Security & Trust
Last updated: Draft — pending review
Security is foundational to WithConnect AI. This overview describes our posture in plain language. It is draft placeholder structure; specifics are confirmed during onboarding and documented in your agreement. We describe our posture honestly — HIPAA-ready (BAA chain), not HIPAA certified.
Encryption
Data is encrypted in transit and at rest. Patient information in medical and dental deployments is encrypted and minimized in call summaries.
BAA posture (medical & dental)
For dental and medical packs, we sign a Business Associate Agreement (BAA) with your practice and maintain a signed BAA chain across every vendor that touches patient information — voice, telephony, database, email delivery, and edge. Access to patient information is audited.
Confidentiality (legal)
Law firms do not involve protected health information, so legal deployments run under standard confidentiality controls — a Data Processing Agreement (DPA) with minimal retention.
AI disclosure & recording consent
Every call discloses that the caller is speaking with an AI assistant and obtains recording consent consistent with California’s two-party consent rule (CIPA). Consent is logged with a timestamp.
Data handling
We minimize the data we retain and apply retention policies appropriate to each deployment. We never store what we shouldn’t.
Reporting a concern
To report a security concern, reach us through our contact form.