We protect your patient data with the highest security standards in the industry. Transparency, compliance, and trust are at our core.
Built for healthcare from day one. We meet and exceed the strictest compliance standards in the industry.
Full HIPAA compliance for protected health information. Business Associate Agreements available.
CompliantSecurity controls aligned with AICPA Trust Service Criteria. Audit in progress.
In Progress — Q3 2026Full GDPR compliance including data processing agreements, right to erasure, and portability.
CompliantPayment processing meets PCI DSS Level 1 through certified payment partners.
CompliantCalifornia Consumer Privacy Act compliance. Full data transparency and consumer rights.
CompliantChatGeniusX is committed to protecting Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
To execute a BAA, contact our compliance team at compliance@chatgeniusx.com or request one from your account dashboard.
Military-grade encryption and enterprise infrastructure protect your data at every layer.
All stored data is encrypted using AES-256 at rest. All data in transit is protected with TLS 1.3. The same standards used by the U.S. government and financial institutions.
Hosted on AWS with multi-AZ deployment for high availability. VPC isolation, private subnets, and automated failover ensure your chatbot is always running.
Enterprise-grade firewall rules, Web Application Firewall (WAF), and DDoS protection via AWS Shield. All traffic is monitored and analyzed in real time.
Encryption keys are managed through AWS KMS with automatic rotation. Keys are hardware-protected and never stored alongside data.
You own your data. We never sell, share, or use it for advertising or AI training.
Our Data Processing Agreement outlines how ChatGeniusX processes personal data on behalf of our customers, in compliance with GDPR and applicable data protection laws.
Request your DPA at privacy@chatgeniusx.com or download from your account settings.
Granular permissions ensure the right people have access to the right data — nothing more.
Three distinct roles — Head Admin, Admin, and Doctor — each with precisely scoped permissions. No over-privileged accounts.
Optional 2FA for all accounts. Supports authenticator apps (TOTP) for an extra layer of security on every login.
JWT-based authentication with 8-hour token expiry. Automatic logout on inactivity. Secure, httpOnly token storage.
Complete audit trail of all account actions. Track who changed what, when, and from where. Immutable and exportable logs.
Your chatbot is always available when your patients need it.
Guaranteed uptime with automated failover across multiple AWS availability zones. Enterprise customers receive contractual SLA guarantees.
Daily encrypted backups with 30-day retention. Point-in-time recovery ensures no data is ever lost. Backups stored in a separate geographic region.
We maintain full transparency about service incidents and their resolution.
| Date | Status | Description | Duration |
|---|---|---|---|
| No incidents reported. All systems have been fully operational. | |||
Proactive security testing to identify and eliminate vulnerabilities before they become threats.
We engage independent, accredited third-party security firms to conduct comprehensive penetration tests of our infrastructure, APIs, and application layer annually.
Penetration testing executive summaries are available upon request for Enterprise customers under NDA. Contact your account manager or our security team.
Answers to your most common security questions.
Yes. We sign Business Associate Agreements (BAAs) with all healthcare customers. BAAs are available on all plans. Contact compliance@chatgeniusx.com or request one from your dashboard to get started.
All data is stored on AWS infrastructure in the US-East (Virginia) region. For Enterprise customers, we offer EU data residency options. All data is encrypted at rest with AES-256 and in transit with TLS 1.3.
Yes. You can export all your data at any time in CSV or JSON format directly from your dashboard. This includes conversations, bookings, patient records, analytics, and all associated metadata. Your data is always yours.
No, never. Your patient data, conversation logs, and business information are never used to train AI models. Your data is used exclusively to provide you with our service and nothing else. This is contractually guaranteed in our DPA and BAA.
In the unlikely event of a data breach, we notify affected customers within 72 hours as required by GDPR and HIPAA. Our incident response plan includes immediate containment, forensic investigation, regulatory notification, and remediation steps.
Upon account cancellation, you can export all your data. After a 30-day grace period, all data is permanently and irreversibly deleted from our systems, including backups. We provide written confirmation of data destruction upon request.
14 days free, no credit card required. Your data is protected from day one.
Start Free Trial →