EVORA · Trust infrastructure
Your data,
your control.
Security is the floor, not the ceiling. EVORA OS is built so the most sensitive data in your life, your biology, is treated with the discipline it deserves.
HIPAA-aligned · SOC 2 in progress
HIPAA-aligned
We follow HIPAA Privacy and Security Rule practices for PHI handling, access logging, and breach response.
End-to-end encryption
TLS 1.3 in transit. AES-256 at rest. Encryption keys managed via dedicated KMS with quarterly rotation.
Strict access controls
Role-based access. Audit logs on every clinical view. No engineer reads PHI without explicit, logged authorization.
Dedicated infrastructure
Hosted on HIPAA-eligible cloud infrastructure with isolated environments per data class.
SOC 2 Type II in progress
Type I complete. Type II audit currently underway with a Big Four auditor.
Right to delete
Full export and full deletion available from your account in two clicks. Hard delete completes within 30 days.
Data ownership
It's your data. Always.
Your data is never sold. Never used to train third-party models. Never shared with advertisers, insurance carriers, or employers.
Aggregated, de-identified outcomes data may be used to improve EVORA's clinical models. You can opt out of even that with a single toggle.
Export is available at any time as a structured archive (JSON + PDFs). Deletion is permanent within 30 days, with cryptographic confirmation on completion.
In direction
Member-initiated, scoped, revocable clinician sharing will ship as part of the EVORA data promise — read the full direction on the data promise page.
Trust isn't a marketing claim. It's an architecture.
Contact our security team