Veteran Data Deserves Veteran-Grade Security.
Every byte of veteran data is protected by the same rigor we bring to preserving their stories. HIPAA-conscious architecture, end-to-end encryption, and a clear path to full compliance certification.
Transparent About Where We Stand.
HIPAA-Conscious Architecture
Built from the ground up with PHI protection in mind. Data encryption at rest and in transit, audit logging, and access controls aligned with HIPAA requirements.
SOC 2 Type II
Pursuing SOC 2 Type II certification for security, availability, and confidentiality trust service criteria. Expected completion in 2026.
State Licensing Compliance
Working toward compliance with state-specific assisted living and veteran care licensing requirements across all operational states.
Data Privacy by Default
No AI training on veteran data. Complete data portability and deletion capabilities. Veterans and families control their data at every step.
Defense in Depth.
End-to-End Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256). No plaintext PHI touches unencrypted storage at any point.
Role-Based Access Control
Granular permissions for facility staff, care teams, family members, and administrators. Every action is logged and auditable.
Audit Trail
Complete audit log of every data access, modification, and export. Immutable records maintained for compliance review and incident response.
Isolated Data Environments
Each VA facility's data is logically isolated. No cross-facility data access. Multi-tenant architecture with strict boundary enforcement.
Secure API Gateway
All API endpoints authenticated with short-lived tokens, rate-limited, and monitored. Webhook integrations use HMAC-SHA256 signatures.
Disaster Recovery
Automated backups with geographic redundancy. Recovery point objective (RPO) of 1 hour, recovery time objective (RTO) of 4 hours.
Common Security Questions.
Does KindredLink store Protected Health Information (PHI)?
Yes. Veteran life history, cognitive assessment data, and care metrics are treated as PHI. All storage and processing follows HIPAA-conscious practices with encryption, access controls, and audit logging.
Can veterans or families request data deletion?
Yes. Complete data deletion is available on request. Our nuclear delete function removes all veteran data, AI-generated content, and associated records. An auditable receipt is provided.
Is AI conversation data used to train models?
No. Veteran conversation data is never used for AI model training. It is used only to provide personalized experiences for that specific veteran.
How is data accessed by care teams?
Care teams access data through role-based dashboards. Each staff member sees only the data their role requires. All access is logged for audit purposes.