Kinesia
Sign inTry the demo
Security

Security is the only way clinical AI works.

Kinesia is built from the ground up for the way healthcare actually handles sensitive data. Below is exactly how we approach security and what's in our architecture today.

Encryption everywhere

TLS 1.3 in transit. AES-256 at rest. Per-tenant key derivation paths so one organization's data cannot be decrypted with another's keys.

Zero training on your data

Your prompts and patient case content are never used to train external foundation models. Anthropic's API is configured for zero-data-retention on enterprise plans, with a signed BAA in place.

Role-based access control

Three default roles — admin, clinician, viewer — with fine-grained permissions enforced server-side on every API call.

Tamper-evident audit log

Every authentication, every chat, every admin action is recorded with hash chaining. Logs are retained for 7 years and exportable on demand.

SSO + SCIM

SAML 2.0 and OIDC for enterprise identity providers. SCIM provisioning for automatic onboarding and offboarding.

Tenant isolation

Every record is row-level scoped to the tenant. No shared secrets across organizations. Network and database segmentation enforced at the infra layer.

Hosted in HIPAA-eligible regions

All production workloads run in HIPAA-eligible AWS regions (us-east-1, us-west-2). No data leaves the United States.

Subprocessor transparency

We publish a current list of subprocessors and notify customers in advance of any changes. BAAs are in place with every subprocessor that may touch PHI.

Privacy by design.

Minimum necessary data. Kinesia asks clinicians to use anonymized case descriptors (initials, age range, presenting problem) instead of identifying PHI. We block freeform PHI fields in case workspaces and surface a reminder when long-form text appears to contain identifiers.

No training on your data. Conversation content is sent to Anthropic's API under a signed Business Associate Agreement on enterprise plans, with zero-data-retention configured. Anthropic does not use this data to train foundation models.

Right to delete. Workspace owners can delete a thread, a case, or an entire workspace at any time. Deletion is propagated through caches and backups within 30 days.

Subject access. Organization admins can export every record associated with a clinician on demand, in JSON or CSV.

Demo environment notice. This live demo runs an in-memory store with a single test organization. The production architecture described above is what every paying customer receives. The demo is not appropriate for real PHI.