CommonLight
CommonLight
Security & Compliance

Enterprise-Grade Security

Built for healthcare. Designed for trust. CommonLight meets the highest security and compliance standards.

Compliance & Certifications

Meeting healthcare industry standards for data protection and privacy.

HIPAA Compliant

In Progress - Target Q2 2025

Full HIPAA compliance for handling Protected Health Information (PHI), including Business Associate Agreements (BAA) available for all customers.

  • End-to-end encryption for data in transit and at rest
  • Access controls and audit logging
  • Regular security assessments and risk analysis

SOC 2 Type II

In Progress - Target Q3 2025

Demonstrating enterprise-grade security, availability, processing integrity, confidentiality, and privacy controls.

  • Independent third-party audits
  • Continuous monitoring and testing
  • Incident response procedures

Security Measures

Data Encryption

End-to-end encryption protects data at every stage

  • • TLS 1.3 in transit
  • • AES-256 at rest
  • • Encrypted database backups
  • • Key rotation policies

Access Control

Granular permissions ensure least-privilege access

  • • Role-based access control (RBAC)
  • • SSO/SAML integration
  • • Multi-factor authentication
  • • Session management

Infrastructure Security

Cloud infrastructure hardened for healthcare

  • • AWS SOC 2 compliant hosting
  • • Network segmentation
  • • DDoS protection
  • • Regular penetration testing

Audit Logging

Complete visibility into system access and changes

  • • Immutable audit trails
  • • User activity monitoring
  • • Data access logs
  • • Anomaly detection

Backup & Recovery

Business continuity with automated backups

  • • Daily encrypted backups
  • • 99.9% uptime SLA
  • • Disaster recovery plan
  • • Point-in-time recovery

Privacy by Design

Data minimization and privacy built-in

  • • No PII/PHI storage (metadata only)
  • • Data retention policies
  • • Right to deletion (GDPR/CCPA)
  • • Privacy impact assessments

Data Privacy Commitment

CommonLight operates on a metadata-only model. We never store personal health information (PHI) or personally identifiable information (PII).

✓ What We Store
  • • Provider names and locations
  • • Services offered
  • • Availability status
  • • Insurance accepted
✗ What We Never Store
  • • Patient names or demographics
  • • Medical histories
  • • Treatment details
  • • Financial information

Questions About Security?

Our security team is available to discuss your specific compliance and security requirements.

Contact Security TeamRequest Security Docs
CommonLight
CommonLight

Technology empowering human connection in crisis response.

Product

PlatformFeaturesIntegrationsSecurity

Company

About UsSolutionsInvestors

Contact

hello@wearecommonlight.compartners@wearecommonlight.comdemo@wearecommonlight.com

Denver, CO

© 2025 CommonLight Technologies. All rights reserved.

Privacy PolicyTerms of Service