PHItag LogoPHItag
Get Started
Context:Production-US-East
SYNC: PENDING
Public Read-Only Mode

Enterprise Trust Center

PHItag is a stateless governance engine. We manage your cloud integrity without ever touching your patient data.

HIPAA COMPLIANT
BAA AVAILABLE
ZERO-PHI ARCHITECTURE
AES-256 ENCRYPTED

Our "No-Data" Guarantee

Unlike traditional tools, PHItag is a Control Plane. We connect to your Azure environment via secure Service Principals to manage Tags and Metadata only. Your PHI remains safely within your Azure Tenant.

Data Privacy & Architecture

  • Zero-PHI Footprint: We never store patient data
  • Metadata Only: We only access & store resource tags
  • Encryption at rest (AES-256) for all configuration
  • TLS 1.3 Encryption for all API communications

Azure Access Control

  • Least-Privilege Service Principal (RBAC) access
  • Scoped access to specific Azure Subscriptions only
  • Audit logs for every tagging action taken
  • Credential rotation and secret management

Compliance & Auditing

  • Signed BAA (Business Associate Agreement) available
  • Strict employee access controls (Least-Privilege)
  • Annual mandatory HIPAA & Cyber-security training
  • Continuous vulnerability monitoring

Vulnerability Disclosure

We appreciate the global security community. Reports are triaged within 24 hours. We offer safe harbor for researchers acting in good faith.

Our Triage Promise

We provide transparent updates throughout the remediation process and credit researchers via our `security@phitag.app` channel.