Lippy AI Trust Center
Lippy AI is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Compliance
Resources
Chief Information Security Officer (CISO) Policy
Sensitive Data Processing and Impact Assessment Policy
PHI De-identification Policy and Procedure
Personnel Security Policy
Incident Response Policy
Controls
ePHI policy accessibility evidence
Remote access tool
Access restricted to modify infrastructure
Access review of infrastructure
User list with assigned roles and privileges
Encryption of data
Privacy and confidentiality governance charter
Data protection policy
Data transfers covered by approved safeguards
Cooperation agreements/data sharing frameworks
Vulnerability scanning
Business continuity and disaster recovery testing
Web application firewall
Sample code changes
Penetration testing
SSL/TLS certificates for infrastructure
Intrusion detection tool
Monitoring tool
Security incident list
Alerts and remediation
Incident response and breach notification policy
Breach notification communication
Internal GDPR compliance assessments performed
Binding corporate rules policy
Rectification request policy
Objection handling policy and systems generated
Erasure request handling policy
Log management tool
ePHI risk assessment report
Vendor termination
Vendor list
Vendor onboarding
Vendor management program
Consent for processing captured via explicit opt-in mechanisms
Age verification and parental/guardian consent process enforced
Media disposal training
New employee and contractor agreements
List of newly hired employees & contractors
Existing employee and contractor agreements
Security awareness training implemented
Records of Processing Activities (RoPA) maintained
Asset register maintaining
Notification workflows regarding rectification or erasure maintained
Risk management program
Risk and Governance Executive Committee meeting minutes
Lawful basis assessment
Legitimate interest assessment
Key management services used
Mobile device management tool configurations
Ticketing tool
Security-related roles
Termination checklist
Subprocessors
CalendlyBusiness Apps & Productivity
TwilioBusiness Apps & Productivity
AzureCloud Infrastructure & Platform Services
OpenAIAI & ML Services