Security & Compliance

Data Processing

Documents uploaded to RemeDocs are processed in isolated environments. Each file is handled independently with no cross-contamination between customer workloads.

• Ephemeral processing -- documents are permanently deleted after remediation is complete and results are delivered
• No training data -- your documents are never stored or used for AI model training
• Isolated environments -- each remediation job runs in its own sandboxed container

Compliance

RemeDocs maintains compliance certifications and practices required by regulated industries.

• SOC 2 Type II -- audited controls for security, availability, and confidentiality
• GDPR -- full compliance with EU data protection regulations, including data subject rights and processing agreements
• CCPA -- California Consumer Privacy Act compliance, with no sale of personal data

HIPAA

RemeDocs offers HIPAA-friendly document processing for healthcare organizations handling protected health information (PHI).

• Business Associate Agreement (BAA) available for healthcare customers
• PHI safeguards -- documents containing patient information are processed with additional security controls
• Audit trails -- all processing activity is logged for compliance reporting

Contact [email protected] to request a BAA.

Infrastructure

• Cloudflare CDN -- global content delivery with DDoS protection and Web Application Firewall
• Encrypted in transit -- all connections use TLS 1.3 with strong cipher suites
• Encrypted at rest -- data stored using AES-256 encryption
• Managed infrastructure -- hosted on DigitalOcean with automated backups and monitoring

Access Control

• Role-based access -- granular permissions for team members based on their role
• Audit logging -- all user actions and document processing events are logged
• Secure authentication -- password policies, session management, and optional two-factor authentication
• API key management -- scoped API keys with rotation and revocation capabilities