Skip to content
Security & compliance

Compliance isn't a feature. It's the foundation.

Protected health information demands more than a checkbox. Orbit is engineered for healthcare-grade security from the database to the AI layer — and we sign a BAA with every single customer.

HIPAA

Compliant by design, BAA included

SOC 2 Type II

Independently audited annually

HITECH

Breach notification ready

GDPR-ready

Data subject controls

Controls

Defense in depth, end to end.

Every layer — infrastructure, application, data, and AI — is built to protect PHI and keep you audit-ready.

Encryption everywhere

AES-256 encryption at rest and TLS 1.2+ in transit. Keys are managed in a dedicated KMS with regular rotation.

Access control

Role-based access, least-privilege defaults, SSO/SAML, and SCIM provisioning. Every PHI access is logged and auditable.

Audit & accountability

Immutable audit trails on every record and AI draft. Full edit history so you always know who changed what, and when.

Responsible AI

PHI is never used to train third-party foundation models. AI runs under contractual data-protection terms with no data retention for training.

Resilience

Encrypted, geo-redundant backups with point-in-time recovery, tested disaster recovery, and continuous monitoring.

Infrastructure

Hosted on HIPAA-eligible cloud infrastructure with network isolation, and optional private VPC deployment for enterprise.

Your agreements, handled.

We make the legal side simple. A Business Associate Agreement is included with every account, and enterprise customers can execute a custom Data Processing Agreement.

  • Signed BAA included on every plan
  • Custom DPA available for enterprise
  • Subprocessor list available on request
  • Annual third-party penetration testing

99.9%

Uptime SLA (Enterprise)

AES-256

Encryption at rest

24/7

Security monitoring

<1 hr

Breach escalation target

Orbit supports clinicians in meeting their compliance obligations but does not substitute for your organization's own legal and compliance review. Contact us for our security whitepaper and current attestations.

Need our security documentation?

Request our SOC 2 report, security whitepaper, and sample BAA. Our team responds within one business day.

Request documentsBack to platform

No credit card required · HIPAA BAA included · Live in 2–4 weeks