This page is the full posture for IT, compliance, and legal review. The landing page keeps the short version; the long version lives here so your procurement team has everything they need in one place.
One AWS BAA covers Cognito, Aurora, S3, KMS, Bedrock, Lambda, CloudFront, and Amazon Location.
PHI never leaves AWS. No OpenAI, no third-party analytics, no foreign sub-processors.
alias/sereniq-{stage}-phi · yearly rotation · AAD-bound to record context.
SSN, Medicaid ID, and Medicare ID are encrypted with per-record AAD context.
No public ingress. Egress only through application identity.
FORCE RLS on every tenant-scoped table · default-deny.
DSPs and nurses see only assigned homes via staff_assignments.
TOTP required for admin, supervisor, nurse_lpn, and nurse_rn.
Enforced — risk-based challenges on anomalous sign-in.
Every state change captures userId, IP, user-agent, and a non-PHI after-blob.
Zod validation everywhere. CSV exports strip formula leaders to defeat spreadsheet injection.
High-impact admin operations are also written to a separate ops bucket.
AI features run on AWS Bedrock, inside the same single-vendor BAA.
User-provided narratives are wrapped in tagged blocks. Raw input never concatenates into a system prompt.
A daily cap bounds worst-case AI spend per tenant.
Send your questionnaire, your CISO’s checklist, or your auditor’s data-flow request. A founder will reply within one business day.