Data Privacy & Compliance
Your security and privacy are our highest priorities.
Earth Craft Digital Security Commitment
Patient data is securely handled and not shared with third parties for marketing purposes. We maintain rigid administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of all electronic protected health information (ePHI).
Encryption Standards
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. This ensures that even if data is intercepted, it remains unreadable. Our key management systems rotate credentials every 30 days.
Access Control
We implement Role-Based Access Control (RBAC), ensuring that medical staff can only see data necessary for their specific clinical role. Every access event is logged in a tamper-proof audit trail.
Data Retention
In accordance with medical record retention laws, data is stored for the legally required period and then securely purged using NIST-compliant sanitization methods.
Physical Security
Our servers are hosted in SOC 2 Type II certified data centers with 24/7 surveillance, biometric access controls, and redundant power supplies to guarantee 99.99% uptime.
For more detailed information regarding our technical security architecture or for a copy of our latest BAA, please contact our Compliance Officer at earthcraftdigital@gmail.com
