Security

The technical posture, stated plainly

This website collects nothing beyond what you submit through the contact form. What follows is the security posture of the CocoMind platform itself, the systems a partnering institution's review will examine.

Encryption

All data is encrypted in transit and at rest.

Processing

HIPAA-aligned, under signed business associate agreements. Model providers run in zero-data-retention configurations.

Access

Least-privilege access controls and audit logging across the processing pipeline.

Custody

Structured outputs are delivered into institution-controlled systems. Audio is retained under the institution's control, not ours.

Review

The stack has passed institutional security review and AI-governance intake at a major academic medical center.

Reporting

Suspected vulnerabilities: jerry.hsieh@cocomind.health