Cadence
Get started
Security

Built like a healthcare product, not a chatbot.

Sensitive data encrypted at the column level. Every AI action audit-logged. Tenant isolation enforced at the database. Healthcare data deserves better than the average SaaS.

Sensitive data encrypted at rest and in flight

Sensitive fields (DOB, notes, full phone, full email) are encrypted at the column level with AES-256-GCM via lib/encryption.ts. Per-business keys are isolated. Database connections are TLS 1.3 only.

Multi-tenant isolation via Postgres RLS

Every tenant table enforces row-level security keyed on business_id. Cross-tenant reads are impossible at the database layer — not just the application layer. Service-role access is restricted to webhooks and Inngest jobs.

Tamper-evident audit log

Every Maya action, voice agent tool call, and admin action writes to audit_log with timestamp, actor, IP, business_id, and before/after diff. Logs are append-only and retained 7 years.

Hosted on US-region infra

All compute, database, and storage in US-East. No data leaves the United States. Vercel + Supabase region-pinned. Retell calls routed via US PoPs. Backups encrypted to S3 us-east-1.

PII never logged in plaintext

Logs use redactPII() before any phone, email, DOB, or SSN is written. Sentry breadcrumbs scrubbed at SDK level. Retell call recordings are PHI-eligible and stored encrypted with auto-expiry.

// policies & specifics

Policies & specifics

Data retention
Conversation transcripts: 90 days. Recordings: 30 days unless flagged. Audit log: 7 years.
Patient data ownership
You own all data in your Cadence account. Export anytime as JSON or CSV. Maya can do it for you.
Incident response
We notify customers within 24 hours of any confirmed breach affecting their data, with detailed scope and remediation.
Penetration testing
Annual third-party pentest. Quarterly internal review. Latest report under NDA on request.
Employee access
Engineering access to production is gated by SSO + hardware key + audit log. No raw PHI in dev environments.

Need a SOC 2 report, custom DPA, or compliance documentation? security@cadenceagents.ai