Security & Compliance
Enterprise-Grade Security
Built for Healthcare AI
Murphi.ai protects patient data with enterprise-grade encryption, rigorous compliance standards, and continuous monitoring. We treat your data security as our primary feature.
HIPAA
Compliant
SOC 2 Type II
Certified
ISO 27001
Certified
BAA
Available
Certifications
Three Pillars of Compliance
SOC 2 Type II
Murphi.ai maintains SOC 2 Type II compliance, demonstrating that our security, availability, and confidentiality controls are not only properly designed but consistently operating effectively over time.
HIPAA Compliant
We implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of Protected Health Information (PHI) across every deployment.
ISO 27001
Confirming that we operate a formally governed, risk-driven Information Security Management System (ISMS) that protects information assets across the enterprise.
Zero Trust Architecture
We Never Assume Trust
Every access request is verified, authorized, and encrypted — regardless of network location or user identity.
Verify Explicitly
Every request is authenticated, authorized, and encrypted, regardless of network location. No implicit trust — ever.
Least-Privilege Access
We enforce minimum necessary permissions (JIT/JEA) to strictly limit data exposure. Users access only what their role requires.
Continuous Validation
Trust is constantly re-evaluated based on real-time identity and device health signals. No standing access — every session verified.
Defence-in-Depth
Layered Protection at Every Level
Multiple layers of security controls — so a failure at one layer never results in a breach.
Network Security
Firewalls, intrusion detection, and prevention systems continuously monitor and defend against threats across every network boundary.
Data & Application Security
Secure coding standards, AES-256 encryption, and strict access controls protect applications and data at every layer of the stack.
AI-Powered Security
Adversarial defenses and input sanitization block prompt injections. No sensitive information is memorized by AI models.
Continuous Monitoring
24/7 Security Surveillance
Around-the-clock security monitoring powered by advanced AI and expert security analysts.
AI Threat Detection
Automated threat detection using advanced analytics — identifying anomalies and potential incidents before they escalate.
Security Operations
Our dedicated Security Operations team responds to incidents with rapid resolution protocols and documented escalation procedures.
Cloud Management
Cloud-native logs are continuously monitored and analyzed to detect suspicious activity across all Murphi.ai services and integrations.
Technical Safeguards
Industry-Leading Controls at Every Layer
Secure Cloud Hosting — AWS & GCP
Hosted on Amazon Web Services and Google Cloud Platform — the most secure and compliant cloud infrastructure available. Geo-redundancy with regional failover ensures continuous service availability. Advanced DDoS protection blocks large-scale attacks.
Identity & Access Management
Granular Role-Based Access Control (RBAC) limits users to role-relevant data only. Least privilege principles applied across every system. Strong multi-factor authentication and SSO support prevent unauthorized entry.
Vulnerability Management
OWASP-aligned secure coding practices. Frequent automated assessments and annual third-party penetration testing. Responsible vulnerability disclosure program — ethical hackers help identify and report potential vulnerabilities.
Disaster Recovery
Comprehensive recovery and business continuity plans minimize downtime. Recovery plans regularly tested and reviewed. Critical data automatically backed up and stored redundantly across geographic regions.
Data Encryption & Protection
TLS 1.2+ encryption for all data in transit. AES-256 encryption for all data at rest. Cryptographic controls enforced with strict access controls and secure key management. PHI never transmitted unencrypted.
Business Associate Agreement (BAA)
A fully executed BAA is available for every Murphi.ai customer — required by HIPAA for any business handling PHI. Covers all Murphi.ai services, integrations, and data processing activities.
AI Governance
Responsible AI with Comprehensive Oversight
Responsible AI Practices
AI systems developed in accordance with ethical principles — emphasizing fairness, transparency, and accountability. Regular bias assessments and compliance reviews.
No Training on Customer Data
Customer data is never used to train foundational AI models. Your data remains completely isolated from model development — contractually guaranteed.
Human Oversight & Risk Management
AI outputs are monitored by qualified personnel. Regular assessments identify risks, bias, and compliance gaps. Human review workflows built into every AI-generated output.
Sub-Processors
Third-Party Sub-Processors
We partner with carefully selected third-party sub-processors to enhance platform functionality while maintaining strict security and compliance standards. All sub-processors are contractually obligated to adhere to our security policies and regulatory requirements.
| Vendor | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud Infrastructure | USA |
| Google Cloud Platform | Cloud Infrastructure | USA |
| Everyware | Payment Processing | USA |
| Fortis | Payment Processing | USA |
| Twilio | Communication & Messaging | USA |
| 360 Dialog | Communication & Messaging | USA |
| Firebase | Crash Logs & Analytics | USA |