← Return to Compliance

GUAVA COMPLIANCE FRAMEWORK

Guava adheres to six core pillars of compliance

We ensure that every one of our automations operate outside PHI boundaries while still maintaining rigorous enterprise-grade security, transparency, and auditability.

Our six compliance framework pillars with explanations for customers and internal controls
PILLARWHAT IT MEANS TO YOUWHAT IT MEANS TO US
HIPAA Safe Harbor AlignmentWe adhere strictly to HIPAA's de-identification and Safe Harbor principlesAll ingestion and automation modules exclude the 18 protected identifiers defined under §164.514(b)
SOC2 Mapped ControlsInternal security and change management processes follow SOC2 CC1-CC8 domainsAccess logging, encryption, key rotation, and audit events are continuously monitored
Data Minimization by DesignGuava processes only payer and policy data, not patient recordsEvery data path is validated against an allow-list schema before execution
Zero Required EHR ConnectivityNo EHR integration or PHI transferAll workflows operate from structured payer documentation and administrator input only
AI Governance & Human OversightEvery agent action is logged and reviewableHuman-in-the-loop checkpoints ensure transparency and override capability
Encryption & IntegrityConfidentiality and integrity throughout the lifecycleAES-256 encryption for data at rest; SHA-256 hashing for integrity and detailed audit trails

OUR COMMITMENT

Guava was built on a simple principle, which is that security and compliance are embedded and not added. Every one of our modules, APIs, and AI agents are built around data minimization and AI governance

For legal, information security, and procurement teams, we offer a detailed compliance packet including information on:

  • SOC2 Control Mapping
  • HIPAA Safe Harbor Attestation
  • Our subprocessor DPAs
  • Overview of our NLP and De-identification Architecture
  • Summary of Data Retention and Access Policy

Contact security@guavamedical.ai for any and all inquiries. Include "Compliance Packet" in subject line to request a detailed authorized copy provided under NDA.