Is AptixLabs HIPAA certified?

There is no official "HIPAA certification" body — HIPAA compliance is about controls and agreements, not a certificate. We implement the required safeguards (encryption, access controls, audit logging, BAAs) and can deploy into a customer-controlled environment. We are not yet SOC 2 certified, but our controls align with the SOC 2 trust principles and we document the path for partners who need it.

Yes, where we act as a business associate, and we ensure every downstream subprocessor that touches protected health information has a BAA in place too.

Can you support GDPR and India's DPDP Act as well as HIPAA?

Yes. We map every data category to a GDPR lawful basis and the corresponding DPDP Act 2023 clause, so the same app can serve US, EU and Indian users compliantly.

HIPAA-compliant app development

If your app touches health data, compliance is not a final-week checklist — it is an architecture decision you make on day one. We build health applications under a compliance-first posture so that handling protected health information is safe by default, not bolted on later.

Start a conversation

What's included

Data minimisation — the smallest viable PHI schema
Encryption at rest and in transit, centralised audit logging
Business Associate Agreements with every subprocessor that touches PHI
GDPR lawful-basis mapping and India DPDP Act 2023 alignment
Customer-owned Google Cloud project option with VPC Service Controls + CMEK
Quarterly access reviews and a documented path to SOC 2

Compliance-first architecture, not compliance theatre

We minimise personally identifiable health information to the smallest viable schema, encrypt it at rest with managed keys, and route every write that touches PHI through a single audited path so the trail is centralised and the rule surface stays small. The privacy policy maps every data category to a lawful basis under GDPR and a corresponding clause under India's DPDP Act 2023 — and we review that mapping quarterly, not just at launch.

A stronger posture when you need it

For clients who need maximum control, we deploy into a customer-owned Google Cloud project with VPC Service Controls and customer-managed encryption keys: you hold the keys, we hold the code, and either party can revoke access cleanly. We are honest about certification status — we run the controls today and document the gap to formal SOC 2 for any partner who needs it, rather than claiming a badge we do not yet hold.

Frequently asked

Is AptixLabs HIPAA certified?
There is no official "HIPAA certification" body — HIPAA compliance is about controls and agreements, not a certificate. We implement the required safeguards (encryption, access controls, audit logging, BAAs) and can deploy into a customer-controlled environment. We are not yet SOC 2 certified, but our controls align with the SOC 2 trust principles and we document the path for partners who need it.
Do you sign a BAA?
Yes, where we act as a business associate, and we ensure every downstream subprocessor that touches protected health information has a BAA in place too.
Can you support GDPR and India's DPDP Act as well as HIPAA?
Yes. We map every data category to a GDPR lawful basis and the corresponding DPDP Act 2023 clause, so the same app can serve US, EU and Indian users compliantly.

All services

Let's scope it.

A two-week fixed-scope diagnostic tells you the full cost and plan before you commit. Tell us what you're building.

How we price Start a conversation