect your data
PHI stays in the United States
All protected health information is processed and stored in US data centers (AWS us-west-1). No offshore staff access PHI.
Encrypted everywhere
TLS 1.2+ for every connection in transit. AES-256 encryption at rest for the database and file storage.
Isolation enforced in the database
Row-level security means your practice's data is walled off at the database layer, not just in the interface. Staff access is granted per practice, never globally.
Everything is audited
Every action on every claim is logged with actor, timestamp, and entity. Audit metadata never contains PHI.
Least privilege by default
Recovery specialists see only the practices they are assigned to. Your portal login sees only your practice.
Minimal PHI footprint
We work claims, not charts. Only the claim-level data needed to appeal a denial is ever stored. No clinical notes, no full charts.
How we access your systems
You push files. We never log into your PMS.
Revamend works from remittance files (X12 835 / ERA or CSV) that you export and upload through the encrypted portal. We do not take remote access to your practice management system, we do not install anything on your machines, and we hold no credentials to your systems.
The free audit never uploads anything.
The denial audit at /audit parses your file inside your browser. The file never leaves your computer and we never see it. PHI only reaches our systems after you sign the BAA during onboarding.
AI drafts, humans decide.
Appeal letters are drafted with AI using the minimum-necessary claim data, then reviewed by a specialist before anything is sent to a payer. AI output is never submitted unreviewed.
Subprocessors
Every third party that touches our infrastructure, and what they see.
| Provider | Purpose | Location | PHI exposure |
|---|---|---|---|
| Supabase (AWS) | Database, file storage, and authentication | United States (us-west-1) | Yes, under safeguards below |
| Cloudflare | Website and application hosting, network security | United States (global CDN for public pages only) | In transit only, encrypted |
| Anthropic | AI-assisted appeal drafting | United States | Minimum-necessary claim data only, human-reviewed output |
| Plausible Analytics | Privacy-friendly website analytics, no cookies | European Union | Never. Anonymous page statistics only |
Incidents and breach notification
Zero security incidents to date. If an incident affecting your PHI ever occurs, we commit to notifying you without unreasonable delay and no later than 72 hours after discovery, ahead of the HIPAA breach notification timelines, with a full account of what was affected and what we did about it.
Retention and deletion
We retain claim data only while your engagement is active plus any period required for open appeals and invoicing. On termination, PHI is returned or destroyed within 30 days per the BAA, and we confirm the deletion in writing.
Compliance status and roadmap, stated honestly
We operate under documented HIPAA-compliant practices and sign a Business Associate Agreement with every practice before any PHI is exchanged. There is no such thing as an official "HIPAA certification," and we will never claim one. We are a new company: we do not yet hold a SOC 2 report, and independent audits are on our roadmap as we grow. What we can show today: our BAA, MSA, and LOA are public. Read every word before you sign anything.
Security questions before onboarding? Ask us directly. A human replies within 4 business hours.