Health data deserves stronger defaults than the rest of the internet. Every SmartScanPro environment ships with end-to-end encryption, per-tenant isolation, audit logging, and a dedicated on-call team watching it 24/7.
We publish status honestly — some things are done, some are in progress, some are on the roadmap. You'll always know which.
Audit in progress with a Big-Four firm. Target attestation date: 2026-Q4. Type I report is available under NDA today.
In progressBAAs available on enterprise tier. Technical, administrative, and physical safeguards per 45 CFR Part 164 Subpart C.
AvailableEU-region data pinning to AWS eu-west-1, Standard Contractual Clauses for transfers, and a named Data Protection Officer.
AvailablePlanned. Gap analysis underway. Control mapping to SOC 2 means the lift is mostly documentation, not engineering.
PlannedEvery packet in and out of our edge uses TLS 1.3 with modern cipher suites only; TLS 1.0 and 1.1 are disabled at the load balancer. Every byte we persist — database rows, object storage, backups, logs — is encrypted with AES-256 using keys managed in AWS KMS.
We run on AWS across two independent regions. Every workload sits in a private VPC; nothing touches the public internet except the load balancers that have to.
us-east-1 for North American traffic, eu-west-1 for European traffic. Data never crosses regions unless an enterprise customer explicitly enables cross-region replication for disaster recovery.
Three-tier VPC with public, application, and data subnets. Security groups enforce least privilege. No SSH access to production — all operations go through SSM Session Manager.
AWS SOC 1, SOC 2 Type II, ISO 27001, ISO 27018, HIPAA, and PCI DSS apply to the underlying infrastructure. Our controls layer on top of those, not in place of them.
Point-in-time restore for databases up to 35 days. Object storage uses versioning with 90-day retention. RPO 5 minutes, RTO 60 minutes for region-wide failure.
The blast radius of a stolen password depends entirely on what controls surround it. We make sure the surround is thick.
SAML 2.0 and OIDC on enterprise tier. SCIM provisioning and de-provisioning ties your IdP directly to your workspace.
Roles: Owner, Admin, Developer, Billing, Read-only. Fine-grained permissions can be scoped per-project on the enterprise tier.
TOTP and WebAuthn (hardware keys) supported. Owners can require MFA for the entire workspace; our own staff is MFA-mandatory.
Every sign-in, permission change, API key rotation, and data export is logged, immutable, and exportable to your SIEM.
We use a hybrid model: a single multi-tenant application layer reads from per-tenant database schemas. The row-level filter does not exist because the row-level surface does not exist — your data lives behind a connection string that no other tenant can reach.
Private program on HackerOne with a public-facing scope document. Rewards from USD 200 for low-severity findings up to USD 15,000 for critical ones. Average time-to-first-response: under 8 hours.
15-minute SLA from paging to first responder on critical incidents. Public postmortems within 5 business days for any incident that impacted customer data or availability for more than 15 minutes.
Annual third-party pentest by an accredited CREST / OSCP firm. Executive summary is available under NDA; remediation of all findings is tracked publicly in our changelog.
Responsible disclosure welcomed at security@smartscanpro.ai — PGP key published on our /.well-known/security.txt. Safe-harbour language covers good-faith research.
We keep a standard InfoSec bundle ready: SOC 2 Type I report, pentest executive summary, architecture diagram, data-flow diagram, and a pre-filled CAIQ v4. NDA goes out same-day.