Security & Compliance

Your patients' data is our highest priority.

NexV is built for compliance from the ground up. Every byte encrypted, every access logged, every regulation met.

HIPAA

Full HIPAA compliance with signed Business Associate Agreements for every customer.

BAA Available

SOC 2 Type II

Annual third-party audit of security controls, availability, and confidentiality.

Certified

Australian Privacy Principles

Full compliance with the Australian Privacy Act 1988 and all 13 APPs.

Compliant

End-to-End Encryption

AES-256 encryption at rest, TLS 1.3 in transit. Zero plain-text storage of PHI.

AES-256 / TLS 1.3

Data Residency

Choose US or Australian data centres. Patient data never leaves your selected region.

US & AU Available

Penetration Testing

Annual third-party penetration testing by independent security firms.

Annually Tested

How your data is protected.

Your Practice
Encrypted Transit (TLS 1.3)
AWS Infrastructure
AppSync API
DynamoDB (AES-256)
S3 Documents (SSE)
CloudTrail Audit
KMS Key Management

Enterprise-grade access controls.

Role-Based Access

6 roles × 19 operations, granular permissions matrix

Audit Logging

Every PHI access logged with timestamp, user, action, and IP

Session Management

Configurable session timeouts, forced re-authentication

Multi-Factor Authentication

TOTP and SMS-based MFA for all staff accounts

Need our security documentation?

We'll send you our SOC 2 report, HIPAA compliance guide, and data processing agreement.