Security & Compliance

Data Processing

Documents uploaded to RemeDocs are processed in isolated environments. Each file is handled independently with no cross-contamination between customer workloads.

• Ephemeral processing -- documents are permanently deleted after remediation is complete and results are delivered
• No training data -- your documents are never stored or used for AI model training
• Isolated environments -- each remediation job runs in its own sandboxed container

Compliance

RemeDocs maintains compliance certifications and practices required by regulated industries.

• SOC 2 Type II -- audited controls for security, availability, and confidentiality
• GDPR -- full compliance with EU data protection regulations, including data subject rights and processing agreements
• CCPA -- California Consumer Privacy Act compliance, with no sale of personal data

HIPAA

RemeDocs offers HIPAA-friendly document processing for healthcare organizations handling protected health information (PHI).

• Business Associate Agreement (BAA) available for healthcare customers
• PHI safeguards -- documents containing patient information are processed with additional security controls
• Audit trails -- all processing activity is logged for compliance reporting

Contact sales@remedocs.com to request a BAA.

Infrastructure

• Cloudflare CDN -- global content delivery with DDoS protection and Web Application Firewall
• Encrypted in transit -- all connections use TLS 1.3 with strong cipher suites
• Encrypted at rest -- data stored using AES-256 encryption
• Managed infrastructure -- hosted on DigitalOcean with automated backups and monitoring

Access Control

• Role-based access -- granular permissions for team members based on their role
• Audit logging -- all user actions and document processing events are logged
• Secure authentication -- password policies, session management, and optional two-factor authentication
• API key management -- scoped API keys with rotation and revocation capabilities

Frequently Asked Security Questions

Is my data encrypted?

Yes. All data is encrypted at rest using AES-256 and in transit using TLS 1.3 with strong cipher suites. This applies to uploaded documents, remediated output files, and all communication between your browser and RemeDocs servers.

Where are documents processed?

Documents are processed on secure cloud infrastructure hosted by DigitalOcean. Each remediation job runs in an isolated, sandboxed container. Documents are automatically deleted from our systems after processing is complete and your remediated file has been delivered.

Do you store uploaded PDFs?

Only during active processing. Once your remediated document is ready for download, the original upload and all intermediate files are permanently removed. We do not retain copies of your documents for any purpose, including model training.

Is RemeDocs HIPAA compliant?

We implement security controls aligned with HIPAA requirements, including encryption, access controls, audit logging, and ephemeral document processing. Healthcare organizations that handle protected health information (PHI) can request a Business Associate Agreement (BAA) by contacting sales@remedocs.com.