Our Security Principles
HIPAA Compliance
Our solutions are fully HIPAA compliant,
ensuring that all protected health information
is secured according to regulatory
requirements.
GDPR Compliance
We adhere to GDPR principles, providing
transparency and control over personal data
for all EU citizens.
Data Encryption
All data is encrypted both in transit and at
rest using industry-standard encryption
protocols.
Regular Audits
We perform regular security audits and
vulnerability assessments to maintain the
highest security standards.
Secure Infrastructure
Our infrastructure is hosted in SOC 2
compliant data centers with multiple security
layers.
Zero Data Retention
We do not store any of your end-customers'/employees personal data. Our system does not retain any customer-specific information. In case messages are processed, all the messages and related data are deleted immediately after processing.
Security Measures
Data Processing & Privacy
All data in transit is encrypted using TLS 1.2+
Credentials and API keys are securely stored and managed using secure secret management services.
Zero Data Retention: Personal Data is not stored after processing; it is deleted immediately upon completion of the processing task.
Temporary logs are ephemeral and do not contain Personal Data.
Infrastructure Security
AWS-hosted infrastructure; no on-prem servers
Alerting on key security events (IAM changes, errors, traffic spikes)
Access Control
We employ Role-Based Access Control (RBAC) based on the least-privilege principle. Access to systems processing Personal Data is restricted to authorized personnel only. We also conduct routine access reviews to ensure ongoing security compliance.
MFA enforced on all production systems and a strong password policy with complexity required, rotation ≤180 days.
Vendor Management
Sub-processor list published and kept up to date here
DPAs in place
Vendors must provide SOC 2 Type II / ISO 27001 or equivalent
Annual reassessment of vendor security
Company Security
Laptops encrypted (BitLocker), EDR enabled, screen-lock enforced.
Office access controlled; Tel Aviv location secured with alarm & sprinkler systems
Annual external penetration test.
Information Security Policy, Code of Conduct, Data Deletion Policy (reviewed annually)
Comprehensive security training program upon hire and annually.
We use a secure email gateway to filter suspicious emails.
Legal
Our DPA is available here and we have appointed a Data Protection Officer ("DPO"). For privacy related questions, please contact tamir@getadelante.com.
We have a cyber insurance plan that provides coverage for security incidents.
Our Privacy Policy is available here.
Our Terms Of Use are available here.
Compliance & Certifications
HIPAA compliant - Standard BAA
GDPR Compliant - Standard DPA
ISO 27001 certified - Audit Confirmation
SOC 2 Type II certified - Audit Confirmation
Our Commitment to You