Trust Center
Radical transparency.
Every commitment, verifiable.
We publish our third-party audits, compliance attestations, data ledger, and infrastructure transparency reports. If we said it, you can verify it here.
HIPAA compliance attestation, SOC 2 Type II, HITRUST, and independent security certifications — all with download links to the original reports.
A public, append-only ledger of every category of patient data we store, how long we keep it, who can access it, and what you can do about it.
Every government data request, subpoena, and legal order we've received — how many, what type, how many we complied with, and how many we pushed back on.
Our commitments
You own your health data. We are custodians, not owners. You can export or delete everything, at any time, without penalty.
We never sell, rent, or trade your data to advertisers, insurers, or data brokers. Revenue comes from membership and franchise fees only.
In the event of a breach, we notify affected members within 24 hours — not 72, not 30 days. We exceed HIPAA's requirements by design.
All compliance claims are third-party audited. We don't self-certify anything. Links to original reports are in the Attestations section.
Security contact
Found a vulnerability?
We run an active responsible disclosure program. If you've found a security issue, please report it to security@conceptualhealth.com. We respond within 24 hours and have a no-litigation policy for good-faith researchers.