HelpCompliance & SecuritySOC 2 and HIPAA
返回

SOC 2 and HIPAA

SOC 2 and HIPAA statuses, BAA, and who to contact for compliance reviews.

Compliance & SecurityFrequently Asked Questions

What's Astell's SOC 2 Type II status?

Astell's SOC 2 Type II audit is in progress, with the report expected in Q4 2026. SOC 2 is an independent attestation: a licensed CPA firm examines how a service provider manages data security, availability, and confidentiality and issues a formal report. (SOC 2 is technically an attestation rather than a "certification"; there is no certifying body.) To schedule a security review call, contact founders@labtwofour.com.

What's Astell's HIPAA status?

Astell's HIPAA compliance program is in progress, with full support expected in Q4 2026. HIPAA establishes standards for protecting sensitive patient health information; there is no official government-issued HIPAA certification. Compliance is demonstrated through safeguards, risk assessments, and Business Associate Agreements. Astell can already accommodate HIPAA-related requirements on enterprise plans today.

How do HIPAA Business Associate Agreements (BAAs) work?

HIPAA Business Associate Agreements (BAAs) are available by request for enterprise customers. For HIPAA requirements and BAAs, email legal@labtwofour.com.

Can I use Astell for HIPAA-covered data right now?

You can use Astell for HIPAA-covered data only if you're on an enterprise plan and have a signed HIPAA BAA in place. To get started, email founders@labtwofour.com.

Does Astell follow other security standards (OWASP ASVS, CASA)?

Astell's application security program follows the OWASP Application Security Verification Standard (ASVS), the industry baseline for application security controls, and the product is tested against it. Astell is also pursuing CASA (Cloud Application Security Assessment) Tier 3, the independent, lab-verified tier of the App Defense Alliance framework (which is itself built on OWASP ASVS); that assessment is in progress. Enterprise customers can request the current status or supporting documentation at legal@labtwofour.com.

相关文章

继续学习这些相关的帮助文章

  • CCPA privacy rights

    Your California privacy rights under CCPA and how to submit a request.

    阅读
  • GDPR privacy rights

    Your GDPR rights and how cross-border data transfers are handled.

    阅读
  • How Astell protects your data

    Infrastructure, access controls, and operational practices that keep customer data secure.

    阅读

Security and privacy commitments

Astell's security and privacy commitments and what "controller vs processor" means when you connect integrations.

Astell Search

Understand how Astell provides actionable context through Astell Search

本页目录

What's Astell's SOC 2 Type II status?What's Astell's HIPAA status?How do HIPAA Business Associate Agreements (BAAs) work?Can I use Astell for HIPAA-covered data right now?Does Astell follow other security standards (OWASP ASVS, CASA)?