Trust & Security Center
Your data security is our top priority. Learn about our security practices and compliance approach.
Understanding Our Compliance Position
We are NOT an Electronic Medical Records (EMR) system. Visi.cx products, including LabCX, are audit-based competency management systems. This distinction is important for understanding our regulatory requirements.
While we maintain rigorous security standards, our products do not store, process, or transmit protected health information (PHI) as defined by HIPAA. We handle operational data related to staff competency and training—not patient records.
Security Measures
Enterprise-grade security built into every layer of our platform
Encryption in Transit
All data transmitted between users and our services is encrypted using TLS 1.2 or higher.
Encryption at Rest
All stored data is encrypted using AES-256 encryption, ensuring your data remains protected.
Multi-Factor Authentication
Secure authentication with MFA support for all user accounts.
Role-Based Access Control
Granular permissions ensure users only access the data and features they need.
Enterprise Infrastructure
Built on enterprise-grade cloud services that maintain SOC 2, ISO 27001, and HIPAA compliance certifications.
Audit Logging
Comprehensive audit trails track all system access and data changes for accountability.
Enterprise-Grade Infrastructure
We leverage industry-leading cloud infrastructure to deliver secure, reliable, and scalable solutions with numerous compliance certifications.
Infrastructure meets rigorous security and availability standards.
Data centers maintain international security management standards.
Built on services designed for healthcare environments.
All data stored in secure US data centers.
How We Handle Your Data
What Data We Collect
We collect operational data necessary for competency management: staff information (names, roles, credentials), competency assessments and scores, training completion records, and system usage logs. We do NOT collect patient information, medical records, or clinical test results.
How Data Is Protected
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Access is controlled through role-based permissions with multi-factor authentication. All access is logged and auditable.
Data Retention
Competency records are retained according to regulatory requirements (typically 2 years minimum). Customers can request data export or deletion at any time, subject to regulatory retention requirements.
Data Location
All data is stored in secure data centers located in the United States. Data does not leave the US unless specifically requested for international deployments.
Policies & Documentation
Review our security and privacy policies